Account Management System for End Users

Verified

Added on 2023/01/20

AI Summary

This document provides information about the new Account Management System for end users at CERN. The system aims to simplify and standardize account management, allowing users to create, manage, and transfer accounts easily through a self-service web portal. It also outlines the process for creating accounts for newcomers, security requirements, and actions to be taken before user departure. Help and documentation are available on the Account Management Web Portal.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

The new Account Management System
Information for End Users
CERN – IT/OIS – October 2010
Objective
To simplify and standardize account management at CERN, better differentiate Identity, Authentication and
Authorization, the lifecycle of identities, accounts and associated computing resources throughout the user’s
activity at CERN.
What is changing?
In November, the current management system called CRA is replaced by a new self-service tool available on a
Web Portal: http://www.cern.ch/account.
The End-Users manage themselves their accounts and resources through the Web Portal. Intervention of
group administrators, supervisors and team leaders is minimized to a set of specific actions. Any action not
available in the Web portal can be completed by contacting the Service Desk (phone 77777 or mail service-
desk@cern.ch).
Creating accounts for newcomers
Contacting a “Group Administrator” to create an account upon arrival will not be necessary anymore. When a
newcomer arrives at CERN, an account, called the Primary Account, has already been created for him or her.
Users shall only contact by phone the ServiceDesk to enable the account (obtain login and initial password).
Note, however, that to access some specific resources such as AFS, the newcomer’s account must be added to
a specific Computing E-Group (see Computing Group Administration below).
Security Quiz and Computing Rules
The user must follow the Security Quiz and sign the acceptance of computing rules document on the SIR portal
(Safety Information Registration http://sir.cern.ch) within 5 days from the Primary account enabling (start of
the contract). The account will be blocked if this is not completed within the time limit.
Self-service creation of new accounts
Users can create new accounts by themselves. New accounts can be defined as Secondary (e.g. test or
administrative account: no mailbox, not transferrable) or Service (e.g. a login for a software or a service, with a
mailbox of its own, can be assigned to another person).
User Departure
Two months before a user’s contract with CERN terminates, the user and his supervisor will receive a mail
notification. When the user leaves CERN, his Primary and Secondary accounts are disabled, all his static E-
Groups memberships are deleted. Service accounts are transferred to the user’s supervisor. After a grace
period of 6 months, Primary and Secondary accounts are deleted. The grace period allows recovery if the user
gets a new contract (e.g. affiliation renewal).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

A single Web Portal for all central account operations
http://www.cern.ch/account
The typical user actions throughout his or her stay at CERN are:
1. Retrieve and enable his or her Primary Account, by contacting the ServiceDesk.
a. Connect to the Web Portal http://www.cern.ch/account with the credentials provided by the
ServiceDesk
b. Immediately change the password to a strong, long and personal password.
c. Follow the security course and sign the computing rules.
d. Provide an external email address to allow a separate communication feed if needed.
2. Check ‘Applications and Resources’ authorizations on the Web Portal to manage and subscribe to
various central services if needed (AFS, LXPLUS, etc.).
3. Check ‘Manage my accounts’ to:
a. Create if needed Secondary accounts that are personal, and can be used for specific access
rights or alternate privileges. Secondary accounts will end with the user’s CERN activity.
b. Create if needed Service accounts that can be used to run and operate specific services.
Service accounts can be transferred to other users, and should be used if their lifetime is
supposed to last longer that the user’s CERN activity.
4. If the user is a supervisor, the ‘Supervised persons’ tools will help managing the supervisees’
accounts.
5. Before departure:
a. The user should reassign his or her Service accounts to the appropriate replacement person
through the ‘Manage my accounts’ tools.
b. The user must provide an external email address if not yet done, to ensure communication
and authentication continuity.
Help and Documentation
Extended Help, Documentation and the latest version of this document can be found on the Account
Management Web Portal: http://www.cern.ch/account .
Further assistance is available via the Service Desk (phone 77777 or mail service-desk@cern.ch) if required.

1 out of 2

Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support