A Responsibility Center (RC) Account Administrator is a designated individual within an academic or administrative unit who manages University computing accounts and groups on behalf of that unit. RC Administrators distribute initial passwords to new employees, create and manage sponsored accounts, and maintain groups and group membership in the Central Directory Service (CDS). Limiting these duties to a small number of named administrators is what keeps account creation auditable and reduces the risk of unused or orphaned accounts.
What an RC Administrator Does
Within the Central Directory Service (CDS) and the University Computing Account system, an RC Administrator is responsible for ensuring data is accurate, services are managed conscientiously, and resources are allocated and used for their intended purposes. The specific duties break down as follows.
🔑 Distribute initial passwords for primary accounts Most Common
When a primary account is created for a new faculty or staff member, the system sets an initial password. Most new employees activate their own account through self-service within 72 hours and the RC Administrator never sees the password. When self-service doesn't apply — the individual isn't eligible, or the 72-hour window lapses — the initial password lands in the RC Administrator's Initial Password report in Manage Accounts, and the administrator hands it off directly.
Handoff Steps
- Open the Initial Password report in Manage Accounts and locate the new employee's entry.
- Communicate the initial password to the individual directly, or to the individual's supervisor or area manager. Use a channel appropriate for a one-time secret — not unencrypted email.
- Instruct the individual to sign in at accounts.pitt.edu, where they will be prompted to set security questions and choose a new password.
- Remind the individual that the new password must not be shared with anyone, including supervisors, colleagues, or help desk staff.
👥 Create and manage sponsored accounts Approved Purposes Only
Sponsored accounts give non-employees — visiting scholars, contractors, affiliates — limited access to University computing resources for a defined purpose. The RC Administrator is the only role within a unit that can create them.
Before creating a sponsored account, confirm the purpose is approved for sponsorship, the requesting party has agreed to the Acceptable Use policy, and an end date is set. Review existing sponsored accounts in your RC periodically and remove any that are no longer needed. For account-type definitions and eligibility rules, see the Pitt Computing Accounts Overview.
📁 Create and manage CDS groups CDS
RC Administrators maintain groups and group membership in CDS. These groups serve two main purposes:
- Enterprise Exchange distribution lists.
- Access-rights assignment to resources across the University computing environment (file shares, SharePoint sites, applications that consume CDS group membership for authorization).
Because the same group can drive both mail delivery and access control, treat membership changes as access changes — confirm the requester has authority to add or remove the named individual.
🔗 Delegate group management Optional
An RC Administrator can grant another individual within the responsibility center the ability to manage groups directly. Delegation can be scoped three ways:
- Single group — the delegate manages exactly one named group.
- Prefix-based collection — the delegate manages every group whose name shares a defined prefix.
- All RC groups — the delegate manages every group within the responsibility center.
Choose the narrowest scope that lets the delegate do their job. Delegation does not transfer accountability — the RC Administrator remains responsible for what delegates do with the access.
Adding or Removing an RC Administrator
The head of the responsibility center, or a current RC Administrator for that unit, can request that an RC Administrator be added or removed.
Request Steps
- Complete the Account Administrator Change Request Form.
- Submit the form. Pitt Digital will process the change and notify the requester when it is in effect.
- For removals tied to a departure, submit the form on or before the individual's last working day to keep the roster current.
Most responsibility centers operate with up to five RC Administrators. Larger units — particularly in the health sciences — routinely have more, with prior approval from Information Security. If your unit needs additional administrators beyond the usual five, the head of the responsibility center sends a brief written request to Information Security through the Technology Help Desk describing the need, and once approved, the standard Account Administrator Change Request Form is submitted for the additional administrator.
Administrator Resources
Current RC Administrators have access to the RC Administrators SharePoint site, which contains procedural guides, reference material, and announcements specific to administrator duties.
Sign-in requires Pitt Passport with Duo.
The RC Administrators SharePoint site uses multifactor authentication through Pitt Passport single sign-on. Have your Duo device available before signing in.
Why the Role Is Scoped This Way
Concentrating account-creation authority in a small named group of administrators per unit is a deliberate control. It keeps the population of people who can provision accounts small enough to audit, ensures every sponsored account has an accountable owner, and makes it practical to remove unused accounts before they become attack surface. Unused or orphaned accounts are a routine target for credential-stuffing and lateral-movement attacks; the RC Administrator role is what keeps those accounts from accumulating.