APU NetID Guidelines
Background
It is increasingly important that identifiers be made coherent and consistent throughout the enterprise. Many systems use different names for the primary identifier used along with a password to authenticate access to a resource (Login, Logon, Username, Name, UserID etc.). When APU started providing central authentication services, which coincided with the release of the üdeupa portal, we established "üdeupa username and password" as the name of this identifier. With the portal name change, we realize that we need a way to refer to an APU Network Account independent from a particular service. For this reason, as well a desire to adopt higher education standards, we are renaming these identifiers.
Summary
The Central Authentication Service requires an APU Network Account consisting of an APU NetID & Password to verify identity. Any system which makes use of the APU Central Authentication Service, should use "APU Network Account" to refer to the account. "APU NetID" should be used to describe the principle identifier. "APU Network Password" is used to refer to the password explicity if needed. Systems that have the capability of modifying the prompting for these identifiers, should be changed. Over time, all user documentation and communication should be updated as well. We should no longer refer to "Windows Login, or "APU Domain Login", but should use the term "APU NetID".
Change Matrix
| Old Title | New Title |
| üdeupa Account | APU Network Account |
| üdeupa Username | APU NetID |
| üdeupa Password | APU Network Password |
| üdeupa Username & Password | APU NetID & Password |
Use Cases
- Centrally Authenticated Services:
Any service which authenticates against APU Central Authentication Services should state that the service requires an "APU Network Account. Alternately, "APU NetID" may be used to specify the credentials required for a particular service. If password is not explicity stated, APU Network Password is implied by association.
This service requires an APU Network Account. or Anyone with an APU NetID may use this service.
- Referring to the APU Network Credentials together:
APU NetID & Password or APU NetID and Password
- Referring to the APU Network Credentials explicitly:
APU NetID APU Network Password
- On Login Screens:
APU NetID: ______________ Password: ______________ or APU NetID: ______________ Password: ______________
- Non-Centrally Authenticated Services:
Systems which do not authenticate against the APU Central Authentication Service, should refer to their credentials by the name of their system. Example:
IFAS Username and IFAS Password
Even if a system's initial username has the same value as the APU NetID, it should not continue to be referred to as APU NetID. Equivalent value is not equivalent title. For example: If a user was activating their account a new system which pre-populated usernames to match APU NetID, they could include the following instructions on first login: "Your IFAS Username is the same as your APU NetID, please select a password." Future logins however, should prompt for "IFAS Username" not "APU NetID". Once exception to this, is a service which may require an APU NetID, but not prompt for a password. Such a service, can continue to prompt for APU NetID. (current example: Link+ Library Loan Service)
Notes
The APU Central Authentication Service does not exclusively refer to our implementation of Yale's CAS, an Open Source application for web authentication. APU CAS refers to the centralized authentication services provided by IMT in order to verify identity of users of primary network resources, portal and workstation access etc. APU CAS is supported by IMT's Identity Management infrastructure, consisting of Microsoft's Active Directory and OpenLDAP.
