1 share point presentation

34
Page 1 June 29, 2010 Indiana Eligibility Modernization Project (IEMP) SharePoint Access and User Account Maintenance GSG-Human Services April 14, 2011

Upload: dknight13

Post on 05-Dec-2014

223 views

Category:

Business


3 download

DESCRIPTION

 

TRANSCRIPT

Page 1: 1 share point presentation

Page 1 June 29, 2010

 Indiana Eligibility Modernization Project (IEMP)

SharePoint Access and User Account Maintenance

GSG-Human ServicesApril 14, 2011

Page 2: 1 share point presentation

Page 2 June 29, 2010

Welcome

Page 3: 1 share point presentation

Page 3 June 29, 2010

Agenda● Introduction● Security Responsibilities● Cost and Cost Center Assignments● New Procedures

-SharePoint User Account Information-Create New User Account-Update SharePoint User Account-Delete SharePoint User Account

● ACS Information Security Policy and Standards v 3.5.1● Questions?

Page 4: 1 share point presentation

Page 4 June 29, 2010

Introduction-Microsoft SharePoint

Microsoft SharePoint is a web-based document repository that provides a shared, collaborative work environment that assists individuals involved in a common task with achieving their goal.  

• Assists with individuals on one team who may not be physically co-located, • Provides a remote access storage system for archiving commonly used

data, and • Provides a staging system where documents can be developed, reviewed,

approved and then transferred to a portal when complete.Each ACS Project has its own SharePoint site and it is that project’s site

administrator who monitors and maintains the user accounts, authorizes access and structures levels of access.

The three (3) areas that involve initial and ongoing maintenance of the SharePoint project site include Account Management (the SP user account), Site Management (the SP site account) , and Permissions Management (access to specific SP sites) which is a subset of Site Management.

Page 5: 1 share point presentation

Page 5 June 29, 2010

Introduction-Microsoft SharePoint

Page 6: 1 share point presentation

Page 6 June 29, 2010

Security Responsibilities ACS business and technology managers are responsible for

ensuring that all reasonable and necessary security controls are implemented within their environments to mitigate all unacceptable risk to their business. ACS Information Security version 3.5.1 p. vii

All ACS business and technology managers must ensure their units, at a minimum, meet all applicable requirements in the ACS Information Security Standard. ACS Information Security version 3.5.1 p. vii

Workers issued an ACS information asset and/or granted access to ACS or client information are responsible for protecting that information from loss, theft or untimely dissemination. ACS Information Security version 3.5.1 section 1.1

ACS Information Security Policy 3.5

ACS Information Security Standards 3.5.1

Page 7: 1 share point presentation

Page 7 June 29, 2010

Cost and Cost Center Assignment

Cost Center Codes are assigned based on the location of the user’s manager and are debited to that SBU’s account at $11 per account per month.

The user’s account will be charged to the manager’s cost center regardless of the user’s physical location.

If the user is stationed in an SBU outside of the PMO and reports to a manager located at the PMO, then the cost center would be the specific section of the PMO such as Executive, Knowledge Services, Training Development or Program and Technology Services.

Codes are accessed at the SharePoint User Request site by selecting Cost Centers.

 

Page 8: 1 share point presentation

Page 8 June 29, 2010

Cost Center-Codes, Description and ManagerAuthorized Requestor (manager and designee) names are listed

on the screen for each cost center. Only those individuals will have access to create, update and/or delete a user account for their SBU.

Page 9: 1 share point presentation

Page 9 June 29, 2010

Cost Center Codes Filtered by Code and Description

Page 10: 1 share point presentation

Page 10 June 29, 2010

Cost Center Codes Filtered by Manager

Page 11: 1 share point presentation

Page 11 June 29, 2010

New Procedures-SharePoint Create New User Account

Page 12: 1 share point presentation

Page 12 June 29, 2010

- SharePoint-Create New User Account

The Requestor (the SBU Manager or their designee) accesses the SharePoint site: https://sharepoint.acs-shc.com/sites/iemp/acs/default.aspx, IT Systems and Request a SharePoint Account.

Requestors and their designee will have the ability to view all items on the User Request screen and will have update capability/access limited to the individuals in their SBU.

The SharePoint Request screen will list the Users already assigned to that Requestor’s SBU.

