The eToken management system is designed to give departments and divisions increased control and visibility. This document provides an overview of what that entails from a department’s point of view through the use of examples.
Department A has five administrative staff. Two people require access to AMS SAP, two people require access to ROSI via Host Explorer and ROSI Express, and one person requires DB2 access via Rocketshuttle. All the staff currently possess SecurID cards for this purpose.
Department A’s business manager will receive notice that the five staff have SecurID cards that will expire and that they must be replaced by eTokens. The business manager needs to select one or two staff people to be eToken Department Admins (DA) to assign and un-assign eTokens for their staff. The DAs will receive eTokens with specific access rights to assign tokens for other people. Department IT staff will begin to install the necessary client software and Information Security staff (ISEA) will arrange for the issuance of the eToken Departmental Admin (DA) eToken and for some on-site training.
On completion, the DA will be able to issue tokens for their 5 staff using the SAM web application.
If a new staff member joins the department, the DA would use a blank eToken from their on-hand supply and issue it using the SAM web application.
If a staff member leaves the employ of the University, the DA would retrieve the eToken and un-assign it using SAM.
If a staff member changes positions within the University, they can carry their eToken to their new position.
Note that the process for applying for access to AMS or ROSI applications for staff does not change.
IT staff can assist with the installation and configuration of the client software required for the eToken. This includes:
A staff person who needs access to AMS SAP from Department A has received their new eToken from their DA. They have changed the password on the eToken at the time it was given to them by the DA. They connect the eToken to their desktop, start the Cisco tunnel, type in their eToken password when prompted, then start up the SAP program. If they need to run ROSI by Host Explorer at the same time, they can do so.
If the staff member works from home, and forgets to bring the eToken to work, they must go to the DA who will issue a new eToken and unassign the old one. The staff person should give the unassigned eToken to the DA for re-use.
If the staff member sees a popup ‘Certificate due to expire’, then they can clieck to renew the certificate if they are using a Windows desktop configured correctly. If they are using a MacOSX or Linux desktop, they will be notified via email of impending certificate expiry. They will need to use a Windows desktop or go to their DA for assistance on certificate renewal.