About Non-Person Accounts
Non-Person Accounts (NPA) are what would formerly be known as generic accounts or department accounts. On occasion, ITS creates electronic identities for access to central services where use of an individual’s personal identity is not appropriate. Because any identity that allows access to data and systems represents a potential risk to Western, it is necessary to ensure that all identity information is properly protected and managed.
- Some desktop access such as general student computing labs
- Shared desktop access
- Shared email access where mailing list and email features don't suffice e.g. position related, dean of a faculty, photocopy feature scan to email
- Service accounts (e.g. embedded in server configuration or programming codes, voicemail for a telephone in a lab); or
A non-person account may be appropriate to provide strictly internet access to a visiting individual who is at Western briefly and does not fit the Associated Person criteria noted below.
A primary account for an individual who has a relationship with Western that should be managed as an *Associated Person. An Associated Person is an individual who has a recognized and approved affiliation with Western University, but who is not an employee of Western e.g. visiting scholar, visiting researcher, volunteer, etc.
This includes individuals who require access to any of the following services:
- OWL (e.g. safety training)
- PeopleSoft applications (e.g. Human Resources, Financial Services)
- Library services
- Western One Card
A secondary account for an individual who has been assigned or will be assigned a personal Western identity.
* For more information on the Associated Person process, contact the Administrative Officer designated in your department/unit who is responsible for the management/approval of these registrations.
Any valid Western Faculty and Staff member with approval from his/her Dean or Budget head.
Responsibility for unit NPAs is shared between the two account owners, the unit approver and requestor. Both are responsible for the day-to-day management of the account which includes but is not limited to:
- Activating new accounts
- Renewing accounts due to expire
- Managing and securing the password for accounts
- Providing additional information on usage of the account in event of a security investigation
The management of NPAs is primarily done within Western Identity Manager. See below for the list of common account management tasks.
- Request a new Non-Person account
- Activate a Non-Person account
- Renew a Non-Person account
- Manage a Non-Person account password
- Edit a Non-Person account's attributes
- Find my Non-Person account
- Disable a Non-Person account
- Change ownership of a Non-Person account
See diagram below for a time line on the life cycle of an NPA.
Stage 1 - Account is requested. Western Identity Manager form is properly filled out and an email is automatically sent to the ITS Computer Accounts Office to begin the approval process. More info on requesting an account.
Stage 2 - Approval process. The ITS Computer Accounts Office will validate the request for such things as; is the requestor allowed to own a Non-Person account, or are there alternative solutions that would better serve the request? (mailing lists, etc.)
Stage 3 - Creation of account. If approval process is successful, ITS Computer Accounts Office will create the account and notify both the owner as well as the owner's department contact of the new account.
Stage 4 - Not activated status. The account is not currently useful, waiting to be activated. All services are disabled.
Stage 5 - Activation of the account. Activation is completed using Western Identity Manager. More info on activating an account.
Stage 6 - Active status. The account is in a useful state. The account will remain this way until the end of day on the expiry date. The account may be renewed any time during active or expired status. More info on renewing an account.
Stage 7 - First notice of expiry. An initial warning of an upcoming expiry is sent to the owner of the account. The account may be renewed any time during active or expired status. More info on renewing an account.
Stage 8 - Second notice of expiry. A secondary warning of an upcoming expiry is sent to the owner of the account as well as the owner's departmental contact. The account may be renewed any time during active or expired status. More info on renewing an account.
Stage 9 - Expiration. The account is expired automatically at the end of day on the expiration date. The password on the account is changed preventing access to all services associated with the account.
Stage 10 - Expired status. If you missed the renewal of your NPA the access can still be re-instated from this expired state. Please note in addition to renewing the access you will also need to change/reset the password.
Stage 11 - No longer accessible. The account has been slated for clean up from Identity Manager and is no longer accessible to the owner(s).