This is the standard operating procedure for RACF password resets. Customer specific information is displayed in a brown font for quick reference. The entire workflow and related information are also provided in order to help ensure that the entire process is understood.
- March 21, 2007, changed SLA Standard Response Times after conferring with FO/AOs at their 3/21 meeting.
- February 2, 2007, simplified and clarified language
Service Level Agreement (SLA)
- Response time: targeted maximum of next business day turnaround for standard requests.
- Business hours: Monday through Friday, 8:00 AM to 10:00 PM, except State holidays.
- Emergency requests: provisions have been made for emergency requests outside of business hours and for rush requests during business hours. Emergency requests should only be used when immediate access to the system is essential for operational processing. Please plan ahead and check to see if your password is working during normal business hours. This is far more efficient than paging staff that are currently not on duty, away for meetings, etc. Note that escalation is not currently supported during State holidays.
- Security: authorization and verification protocol using @hawaii.edu email established to assure customers that new practices are secure and resistant to social engineering
- Confirmation email: A confirmation email will be sent to the customer and to the racf-reset email account containing:
- temporary password
- instructions on how to contact racf-reset administrators during normal business hours and ITOC after normal business hours, in the event that there are questions
- password rules or a link to them
- Restrictions: All email correspondence *must* be from and to customer's @hawaii.edu email address. Use of any other email address may result in substantial delays because we will *not* exchange sensitive information to email addresses that are not the appropriate @hawaii.edu email address. This is required in order to protect our customers from spoofing. It is very easy to create a gmail account for example and spoof a person's identity.
- Customer: owner of a RACF account
- ID Manager: ITS staff providing RACF account resets. ITS System Services APC staff, System Administrators and select DLUS User Services staff are available for this role.
- ITOC: ITS staff providing after hours support for escalation. Note that ITOC staff currently do not provide initial support, only escalation support.
- Passwords must conform to specifications defined in UH Executive Policy E2.210.
- General guidelines:
- must be 6 to 8 characters in length
- must begin with an alphabetic character
- must not match an existing RACF UserID or GroupName
- only "national" characters ($, @, #) allowed
- Additional password rules:
- expire every 254 days
- The last 7 passwords are remembered and may not be re-used
- Note: system generated passwords are 7 characters long
Standard Request Procedure
- Customer: Send an email via an @hawaii.edu email accounts to firstname.lastname@example.org. Email must include:
- RACF ID to be reset, note that the sender's email address and RACF ID must both be assigned to the same person in order for the request to be considered authenticated. If it is not possible to authenticate via this mechanism, fiscal personnel will have to contact Fiscal Services and HR personnel will have to contact the HR hotline.
- Phone number in case the ID Manager needs to follow up.
- ID Manager: respond to racf-reset list confirming that the request has been picked up.
- APC to pick up the request within 8 business hours, if this does not happen,
- User Services to pick up after 8 business hours have passed.
- ID Manager: Authenticate UH Username and RACF ID Match
- If authentication fails
- email Customer recommendation to contact Fiscal Services or HR hotline, as appropriate, and take no further action.
- inform racf-reset list that the request could not be completed and was referred to Fiscal Services or the HR hotline.
- ID Manager: Reset (create new temporary) password and email customer the temp password
- Note that passwords are *not* shared via phone in order to prevent social engineering compromises.
- Also note that the racf-id and the new password should not be sent together in the same mail.
- ID Manager: respond to racf-reset list confirming that the request has been completed.
- Customer: as soon as possible, obtain and reset temporary password
- Temporary passwords may only be used one time.
- In the event of technical difficulty, email racf-reset for assistance.
Emergency Request Procedure
- Customer: First, follows the Standard Request Procedure above so that the request is placed in queue.
- Customer: Second, calls ITOC at (808) 956-2393 and requests "Emergency Assistance with a RACF Password Reset."
- ITOC: obtains customer information (UH Username, racf id, phone number) logs request creating a ticket number.
- ITOC: requests that customer to submit the request using the Standard Request Procedure above if these steps have not already been done and informs that customer that an ID Manager will be notified of the request.
- ITOC: locates an ID Manager using the Emergency Request Escalation Procedure (http://www.hawaii.edu/its/wiki/x/PSQ) and passes on the customer information and the ticket number of the request.
- ID Manager: response asap (see SLA above) and processes the emergency request using the Standard Request Procedure and with the ticket number closes the request.