Q. Can I choose my pseudo account name?
A. Yes. Your requested user name must be 9 or more characters, or have a hyphen.
Q. What is a pseudo account sponsor?
A. A sponsor is a real person who can answer questions about why a departmental pseudo account exists, what it is used for, and when it can be deleted. Most pseudo accounts should have a sponsor, and they can have multiple sponsors. Sponsorship does not imply any sort of security access.
Q. What is pseudo account access?
A. When a real account belonging to a unique person is given access to a department account, that person can see the department account's password and 2FA secret information in My UD Settings. This allows the user to log in directly via CAS to the department account (assuming the account is in LDAP).
Q. Do I have to have both a sponsor and people with access to a pseudo account?
A. Not necessarily. Access should only be granted to a limited number of individuals and only when the department account is being used as a service account. For instance, only the vendor should have the login credentials for a pseudo account being used for VPN access. Sponsorship only is used in this case.
However, if the department account is used to receive helpdesk tickets which are then processed by the helpdesk software, then this meets the definition of a service account. Whoever is responsible for the software might need access to the account. Sponsors should also be used, and the sponsoring users might not have any ids in common with those who have access.
Q. Do pseudo accounts require 2FA?
A. Yes.
Q.How do I set up 2FA?
A. 2FA is automatically set up for pseudo accounts. You can get your 2FA codes by logging in to My UD Settings with your UDelNet ID, and click Manage pseudo accounts. Only Google or Microsoft Authenticator can be used to get 2FA codes. Codes cannot be sent through SMS or voice messages.
Q. Can I log in to CAS with my pseudo account?
A. Yes. If you need to log into CAS with your pseudo account, you must log in to My UD Settings as the pseudo account user and enable 2FA.
Q. I have multiple users that need to use the pseudo account. How does everyone get in with 2FA?
A. Each person with access can use Google Authenticator, which can be used on multiple devices, or can use scratch codes. As scratch codes are used, new ones appear.
Q. Can I choose a password for the pseudo account?
A. No, passwords and account secrets are preset and cannot be chosen.
Q.But I was able to change the password in when I logged in to My UD settings with the pseudo account...
A. The password will revert to the password on your My Pseudo Account settings information page.
Q.How do I give a new employee access to a pseudo account?
A. The pseudo account sponsor should submit a request for this access to the IT Support Center. Specify the UDelNetID of the person who needs access and the user name for the pseudo account.
Q. What happens when someone who has access to a pseudo account leaves the University?
A. The account password and shared secret will be reset. Submit a request to the IT Support Center to notify them that someone with access to a pseudo account has left UD.
When access for an individual is removed from a department account, then the password and 2FA related secrets are changed. If the account's password is coded or configured elsewhere, and a change would cause a service disruption, the department account should have a security lock applied. The security lock prevents a password reset until whoever is managing the task can coordinate the password reset. That person will need to know how to update the pseudo account service configuration(s) to match the new password. They will also need to use the bypass-security-lock option when removing access.
A change in sponsorship does not cause passwords or 2FA secrets to be changed.
Q. Does that mean that everything that uses the pseudo account will break?
A. If a pseudo account is used to facilitate a service, you will need to configure that service to use the new password. People who use Google Authenticator for pseudo account 2FA will need to reconfigure Google Authenticator using the new shared secret.
Q. Can I use a pseudo account to register a computer or device for network access?
A. Pseudo accounts can be used to register computers and devices for wireless access at UD, but they cannot be used to register wired MAC (Ethernet) addresses for network access.
Q. Can I use my pseudo account with Windows Active Directory or o365 services?
A. No, pseudo accounts cannot be used with Windows Active Directory or o365 services.