Rice University Guest Account Process


Overview

The Rice Sponsored Guest Account Application is used to obtain and manage time limited account credentials for non-Rice people who are working with Rice faculty and staff.

Typical examples of guests are:

  • Collaborators
  • Contractors
  • Docents
  • Volunteers
  • Consultants
  • Vendor Support

Sponsors

Faculty and staff can sponsor a guest account (authentication credential) for non-Rice people who are affiliated with their departments or projects and have legitimate business or academic needs to access certain restricted resources at Rice while adhering to the Rice Appropriate Use Policy. Faculty, Staff and Guests are allowed only one personal authentication credential (NetID). Rice Faculty and Staff are not allowed a second Netid and are not allowed to sponsor themselves for a guest account. By approving the request for a guest account, the faculty or staff member becomes a sponsor and agrees to the following:

The sponsor will take responsibility for the account sponsorship of the guest and management of that sponsored credential.

The sponsor will also indicate a secondary contact to receive emails regarding account expirations.

The sponsor will resolve the remediation of any existing active sponsored accounts upon leaving the institution.

The sponsor and thier guest will be required to provide accurate and valid information contact information for each guest during the account application process.

Faculty and Staff may NOT sponsor a guest on behalf of another Faculty or Staff.

Account Creation

In general, the process may require up to 24 hours to complete. Guests and their sponsors are notified via email when their accounts are ready; see Notifications below ...

Guest Accounts

The guest account will allow the guest to logon to the network or to network accessible resources as a *guest* member of the institution. Guests May be Authorized to any central Rice services that are applicable to guests. Access to some services MAY require the Guest to provide additional Identity information to the system stewards which falls outside of the guest account process management. Access to the Apply Service for account and password management and the Rice portal are the only default services granted to guests with a sponsored credential. Other services available to guests include: Active Directory, Computing Labs, Subversion, Sakai, Wiki, Blogs, VPN and some Plone services. Email, printing, backup and file storage are university subsidized services that are not available to guests.

A netid (authentication credential) will be created by the Rice central authentication system upon success completion of the guest process. Guest requesters must initiate the request by visiting the guest request page and filling out the guest request form. Upon completion and submission of the form, the identified guest sponsor will receive an email of a pending sponsor request with a URL to the guest approval page. The sponsor can choose to sponsor the guest or deny the request. Sponsor's should never approve a guest request without personal knowledge of the requester. If no action is taken, the request will expire. When the guest process completes successfully, a Netid is created for the guest which is a persistent identifier that Rice will never expunge. Should a guest be re-sponsored over time, they will receive the same logon credential but with a different password. The guest Netid credential remains the property of Rice University and the issuance does not infer any legal rights of the guest regarding data access or authorization to any data that may be accessible by the credential.

While using the Rice network, autheticating with a Rice Guest account and accessing Rice computing resources, the guest agrees to follow University policies including the Appropriate Use of Computer Resources, Policy 832-99. Inappropriate or malicious behavior will result in account termination and possibly legal action.

Access to other campus applications that can leverage a Rice NetID for authentication must be negotiated with the administrators of those applications. and may require the Guest to provide additional identity information.

While IT does not allow people to update their information in our LDAP directly. IT MAY require that the guest provide some additional accurate vetting information so that we can uniquely identify them in our systems. Information such as DOB,Place of Birth, Passport number, Drivers license number and location of issue could be requested if there is a conflict with an identity that exists in the system. All PII data collected in the processes for creating the credential are treated as confidential and sensitive data and are used only for identification.

Notifications

Sponsors will receive automated email regarding guest status 30 days prior to the expiration date of the guest's credential status. Sponsors receive automated email on a guest request and upon approval of a guest request. These are performed as a security measure to ensure that a sponsor's account has not been compromised. Guest recieve an email confirmation of submittal and approval.

Term of Accounts

The term of accounts is one year or less as specified by the sponsor. The account may be renewed by the sponsoring faculty or staff member at the end of the term. If the account is not renewed, At the end of 1 year from sponsorship, the account will be automatically disabled. Account expiration implies that the password is changed and the credential is mark inactive in the directory).