Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Access Management

Trusted Agent (TAG) Program Procedures

This article explains the Trusted Agent Program (TAG), associated duties, terms and definitions, and available administration tools.

Trusted Agent Duties

The Trusted Agent is a proxy for the Dean/Head of Department in this program and is responsible for providing account services under five options:

  1. Pre-Feed Accounts for Faculty and Staff
  2. Temporary Account Services for consultants and other non-University people who are engaged in the University's work
  3. Guest Network Access
  4. Extend
  5. Bridging

Pre-Feed Accounts for Faculty and Staff

This option provides advance account services to eligible faculty and staff, until authoritative information to verify official status is received from the University's Human Resources Management, Office of the Provost, or by agents of affiliated organizations.

Temporary Account Services for consultants and other non-University people who are engaged in the University's work

Under this option, temporary account services are created for individuals who are not eligible for permanent account services, but require them because they will carry out University business for or with the University.

Guest Network Access

This option provides short-term guest wireless network access to individuals or large groups of people. The Meeting ID system has been replaced by the new Guest Network system. As a Trusted Agent, you have the ability to sponsor wireless access accounts with no limits on the number of connected devices, meaning that all the members of your meeting/group/conference may use the same login and password to access the guest network. More information about using the Guest Network is available here.


The Extend function allows Trusted Agents to provide wireless and mail forwarding access to people whose formal affiliation with the University has ended but who need these services either to wrap up specific associations with the University or to continue them for a period of time. Examples of such associations include student-instructor course wrap-up coordination occurring after the end of an instructor's appointment and continuing an editorial role established with a uchicago email address. Extended services may be provided for up to ten years.


The Bridging Program provides continuous account services for academics who have less-than-full-year appointments but who are expected to return to continue their affiliation within three quarters. Note: Bridging services used to be handled by Departments submitting paperwork to the Provost’s Office.

Hull Account

Hull accounts are authentication-only accounts. They have no other services associated with them. They are used in cases where a person needs only to be able to authenticate to a departmental/divisional system. The ability to create Hull accounts is not automatically provisioned for Trusted Agents. If you believe that you need Hull services, please reach out to the TAG admin team at

Account Terms and Definitions

Available Account Services

  • Chalk authentication
  • Mail Forwarding
  • Email Account
  • Proxy Server (access to restricted Library databases from off campus)
  • VPN (Virtual Private Network)
  • Web Services (some)
  • Wireless Access
  • Pre-Feed and Bridging

TAG participants have access to all the services in the above list. Temporary TAG participants typically do not receive email accounts, although email accounts are available for Temporary TAG participants if you choose. Temporary TAG accounts also do not have access to restricted Library databases or to Pre-Feed or Bridging services. Extend participants will have access to the wireless network and mail forwarding. Meeting ID participants will have access to only the wireless network.

For information on how to use the Directory while you have a temporary account provisioned: see the article "Directory Access - Temporary Accounts (T-9s)."


The Chicago Network ID (CNetID) is a unique account name on the IT Services networking systems. It is used with a password to access most services. The Trusted Agent Program provides TAG participants with the ability to create their CNetIDs and passwords. CNetIDs are also used to access and authenticate to many services that are outside of IT Services. Participants will generally be set up automatically to access the services for which they are eligible.

The appearance of the CNetID is different for Pre-Feed and Temporary TAG services.

  1. Pre-Feed: Pre-feed TAG participants choose permanent CNetIDs. The CNetID is a three to sixteen character alphanumeric identifier. Faculty and Staff may self-create the CNetID at the CNetID web page. The CNetID will follow the faculty or staff member for life. It should, therefore, be chosen carefully. Name changes are not permitted.
  2. Temporary: These CNetIDs are unique and are selected by the recipient from a very limited set of choices. All Temporary accounts begin with "t-9 . . .," so Jane Doe might have "t-9janed" as her Temporary CNetID.

    The Temporary CNetID is denoted by the "t-" (t-dash) followed by a number (that number will typically be "9") followed by six (6) alphanumeric characters. Temporary account services recipients will see choices based on their name, for example, t-9janed for Jane Doe. Typically, these accounts expire after 90 days, and they must be renewed every 90 days.


The password must be at least twelve characters long and is claimed by the TAG participant. An alternative to the password is the passphrase. Passphrases are simple sentences that use length instead of complexity to make them secure. Passphrases at the University of Chicago must be at least nineteen characters long.

The password cannot be a dictionary word or proper name from any language, and should include three of these four character classes: numbers, letters, other characters, or capitalization. The password is set on the CNetID web page.

Q&A (Question and Answer)

The Q&A is an identifier that allows TAG participant to change her CNetID password if she has forgotten the current password. Once the TAG Participant creates her account, she may update the Q&A from the CNetID web page at any time.

Email Account

In some cases, individuals who receive Temporary TAG services need email accounts in addition to network and other sorts of access. The University has a Microsoft Exchange environment, which provides email, calendaring, and functionality for internet-enabled mobile devices. This service, xMail, uses Microsoft Outlook or a web-based xMail client for email.

