* About: Identity and access management


Service overview | Who can use it | How to request & access | Cost | Availability | FAQs | Best practices & policies | Training & documentation | Support

Service overview

McGill IT Services provides students, faculty, staff, affiliates and external service providers with unique identifying credentials and manages their permissions to access IT-related software and systems, based on their roles and responsibilities.


Credentials

Credentials are used to validate your identity when logging into systems. The two primary credentials managed by IT services include:


Two-factor authentication (also known as 2FA)

2FA is a security feature that requires users to verify their identity by acknowledging a notification or entering a code sent to a mobile device, such as a smart phone. For more details on 2FA, see Two-Factor Authentication (2FA) and Self-Service Password Reset (SSPR)


Permissions

Also called “entitlements”, permissions are managed through systems, such as Banner and Active Directory, which map individuals to specific groups and/or roles. With AD groups, all members of a group can be granted similar permissions without having to map each user individually.


Authentication services

Authentication services, such as Shibboleth, CAS and Azure, act as brokers between various applications (e.g. myCourses, Office 365, Wireless network and VPN) and Active Directory and Banner.

For example, when you sign into myCourses, the Shibboleth authentication service relays information from Banner about your role and registered courses so that myCourses knows what courses and content you may access, and whether you are a student, instructor, TA or staff member.


Who can use it

For students, your access and permissions are automated and triggered by changes to your status in Banner.

For employees, your access and permissions are automated and triggered by information from Human Resources.


How to request & access the service

New students

When you confirm your acceptance to McGill, your McGill Username and Short Username are created, along with an Office 365 Exchange mailbox. Notification about your McGill email address and McGill Username is sent to the email address you provided in your application.

The notification email will provide instructions on how to sign into McGill’s Office 365 portal, set up your McGill Password,  Two-Factor Authentication, and access your mailbox.

Returning students

Your McGill Username, Short Username and McGill Password will remain the same as last year. If your access to McGill services has been suspended (due to time elapsed between studies), your access privileges will be reinstated when you register for classes (you can still access Minerva).

New faculty and staff

Your McGill Username and Short Username are created automatically once all required information has been received from McGill's Human Resource system, Workday.

Notification about your McGill email address and McGill Username is sent to the email address you gave to Human Resources.

The notification email will provide instructions on how to sign into McGill’s Office 365 portal, set up your McGill Password,  Two-Factor Authentication, and access your mailbox.

Visitors and affiliates

A sponsor who is a full-time McGill faculty or staff member can request a McGill Username for you by submitting the Create affiliate account request form.

Dual account holders

If you have a staff or student Username, and your status changes so you are given a second Username, the McGill Password of your first Username does not automatically apply to your second Username.

You need to set up/change your McGill Password, for each Username separately. Think of them as two “sets” of credentials.

For example:

  • If you are a student and recently became a staff member, you will need to change your McGill Password before you can use your staff @mcgill.ca Username.
  • If you are a staff member and obtained a student Username because you just enrolled in a course, you will need to change your McGill Password before you can use your student @mail.mcgill.ca Username.
  • Both your Usernames can have the same Password, but you need to manage them individually to keep them in sync.

 

important

SPECIAL CASES:

In the following case, account termination needs to be initiated by a supervisor or Human Resources:

  • Termination of an employee:
    When an Employee leaves McGill a limited grace period is provided before the person’s accounts and access are terminated. Under circumstances where it is important to restrict access sooner, the Human Resources person handling the termination should notify the IT Service Desk.


Cost

There is no cost to associated with this service.

 


Availability

Requests for changes to access are handled during regular business hours. See the opening hours for the IT Service Desk.


Frequently asked questions


Best practices & policies


Training & documentation

Not applicable


Support

Students:

Faculty and staff: