* About: Non-personal accounts


Service overview | Who can use it | How to request & access | Cost | Availability | FAQs | Best practices & policies | Training & documentation | Support and request forms

Target audience: 

This article is aimed at administrative support personnel and faculty administrators who need to manage non-personal accounts for their unit employees. It contains information that may also be pertinent to students who are employed at McGill on a temporary basis.

Service overview

A personal account is tied to an individual staff or faculty member (firstname.lastname@mcgill.ca), a student (firstname.lastname@mail.mcgill.ca), an administrator (shortname.srv@campus.mcgill.ca), a workstation (shortname.wrkstn@mcgill.ca) or an affiliate/ McGill Service Provider (MSP) (firstname.lastname@affiliate.mcgill.ca). Student workers, staff and faculty members are given @mcgill.ca usernames which can be used to manage access to McGill systems by leveraging Active Directory (AD) groups.


Students working in jobs at McGill with high turnover rates should still use their staff account/credentials. These accounts may be used to access the following:

Guests or individuals who do not have a working relationship with McGill can gain access via the Guest WiFi network: Signing into Guest WiFi.

Employees of a McGill vendor who need to connect to a McGill service should provide individual contacts and an affiliate/MSP account be requested.

Non-personal accounts include the following: 

  1. Shared mailboxes
  2. Room booking accounts
  3. uPrint shared accounts
  4. *Resource accounts

*Note: Until March 2023, the term “resource account” was a general term used to describe all types of non-personal accounts. As of March 2023, the provisioning of resource accounts has been discontinued.

announcement

NOTICE: Changes to resource accounts

As part of McGill’s ongoing efforts to strengthen our information security posture, in January 2023 the IT Services team conducted an analysis on the usage/creation of resource accounts and observed a significant increase. As many of these resource accounts are accessed using shared passwords, and cannot be secured with two-factor authentication, they pose a risk to McGill’s data, systems, and its community. We are now conducting a security review of all resource accounts with the goal of either converting each resource account to another type of non-personal account or deactivating it. As of March 2023, the provisioning of resource accounts has been discontinued.

 

Non-personal types of accounts: What are they and when to use them?

At McGill, non-personal accounts include shared mailboxes, room booking accounts, shared uPrint accounts, and resource accounts.

Account type

When to use it

How it works / features

Benefits and considerations

Shared mailbox

Shared mailboxes should be used when multiple individuals need to access a common email mailbox to send and receive email. Shared mailboxes are especially useful when requiring a single email address to represent a central unit. 

Example: The "IT Announcements" mailbox is used by a team of IT communications professionals to send email to the McGill community. 

Users log into Outlook using their own McGill username/password credentials, and configure their individual Outlook account to view/access the shared mailbox.

Permissions include:
Full access (to create calendar items, read, view change and delete messages),
Send As (the FROM name is the name on the mailbox), or
Send on Behalf (user can send email on behalf of the shared mailbox, e.g., “John Smith on behalf of Dean of Students".

Each user must have their own McGill email account.

The shared mailbox is accessible through the Outlook desktop and mobile applications, as well as Outlook on the web.

The mailbox sponsor can manage who has access to the shared mailbox using groups (via the Group Manager tool).

The shared mailbox does not require password management (as it is accessed via users' personal email accounts and not accessed directly).

Shared mailbox email addresses cannot be used as log in credentials. 

Room booking account

A room needs to be added to Outlook for scheduling meetings. 

For more information, consult Request a room booking account.

Depending on who you want to be able to book the room, permissions for groups or individuals can be set up via Active Directory groups. The permissions are configured by an IT System Administrator. 

Room booking accounts may be used to access Outlook bookings. 

uPrint shared account

A specific group accesses the uPrint service which links printing charges to a uPrint card and FOAPAL(s) 

This is a shared account that is associated to one or more FOAPAL(s) and the login is disabled by default on the uPrint card (password is waived). 

Students, staff, and faculty members should access uPrint with their own ID card and individual credentials unless there is a need for such a uPrint account. 

An example of when to use a uPrint shared account would be when research lab students are working for a specific research project that funds the printing costs (tied to a FOAPAL(s)).

Resource account 

As of March 2023, this type of account is no longer provisioned. 

 

 

Related services 

Who can use non-personal accounts

Non-personal accounts can be used by McGill students, faculty, staff, and affiliates. Requests for the creation of a non-personal account can only be made and sponsored by full-time McGill faculty and staff members.

Sponsoring a non-personal account

Any full-time McGill faculty or staff member who requests a non-personal account generally becomes the account’s primary sponsor and is therefore responsible for its management and use. See Best Practices and policies for details.

How to request & access the service

Full-time McGill faculty and staff can request resource accounts by filling out the relevant request form(s).

Cost

There is no cost associated with this service.

Availability

Requests for non-personal accounts will be processed during regular office hours (Monday to Friday, 9:00 a.m. to 5:00 p.m.). You will be contacted when the account has been created.

Access to McGill services is available 24 X 7, except during scheduled and unscheduled maintenance. Check the IT Services website for announcements regarding service interruptions.

 

Frequently asked questions

Why are resource accounts no longer being provisioned? 

Resource accounts will no longer be provisioned because they are inherently insecure. As this type requires users to share the same password, it therefore cannot be secured with Two-factor authentication (2FA). 2FA verifies your identity by using 2 authentication methods: Something you know (your password), and something you have (your mobile device, for example). Anyone logging in to an account is required to authenticate using a code sent to their own device. Therefore, this additional security cannot be applied to an account when a group of users share the same password. In our efforts to continually strengthen the security of McGill’s systems and resources, we are determining which resource accounts can be either deactivated or converted to shared mailboxes. 

Are some resource accounts more at risk than others? 

If a resource account accesses a system that manages the following data, it is more vulnerable to risk: 

  • Payment Card Industry (PCI) information, such as payment cardholder data (e.g., credit cards).
  • Personal Information (PI), (e.g., any element from student records, employee records, patient records, donor information, and personal health information) 
  • Personal Health Information (PHI): Personal information that relates to the health of a person (e.g., medical and/or pharmaceutical records)

What is an alternative to a resource account?

A shared mailbox is a more secure option because it requires each user to log in using their own username and password and can be secured with 2FA. For more information about shared mailboxes please consult the section Benefits of shared mailboxes in the IT Knowledge Base article  Converting a resource account with email to a shared mailbox.

I received an email advising that I am a sponsor of a non-personal account. I don't remember becoming a sponsor and I'm not aware of the account's purpose. What should I do?  

If you do not remember sponsoring this resource account, or if you are unsure about what action to take, please ask your supervisor, unit head, or local LAN Admin if they have any information.

Why did I receive multiple emails informing me that I am a resource account sponsor?    

If you are a sponsor of multiple resource accounts, you will receive one email/survey request per account. 

What happens to accounts that will be deactivated?   

If the account is no longer used, but the email functionality is still required, we can convert the account to a shared mailbox. The resource account will still be renewed every year, until you no longer need it. If you choose to delete or deactivate the account because it is no longer in use, the account will be expired, then deleted after 90 days.   

My resource account is going to be converted to a shared mailbox. Do I need to change anything where I published a link to this account/email address?  

No change is necessary on your part; the address of your account will not change after it has been converted to a shared mailbox.    

How do I decide whether to convert my resource account to a shared mailbox or not?   

To find out more about the differences between resource accounts and shared mailboxes, please consult the above section Types of non-personal accounts. 

 

Best practices & policies

Training and documentation

Consult the following for more information: 

Support and request forms