...

...

NCSA supports Shibboleth and OpenID Connect/OAuth services to allow other organizations to securely use NCSA identities. New interfaces to NCSA IdM services must be approved by the IIB before being added.

Password Management and Secret Sharing

NCSA requires the use of its official password and secret sharing solution (i.e. Lastpass Enterprise) for storing and sharing passwords and secrets inline with NCSA’s cybersecurity and acceptable use policies.

Old accounts from the password and secret sharing solution will be disabled after HR exit or 1 year of inactivity and removed after 2 years of activity.

You may not use NCSA’s or the U of I’s authentication and authorization infrastructure to provide access to shared passwords or secrets.

The service managers will have the ability to recover user secrets when necessary.

...

Exceptions Process

There are exceptions and special cases to any policy. Requests for exceptions should be made to the NCSA Security Office and may be approved by either that office or the NCSA Director's Office.

...