Email Creation

Permanent Accounts: Faculty and staff email accounts are automatically created during the CNetID creation process. Permanent (Pre-feed) email addresses look like by default.

Temporary Accounts: When a Trusted Agent enters the information on a new TAG Participant, the Trusted Agent chooses whether a TAG Participant requires email storage services. By default, all temporary accounts are configured for email forwarding. Email addresses for Temporary accounts look like by default.

Email Aliases: Users may choose up to five email aliases that can be used in addition to their default email address.

Email Forwarding

Email forwarding is a service that permits users to forward their email to other campus email servers or to outside email providers, such as a consultant's business email address, or Gmail email account.

Pre-Feed Accounts: TAG participants may wish to set up email forwarding if they are employed by a department, division, or school that maintains its own email server and they wish to read email from only one account. Email forwarding from the IT Services account to another account can be set up on the web. Instructions are available here: ITS Email Services.

When email forwarding is in effect, email is forwarded directly to the specified external email server--no email is stored on our email servers. Pre-feed participants from departments that provide email may choose to maintain two separate email accounts: the IT Services account and their departmental account. However, in order to access the departmental account using xMail, the user must forward the department account to the IT Services account. Questions about forwarding email from a departmental account to the IT Services account should be addressed to the departmental support services. For additional support on email forwarding from the IT Services account, contact the IT Services Service Desk, or get walk-in help at the TECHB@R on the first floor of Regenstein Library during reference desk hours.

Temporary Accounts: All Temporary Account recipients may choose to establish mail forwarding if they wish. In order to establish mail forwarding, all TAG participants must have a working email address to which the mail that is sent to their mail forwarding address can be received.

Bridging Accounts: Bridging account participants have full account services including email forwarding, should they wish to use it.

Extend Accounts: All Extended accounts have email forwarding but cannot store email on University email servers. Extend participants must forward their email to a viable account in order to receive their forwarded email.

Account Administration Tools

Networking Services and Information Technologies Administrative Account Management System (NSITAAMS)

The original tool used for TAG account administration management is the Networking Services Information Technologies Administrative Account Management System (NSITAAMS or AAMS) web page. To access AAMS, you will need to enter your CNetID and password. If you have problems accessing AAMS, send email to

TAG Account Creation Screen

From the AAMS screen you may perform five functions:

  1. Lookup Account Information: Look up information for currently eligible people (regular University members coming through the HRM, Provost's Office, or Registrar's Office data systems) or current TAG account holders. Note that an individual's account information is visible during a query on this screen only when the account holder has already received account services through normal channels. Therefore, an individual found in this search is not a new TAG candidate.
  2. Add Temporary User: This option allows you to create Temporary Accounts that will permit the TAG Participant account services. You may opt to allow the Temp account holder to have network access only or network access and email.
  3. View What We Have Done: This field lists all the current (non-expired) TAG recipients that the Trusted Agents for one department or division have created. A Trusted Agent may extend account services for a TAG recipient that was created by anyone in the Trusted Agent's department or division.
  4. View What Has Expired: This field displays all the expired accounts authorized by the department's or division's Trusted Agents. This field is provided for your bookkeeping convenience.
  5. View All Trusted Agents: This field displays the CNetIDs and departmental information for all Trusted Agents. The TAG website also provides a Trusted Agents List.


The following functions are performed from the UCAT system:

  1. Employee Prefeed: Prefeed accounts for incoming faculty and staff members so they are able to claim their CNetIDs as soon as they arrive on campus or even before.
  2. Bridge an Account: Bridge account services for a faculty member or other academic appointee from one appointment to the next.
  3. Extend an Account: Extend email forwarding and wireless access for a staff or faculty member or other academic appointee after they have left the University.

Guest Wireless Sponsor Portal

The tool used to create Guest Accounts for wireless access. It can be accessed at Guest Wireless Sponsor Portal. More information on using this site is available in the article Create a Guest Account.

CNetID Website (Account Creation)

The tool used by users to create accounts and/or change passwords or their Q&A is the Networking Services & Information Technologies User Account Management System (NSITUAMS), which you can access using the CNetID website. You may use CNetID website to create a CNetID, changing your CNetID password, or change you security question.

Frequently Used Phone Numbers and Email Addresses

Contact Phone Number Email address

TAG Support

Trusted Agent mailing list (Trusted Agents and TAG support staff)

TAG Administrative Team

N/A (all TAG agents and support staff team) (the TAG support staff team)

Alumni Email Forwarding 877-292-3945
IT Services Service Desk 702-5800 (2-5800)
IT Security 4-CERT (4-2378)

Keywords:temporary, cnet, cnetid, authentication, prefeed, meeting, id, exception, wireless, access   Doc ID:19424
Owner:Astrid F.Group:University of Chicago
Created:2011-08-02 19:00 CDTUpdated:2017-04-25 14:28 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  0   0