Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Access Management
Trusted Agent (TAG) Program Handbook
This article explains the Trusted Agent Program (TAG), associated duties, terms and definitions, and available administration tools.
Trusted Agent Duties
The Trusted Agent is a proxy for the Dean/Head of Department in this program and is responsible for providing account services under five options:
Option 1 - Pre-Feed Accounts for Faculty and Staff
This option provides advance account services to eligible faculty and staff, until authoritative information to verify official status is received from the University's Human Resources Management, Office of the Provost, or by agents of affiliated organizations.
Option 2 - Temporary Account Services for consultants and other non-University people who are engaged in the University's work
Under this option, temporary account services are created for individuals who are not eligible for permanent account services, but require them because they will carry out University business for/with the University.
Individuals who fit into Option 2, but who require services beyond the program's time allotment, may not necessarily receive services through the TAG Program. These cases will be reviewed on an ad hoc basis. Such cases should be brought to the attention of the TAG Program Administrative Group at firstname.lastname@example.org. The TAG Program Policy and Procedures are located on the web at http://tag.uchicago.edu/.
Option 3 - Guest Network Access
This option provides short-term guest wireless network access to individuals or large groups of people. The Meeting ID system has been replaced by the new Guest Network system. As a Trusted Agent, you have the ability to sponsor wireless access accounts with no limits on the number of connected devices, meaning that all the members of your meeting/group/conference may use the same login and password to access the guest network. More information about using the Guest Network is available here.
Option 4 - Extend
The Extend function allows Trusted Agents to provide wireless and mail forwarding access to people whose formal affiliation with the University has ended but who need these services either to wrap up specific associations with the University or to continue them for a period of time. Examples of such associations include student-instructor course wrap-up coordination occurring after the end of an instructor's appointment and continuing an editorial role established with a uchicago email address. Extended services may be provided for up to ten (10) years.
Option 5 - Bridging
The Bridging Program provides continuous account services for academics who have less-than-full-year appointments but who are expected to return to continue their affiliation within three quarters (this used to be handled by Departments submitting paperwork to the Provost’s Office).
Account Terms and Definitions
- Chalk authentication
- Mail Forwarding
- Email Account
- Proxy Server (access to restricted Library databases from off campus)
- VPN (Virtual Private Network)
- Web Services (some)
- Wireless Access
- Pre-Feed and Bridging
TAG Participants have access to all the services in the above list. Temporary TAG Participants typically do not receive email accounts, although email accounts are available for Temporary TAG Participants if you choose. Temporary TAG accounts also do not have access to restricted Library databases or to Pre-Feed or Bridging services. Extend participants will have access to the wireless network and mail forwarding. Meeting ID Participants will have access to only the wireless network.
For information on how to use the Directory while you have a temporary account provisioned, see: "Directory Access - Temporary Accounts (T-9s)."
The CNetID (Chicago Network ID) is a unique account name on the IT Services networking systems. It is used with a password to access most services. The Trusted Agent Program provides TAG Participants with the ability to create their CNetIDs and passwords. CNetIDs are also used to access and authenticate to many services that are outside of IT Services. Participants will generally be set up automatically to access the services for which they are eligible.
The appearance of the CNetID is different for Pre-Feed and Temporary TAG services.
- Pre-Feed - Pre-feed TAG participants choose permanent CNetIDs. The CNetID is a three to sixteen (3-16) character alphanumeric identifier. Faculty and Staff may self-create the CNetID from the CNet web page (http://cnet.uchicago.edu). The CNetID will follow the faculty or staff member for life. It should, therefore, be chosen carefully. Name changes are not permitted.
- Temporary - These CNetIDs are unique and are selected by the recipient from a very limited set of choices. All Temporary accounts begin with "t-9 . . .," so Jane Doe might have "t-9janed" as her Temporary CNetID.
The Temporary CNetID is denoted by the "t-" (t-dash) followed by a number (that number will typically be "9") followed by six (6) alphanumeric characters. Temporary account services recipients will see choices based on their name, e.g., "t-9janed" for Jane Doe. Typically, these accounts expire after 90 days, and they must be renewed every 90 days.
The password must be at least twelve (12) characters in length and is claimed by the TAG Participant. An alternative to the password is the passphrase. Passphrases are simple sentences that use length instead of complexity to make them secure. Passphrases at the University of Chicago must be at least nineteen (19) characters.
The password cannot be a dictionary word or proper name from any language, and should include three character classes (numbers, letters, other characters, capitalization). The password is set on the CNet web page (http://cnet.uchicago.edu/).
The Q&A is an identifier that allows a TAG Participant to change her CNet password if she has forgotten the current password. Once the TAG Participant creates her account, she may update the Q&A from the CNet web page at any time.
