NetID Expiration

Body

When an individual leaves the University, the NetID goes through an automatic expiration process detailed below.

  • Automatic Expiration of NetIDs for Faculty/Staff
  • Automatic Expiration of NetIDs for Students
  • Automatic Expiration of Special NetID Accounts
  • NetID Password Expiration

Note: If needed, a NetID can be deactivated quickly.

Automatic Expiration of NetIDs for Faculty/Staff

The following table contains the milestone events that occur during the automated NetID expiration process for faculty and staff. Automatically generated email notifications are sent out to the user listing the actual expiration dates for the NetID.

Each faculty or staff member (non-temporary) has myHR employee information that indicates their status at the University. When myHR discontinues sending data for a NetID, the NetID begins to expire along the planned timeline.

 

Separated Faculty and Staff NetID Expiration Schedule

Days from NetID expiration NetID active? Progression of events
0 Yes myHR discontinues sending data for the NetID.
2 Yes Notification is sent to a user describing pending deactivation. If a user receives this notification in error, please contact the IT Support Center.
14 No The NetID password is scrambled and cannot be reset. Online Directory/Global Address List (GAL) listing is removed.
70 No Services (including e-mail) are deleted. Off-campus mail redirection (forwarding) ends.
131 No Email alias is recycled and can be assigned to another user.

 

Automatic Expiration of NetIDs for Students

The following table contains the milestone events that occur during the automated NetID expiration process for students. Automatically generated e-mail notifications are sent out to the student listing the actual expiration dates for the NetID.

Each student has Student Enterprise Systems (SES) information that indicates their status at the University. When SES discontinues sending data for a NetID, the NetID begins to expire along the planned timeline.

Separated Student NetID Expiration Schedule

Days from NetID expiration NetID active? Progression of events
0 Yes SES discontinues sending data for the NetID.
127 Yes Notification is sent to NetID owner describing pending deactivation.
148 No The NetID password is scrambled and cannot be reset. If a University Exchange account has been present, it can no longer be accessed. Online Directory/Global Address List (GAL) listing is removed.

 

Automatic Expiration of Affiliate and Organizational NetID Accounts

Affiliate and Organizational NetID accounts are created manually and assigned a specified expiration date which can be renewed annually as required. The person requesting the NetID must list one to three NetID owners. The NetID owner(s) will receive copies of all system generated warning messages that are sent to the account.  Messages are sent to the owner as a safeguard to ensure that a department is aware that a manually asserted NetID is approaching deactivation.

The following table contains the milestone events that occur during the automated expiration process for Affiliate and Organizational NetIDs. Automatically generated email notifications are sent out to the owner(s) listing the actual expiration dates for the NetID. 

 

Affiliate and Organizational NetID Expiration Schedule

Days from NetID expiration NetID active? Progression of events
0 Yes The departmental administrator or NetID owner is notified of the expiration of the NetID.
7 Yes Email warning message is sent to the email address associated with the NetID, and the NetID owner.
28 No The NetID password is scrambled and cannot be reset. Online Directory/Global Address List (GAL) listing is removed.
49 No Services (including e-mail) are deleted. Off-campus mail redirection (forwarding) ends.
60 No Email alias is recycled and can be assigned to another user.

 

Accessing non-NetID authenticated systems

When you deactivate a person's NetID, it only removes access to systems that are NetID authenticated.  It will not automatically remove a person's access to other University systems that are not NetID authenticated. Central administrative systems that are not NetID authenticated include (but are not limited to):

  1. Administrator access to myHR
  2. Administrator access to SES
  3. Administrator access to Canvas
  4. The iBuyNU marketplace
  5. The University Travel System

 

Terminating a NetID

To terminate an individual's NetID, choose one of the options below:

