Overview
This following information outlines the criteria for identifying and designating a Federated Authorization Security Contact according to the University’s Federated Authorization Process guidelines. Each University area should designate a primary and secondary Security Contact. This document covers:
- The responsibilities of a Security Contact
- The qualifications for a Security Contact
- How to designate a Security Contact
- How to request that responsibility be removed from a SecurityContact
If you have any questions about this procedure, please contact the Technology Help Desk at 412-624-HELP (4357) or helpdesk@pitt.edu.
Detail
Security Contact Responsibilities
Security Contacts are responsible for ensuring that only authorized University employees have access to the Student Information Systems (PeopleSoft) and Student Mart data needed to do their jobs. Security Contacts therefore have the important responsibility of preserving student confidentiality and data integrity. As a result, all PeopleSoft and Student Mart user access requests must be reviewed and approved by the Security Contacts. Individuals fulfilling the role of Security Contact must meet certain qualifications in order to ascertain that a user’s request is appropriate and to ensure the Federated Authorization process is successfully followed.
Security Contact Qualifications
Designated Security Contacts must:
- Understand their University area’s business and academic processes
- Be familiar with the job duties of all Student Mart and PeopleSoft users in their area
- Be in a position of authority to independently grant and revoke access privileges
- Complete the appropriate Federated Authorization training course
Note: Security Contacts should have worked with the University Area for several years, giving them an inherent understanding of their area’s employees and processes. Therefore, administrative assistants, student workers, new hires, contractors, graduate, and post doc students working in the area would not be the most appropriate choice.
Process for Designating a New Security Contact
- An existing Security Contact or the head of each University area (dean, director, regional president, or department head, depending on the University area) should identify a candidate that meets the qualifications above and submit an online request or email to helpdesk@pitt.edu to the attention of Pitt IT Security, identifying the individual and why they were selected. Please include the following information:
- Security Contact’s Name
- Security Contact’s Title
- Phone number
- Username
- Brief description of how the individual meets the criteria for a Security Contact
- The Technology Help Desk will receive the request and transfer the case to Pitt IT Security.
- Pitt IT Security will evaluate the request.
- If approved, Pitt IT Security adds the new Security contact to the relevant Central Directory Service (CDS) group and updates the Federated Authorization Security Contact list on the Technology website.
- The new or existing Security Contact needs to submit a new PeopleSoft Federated Authorization Request asking for the SA_VIEW_SECURITY_CONTACTS role in the Request Details and Justification section. This is the role needed to perform the Security Contact functions in PeopleSoft.
- The newly appointed Security Contact is responsible for reading and understanding all of the information in the Federated Authorization Community and for scheduling training with a peer Security Contact.
Process for Removing a Security Contact
An existing Security Contact or the the head of a University area (dean, director, regional president, or department head, depending on the University area) should immediately contact the Technology Help Desk at 412-624-HELP (4357) or helpdesk@pitt.edu to have a Security Contact removed from the list.