Body
When an individual leaves the University, the NetID goes through an automatic expiration process detailed below.
- Automatic Expiration of NetIDs for Faculty/Staff
- Automatic Expiration of NetIDs for Students
- Automatic Expiration of Special NetID Accounts
- NetID Password Expiration
Note: If needed, a NetID can be deactivated quickly.
Automatic Expiration of NetIDs for Faculty/Staff
The following table contains the milestone events that occur during the automated NetID expiration process for faculty and staff. Automatically generated email notifications are sent out to the user listing the actual expiration dates for the NetID.
Each faculty or staff member (non-temporary) has myHR employee information that indicates their status at the University. When myHR discontinues sending data for a NetID, the NetID begins to expire along the planned timeline.
Separated Faculty and Staff NetID Expiration Schedule
Days from NetID expiration |
NetID active? |
Progression of events |
0 |
Yes |
myHR discontinues sending data for the NetID. |
2 |
Yes |
Notification is sent to a user describing pending deactivation. If a user receives this notification in error, please contact the IT Support Center. |
14 |
No |
The NetID password is scrambled and cannot be reset. Online Directory/Global Address List (GAL) listing is removed. |
70 |
No |
Services (including e-mail) are deleted. Off-campus mail redirection (forwarding) ends. |
131 |
No |
Email alias is recycled and can be assigned to another user. |
Automatic Expiration of NetIDs for Students
The following table contains the milestone events that occur during the automated NetID expiration process for students. Automatically generated e-mail notifications are sent out to the student listing the actual expiration dates for the NetID.
Each student has Student Enterprise Systems (SES) information that indicates their status at the University. When SES discontinues sending data for a NetID, the NetID begins to expire along the planned timeline.
Separated Student NetID Expiration Schedule
Days from NetID expiration |
NetID active? |
Progression of events |
0 |
Yes |
SES discontinues sending data for the NetID. |
127 |
Yes |
Notification is sent to NetID owner describing pending deactivation. |
148 |
No |
The NetID password is scrambled and cannot be reset. If a University Exchange account has been present, it can no longer be accessed. Online Directory/Global Address List (GAL) listing is removed. |
Automatic Expiration of Affiliate and Organizational NetID Accounts
Affiliate and Organizational NetID accounts are created manually and assigned a specified expiration date which can be renewed annually as required. The person requesting the NetID must list one to three NetID owners. The NetID owner(s) will receive copies of all system generated warning messages that are sent to the account. Messages are sent to the owner as a safeguard to ensure that a department is aware that a manually asserted NetID is approaching deactivation.
The following table contains the milestone events that occur during the automated expiration process for Affiliate and Organizational NetIDs. Automatically generated email notifications are sent out to the owner(s) listing the actual expiration dates for the NetID.
Affiliate and Organizational NetID Expiration Schedule
Days from NetID expiration |
NetID active? |
Progression of events |
0 |
Yes |
The departmental administrator or NetID owner is notified of the expiration of the NetID. |
7 |
Yes |
Email warning message is sent to the email address associated with the NetID, and the NetID owner. |
28 |
No |
The NetID password is scrambled and cannot be reset. Online Directory/Global Address List (GAL) listing is removed. |
49 |
No |
Services (including e-mail) are deleted. Off-campus mail redirection (forwarding) ends. |
60 |
No |
Email alias is recycled and can be assigned to another user. |
Accessing non-NetID authenticated systems
When you deactivate a person's NetID, it only removes access to systems that are NetID authenticated. It will not automatically remove a person's access to other University systems that are not NetID authenticated. Central administrative systems that are not NetID authenticated include (but are not limited to):
- Administrator access to myHR
- Administrator access to SES
- Administrator access to Canvas
- The iBuyNU marketplace
- The University Travel System
Terminating a NetID
To terminate an individual's NetID, choose one of the options below:
- A Dean, Department Director or Department Chair can submit a request to the IT Support Center to have a security hold placed on the NetID. The security hold immediately disables a user’s access to all NetID authenticated systems including their University e-mail account.
- NetIDs without security holds will expire on the natural cycle listed above. If supervisor access to the employee’s e-mail account is required, you have several options:
- Work with the employee to forward e-mail of a business nature to another person in your department, or set up forwarding to a departmental email address.
- Set up an automatic forward. Forwarding e-mail to another account and setting up a vacation message may help maintain business correspondence. The forwarding and vacation message will last until the NetID is automatically deactivated (about 70 days). At that point, mail sent to the email address will bounce back to the sender with an undeliverable message. If an individual has not set up forwarding, or a vacation message, a Dean, Department Director or Department Chairperson can send a request to the IT Support Center with the following information:
- NetID (or email address) for the separating employee
- NetID (or email address) for the person who will receive the separating employee's future email
- Text for an Out Of Office (vacation) message instructing senders to use a different address.
- Specify a user in your department to have full control over a separating individuals email account. To authorize access to a separated employee’s email account, a Dean, Department Director, or Department Chair may send a request to the IT Support Center with the following information:
- NetID (or email address) for the separating employee
- NetID (or email address) for the individual who will need full access to the separating employee’s mail account
- Business justification for the access request
Separating Employee
If the separating employee is also a Northwestern student, please keep in mind that terminating the NetID will affect access to student systems such as CAESAR. If reasonable, the University recommends that other methods be explored, such as terminating access to local systems only. When someone has multiple roles in the University, please be cautious, but act appropriately.
Northwestern IT Recommendations
Northwestern IT recommends that departments disable local server accounts in lieu of requesting an accelerated expiration of a NetID. Northwestern IT can address centrally managed services, but departmental/school support will need to deactivate local account access to local systems, and local machines.
Transferring Within the University
If transferring within the University there should be two possible reasons:
- Transfer within the same department (or school) into another role. Northwestern IT recommends removing access to specific University services that are no longer part of the job responsibility. To do this, a request from a Dean, Department Director, Department Chair, an HR staff consultant or a direct manager must be sent to servicedesk@northwestern.edu. If a transfer’s direct manager is making the request, they must cc’ the Dean, Department Director or Department Chair. The message must explain what services need to be removed.
- Transfer within the University to another department. Northwestern IT recommends removing access to specific University services that are no longer part of the job responsibility. To do this, a request from a Dean, Department Director, Department Chair, an HR staff consultant or a direct manager must be sent to servicedesk@northwestern.edu. If a transfer’s direct manager is making the request, they must cc’ the Dean, Department Director or Department chair. The message must explain what services need to be removed.
NetID Password Expiration
Northwestern uses a "password aging" system which requires you to change your password at least once every 365 days. More frequent password changes are recommended for network and data security purposes.
Forced Password Change Notification
Days since last password change |
NetID active? |
Progression of events |
0 |
Yes |
Last password change. |
323 |
Yes |
First email warning message sent giving the password deactivation date (see exception for summer months). |
344 |
Yes |
Second email warning message sent giving the password deactivation date. |
358 |
Yes |
Third email warning message sent giving the password deactivation date. |
365 |
Yes |
NetID password is scrambled. |
Summer Password Aging Policy
During the summer, students and faculty password aging is disabled. Northwestern IT put this policy in place because students and faculty may be away from their NetID and email accounts over the summer (the months of June, July, and August). If the first warning message would be sent during those months, the aging process is frozen at that step until September. At the beginning of September, the first warning message is resent and the process resumes. Note: (1) Students with an "ex-student" status have passwords that age normally through the summer, and (2) if the first message is sent before June, the summer password aging policy does not apply.