  1. A Dean, Department Director or Department Chair can submit a request to the IT Support Center  to have a security hold placed on the NetID.  The security hold immediately disables a user’s access to all NetID authenticated systems including their University e-mail account.
  2. NetIDs without security holds will expire on the natural cycle listed above.  If supervisor access to the employee’s e-mail account is required, you have several options:
    • Work with the employee to forward e-mail of a business nature to another person in your department, or set up forwarding to a departmental email address.
    • Set up an automatic forward. Forwarding e-mail to another account and setting up a vacation message may help maintain business correspondence. The forwarding and vacation message will last until the NetID is automatically deactivated (about 70 days). At that point, mail sent to the email address will bounce back to the sender with an undeliverable message. If an individual has not set up forwarding, or a vacation message, a Dean, Department Director or Department Chairperson can send a request to the IT Support Center with the following information:
      1. NetID (or email address) for the separating employee
      2. NetID (or email address) for the person who will receive the separating employee's future email
      3. Text for an Out Of Office (vacation) message instructing senders to use a different address.
  3. Specify a user in your department to have full control over a separating individuals email account. To authorize access to a separated employee’s email account, a Dean, Department Director, or Department Chair may send a request to the IT Support Center with the following information:
    1. NetID (or email address) for the separating employee
    2. NetID (or email address) for the individual who will need full access to the separating employee’s mail account
    3. Business justification for the access request

Separating Employee

If the separating employee is also a Northwestern student, please keep in mind that terminating the NetID will affect access to student systems such as CAESAR. If reasonable, the University recommends that other methods be explored, such as terminating access to local systems only. When someone has multiple roles in the University, please be cautious, but act appropriately.

Northwestern IT Recommendations

Northwestern IT recommends that departments disable local server accounts in lieu of requesting an accelerated expiration of a NetID. Northwestern IT can address centrally managed services, but departmental/school support will need to deactivate local account access to local systems, and local machines.

Transferring Within the University

If transferring within the University there should be two possible reasons:

  1. Transfer within the same department (or school) into another role. Northwestern IT recommends removing access to specific University services that are no longer part of the job responsibility. To do this, a request from a Dean, Department Director, Department Chair, an HR staff consultant or a direct manager must be sent to servicedesk@northwestern.edu. If a transfer’s direct manager is making the request, they must cc’ the Dean, Department Director or Department Chair. The message must explain what services need to be removed.
  2. Transfer within the University to another department. Northwestern IT recommends removing access to specific University services that are no longer part of the job responsibility. To do this, a request from a Dean, Department Director, Department Chair, an HR staff consultant or a direct manager must be sent to servicedesk@northwestern.edu. If a transfer’s direct manager is making the request, they must cc’ the Dean, Department Director or Department chair. The message must explain what services need to be removed.

 

NetID Password Expiration

Northwestern uses a "password aging" system which requires you to change your password at least once every 365 days. More frequent password changes are recommended for network and data security purposes.

Forced Password Change Notification

Days since last password change NetID active? Progression of events
0 Yes Last password change.
323 Yes First email warning message sent giving the password deactivation date (see exception for summer months).
344 Yes Second email warning message sent giving the password deactivation date.
358 Yes Third email warning message sent giving the password deactivation date.
365 Yes NetID password is scrambled.

 

Summer Password Aging Policy

During the summer, students and faculty password aging is disabled. Northwestern IT put this policy in place because students and faculty may be away from their NetID and email accounts over the summer (the months of June, July, and August). If the first warning message would be sent during those months, the aging process is frozen at that step until September. At the beginning of September, the first warning message is resent and the process resumes. Note: (1) Students with an "ex-student" status have passwords that age normally through the summer, and (2) if the first message is sent before June, the summer password aging policy does not apply.

Details

Details

Article ID: 1890
Created
Tue 7/19/22 1:37 PM
Modified
Thu 6/1/23 3:17 PM

Related Services / Offerings

Related Services / Offerings (1)

NetID services take information from the HR or student system and create unified Northwestern credentials (NetIDs) that are then connected with information about each individual. NetIDs are then used as the primary way for people to interact with IT services. Other types of NetIDs can be created as well for specific people, organizations, or IT system purposes.