In some cases, individuals who receive Temporary TAG services need email accounts in addition to network and other sorts of access. The University has a Microsoft Exchange environment, which provides email, calendaring, and functionality for internet-enabled mobile devices. This service, xMail, uses Microsoft Outlook or a web-based xMail client for email.
Permanent Accounts - Faculty and staff email accounts are automatically created during the CNetID creation process. Permanent (Pre-feed) email addresses look like CNetID@uchicago.edu by default.
Temporary Accounts - When a Trusted Agent enters the information on a new TAG Participant, the Trusted Agent chooses whether a TAG Participant requires email storage services. By default all temporary accounts receive the ability to forward email. Email addresses for Temporary accounts look like email@example.com by default.
Email Aliases - Users may choose up to five email aliases that can be used in addition to their default email address.
Email forwarding is a service that permits users to forward the @uchicago.edu email to other campus email servers or to outside email providers, such as a consultant's business email address, or Gmail email account.
Pre-Feed Accounts- TAG Participants may wish to set up email forwarding if they are employed by a department, division, or school that maintains its own email server and they wish to read email from only one account. Email forwarding from the IT Services account to another account can be set up on the web. Instructions are available here: http://itservices.uchicago.edu/services/email/.
When email forwarding is in effect, email is forwarded directly to the specified external email server--no email is stored on our email servers. Pre-feed participants from departments that provide email may choose to maintain two separate email accounts: the IT Services account and their departmental account. However, in order to access the departmental account using xMail, the user must forward the department account to the IT Services account. Questions about forwarding email from a departmental account to the IT Services account should be addressed to the departmental support services. For additional support on email forwarding from the IT Services account, contact the IT Services Service Desk, or get walk-in help at the TECHB@R on the first floor of Regenstein Library during reference desk hours.
Temporary Accounts - All Temporary Account recipients may choose to establish mail forwarding if they wish. In order to establish mail forwarding, all TAG Participants must have a working email address to which the mail that is sent to their CNetID@uchicago.edu mail forwarding address can be received.
Bridging Accounts – Bridging account participants have full account services including email forwarding, should they wish to use it.
Extend Accounts – All Extended accounts have email forwarding but cannot store email on University email servers. Extend participants must forward their email to a viable account in order to receive their forwarded email.
Account Administration Tools
Networking Services and Information Technologies Administrative Account Management System (NSITAAMS)
The original tool used for TAG account administration management is the Networking Services Information Technologies Administrative Account Management System (NSITAAMS or AAMS) web page. To access AAMS, you will need to enter your CNetID and password. If you have problems accessing AAMS, send email to firstname.lastname@example.org.
From the AAMS screen you may perform five functions:
- Lookup Account Information: Look up information for currently eligible people (people who are regular University members and come through the HRM, Provost's Office, or Registrar's Office data systems) and/or current TAG account holders. Note that an individual's account information is visible during a query on this screen only when the account holder has already received account services through normal channels. Therefore, an individual that is found in this search is not a new TAG candidate.
- Add Temporary User: This option allows you to create Temporary Accounts that will permit the TAG Participant account services. You may opt to allow the Temp account holder to have network access only or network access and email.
- View What We Have Done: This field lists all the current (non-expired) TAG recipients that the Trusted Agents for one department or division have created A Trusted Agent may extend account services for a TAG recipient that was created by anyone in the Trusted Agent's department or division.
- View What Has Expired: This field displays all the expired accounts that the department's or division's Trusted Agents authorized. This field is primarily for your bookkeeping.
- View All Trusted Agents: This field displays the CNetIDs and departmental information for all the Trusted Agents. The TAG website has the same listing of Trusted Agents: http://itservices.uchicago.edu/page/trusted-agents-list
The new TAG tool, UCAT, will eventually replace the AAMS system. For now, the following functions are performed from the UCAT system:
- Employee Prefeed: Prefeed accounts for incoming faculty and staff members so they are able to claim their CNetIDs as soon as they arrive on campus or even before.
- Bridge an Account: Bridge account services for a faculty member or other academic appointee from one appointment to the next.
- Extend an Account: Extend email forwarding and wireless access for a staff or faculty member or other academic appointee after they have left the University.
Guest Wireless Sponsor Portal
CNet Website (Account Creation)
The tool used by users to create accounts and/or change passwords or their Q&A is the Networking Services & Information Technologies User Account Management System (NSITUAMS), often called the CNet website. It is located at: https://cnet.uchicago.edu/. The CNet website is used, among other things, to carry out these tasks: creating the CNetID; changing the CNetID password; and changing the question and answer pair.
Frequently Used Phone Numbers & Email Addresses
Trusted Agent mailing list (Trusted Agents and TAG support staff)
TAG Administrative Team
email@example.com (all TAG agents and support staff team)
firstname.lastname@example.org (the TAG support staff team)
Alumni Email Forwarding
IT Services Service Desk