Page tree
Skip to end of metadata
Go to start of metadata

Overview

This section provides details about the MyAccess Guest Account Management System. The Guest Account Management System allows authorized sponsors create an Active Directory account for a guest.

Guests

A guest is someone who is affiliated with UCSF, and who's identity can be vouched for by members of pre-defined Guest Account Sponsor Groups. Guests usually only need access to one or a few UCSF resources, and for a limited time. Therefore, they do not fall into any other affiliate category.

Important Information

Since MyAccess uses Shibboleth for its web-based authentication service, it is best if guests can authenticate to an application using their home institution credentials, instead of creating a guest account for the person. This requires more effort to set up, but it is far better for everyone if this can happen. If you have an application and you want people from other UC schools, Stanford, and any number of other higher educational institutions to be able to use your application, it would be better if the MyAccess team sets your application up as part of the InCommon federation. For more information on this process, please send email to iam-admin@ucsf.eduindicating that you need to allow people from InCommon institutions to have access to your application. You can see a really great example of this concept in action on the UCSF Wiki login page: https://wiki.library.ucsf.edu/ucsf-ds.jsp

Guests, like any other affiliate, are given a UCSF ID Number (02 ID), and their record will be sent to Active Directory, MyAccess Single-Sign-On (SSO) and the Enterprise Directory Service (EDS). This means that a guest will be able to get a Active Directory account (which is usually the whole reason for being put into the system as a guest), and the guest's information will be available to any application which has access to UCSF identity data. Having an Active Directory account allows the guest to use the MyAccess SSO service, and the Campus Wireless (UCSFwpa) network.

Guest Account Sponsor

General

A Guest Account Sponsor is a UCSF administrator who agrees to take on the responsibility of approving guest requests. There are currently a number of Sponsors on the UCSF campus. If you would like become a Sponsor, please send email to iam-admin@ucsf.edu indicating that you have a need for guest access to your application(s), and why.

As of August, 2012, all affiliates (guests are a type of affiliate) who use the network (use of MyAccess constitutes network use) will be charged $11/month. Since the affiliate can not be directly charged, the department of the sponsor of the guest will be charged. This means that the department associated with the sponsor group will be charged if the guest uses any MyAccess service (MyAccess SSO to log into an application or Wireless) during the month. If the guest uses a MyAccess service 1 or more times during the month, the department will be charged $11. If the guest does not use any MyAccess service during the month, the department will not be charged.

Information Necessary to Establish Group

To establish a UCSF employee as a sponsor the following information is required:

  1. UCSF ID (02 ID)

Once you have provided this we will arrange a time when we can walk you through what it takes to be a sponsor.

Each sponsor can login into the Guest Account application, https://myaccess.ucsf.edu/guests and begin to sponsor accounts.

Information Required For Guests Account

The following information collected as part of the guest account creation process. Required fields are marked in bold:

  • First Name
  • Middle Initial
  • Last Name
  • Name Suffix
  • Email Address
  • Date of Birth
  • Country of Birth
  • Reason requesting the account

Once the account is approved, the person is associated with the department to which the sponsor group is associated.

  • No labels

5 Comments

  1. This page says "There are currently 10 Sponsor Groups on the UCSF campus." but the form lists 17 sponsor groups. Maybe 7 are Ad Hoc Sponsor Groups? Regardless, I'd just eliminate that sentence altogether. Not sure it provides information an end user can use.

  2. Rich - thanks, I updated the page.

  3. Is this information still accurate?  https://myaccess.ucsf.edu/guests is giving me a 403.

  4. I also get You are not authorized to access this page. (Error 403) when trying to go to https://myaccess.ucsf.edu/guests

    1. Only sponsors are able to access that page, I think, and I'm the only sponsor for the Library. Might be worth adding something in or around that sentence to make that clear, though.