         

Page 13: 1 share point presentation

Page 13 June 29, 2010

- SharePoint-SBU List

 

Page 14: 1 share point presentation

Page 14 June 29, 2010

-Create New User Account

To request new user access, select the New User button at the top of the list.

This will open a blank New User Request screen.

Page 15: 1 share point presentation

Page 15 June 29, 2010

-Create New User Account

The Requestor or their designee completes the New User Request screen by providing the user specific information for one or more of their direct reports.

Page 16: 1 share point presentation

Page 16 June 29, 2010

-Create New User Account

The SharePoint Request includes the User’s Name, User’s WIN, User’s Cost Center Code (the account to which the associated costs will be debited), User’s Email Address, and Reason for the Request.

Page 17: 1 share point presentation

Page 17 June 29, 2010

-Create New User Account

Cost Center Code numbers can be viewed by selecting Cost Centers on the screen’s drop down box.

The New User Request screen must be completed entirely before the account request can be forwarded, electronically, to the Administrator. The Requestor cannot Save and Close the New User Request screen until all of the required fields have been completed.

Page 18: 1 share point presentation

Page 18 June 29, 2010

-Create New User Account

Note: Only the SBU Manager and their designee will have access to add a New User, Edit an existing User or Delete an existing User on the SharePoint Request screen.

Once the Request screen is completed, saved and closed, the SharePoint Account Administrator receives the alert requesting an account.

The SharePoint Account Administrator reviews the information.

The SharePoint Account Administrator will notify the Requestor if any information contained on the SharePoint Request-New User screen requires clarification.

The SharePoint Account Administrator will proceed with setting up the account.

Page 19: 1 share point presentation

Page 19 June 29, 2010

-Create New User Account

The New User Request screen information populates the active user’s data base and provides the required information for the SharePoint Active User List.

SharePoint automatically notifies the user and the SharePoint Account Administrator notifies the Requestor, via email, that the account has been approved and activated.

The Requestor or their designee is responsible to instruct the user regarding log in, access and navigation in the SharePoint environment.

Tutorials are available at the SharePoint Home Page for this purpose.

Page 20: 1 share point presentation

Page 20 June 29, 2010

-Create New User Account

If the user is not able to log in, access or navigate in the SharePoint environment, it is the responsibility of the Requestor, SBU Manager or designee for additional instruction/assistance until the user is able to navigate the SharePoint site.

The SharePoint Account Administrator submits the active user listing, monthly, to the SharePoint 2003 support team who then debits the appropriate SBU accounts based on the Cost Center Code.

Page 21: 1 share point presentation

Page 21 June 29, 2010

-Update/Delete User Account

Page 22: 1 share point presentation

Page 22 June 29, 2010

-Update User Account

The authorized Requestor or their designee can change user information such as name, cost center, position, or reason for access, by accessing SharePoint Request, SharePoint Request screen and selecting the WIN of the user whose account information requires editing.

The edits will update the repository of data and the current SharePoint Active Users List with the current information.

If a user is relocating from one SBU to another, the “sending” Requestor will complete the Edit by changing the current Cost Center Code to the new Cost Center Code.

 

Page 23: 1 share point presentation

Page 23 June 29, 2010

-Update User Account

The Requestor can either select the WIN of the User whose information is going to be changed which will take the Requestor to the User’s screen where EDIT can be chosen (next slide) or the Requestor can select the drop down box next to the User’s WIN, select EDIT and go directly to the User’s update screen (second slide).

 

Page 24: 1 share point presentation

Page 24 June 29, 2010

-Update User Account

On the individual user’s screen, select Edit Item and then update those fields that are changing.

Page 25: 1 share point presentation

Page 25 June 29, 2010

-Update User AccountSelect the Save and Close button to effect the change.

Page 26: 1 share point presentation

Page 26 June 29, 2010

-Delete User Account

Caution: If ‘Delete Item’ is selected in error, the User’s Account will be Deleted and will require the Requestor to Create a New User to reactivate the account.

If this occurs, please notify the SharePoint Account Administrator via email.

Page 27: 1 share point presentation

Page 27 June 29, 2010

-Delete User Account

The authorized Requestor or their designee can select the Delete Item on the Individual User’s screen to inactivate the User’s SharePoint account. The User’s data will be removed from the SharePoint Active Users List.

Page 28: 1 share point presentation

Page 28 June 29, 2010

-Delete User Account

OR

Page 29: 1 share point presentation

Page 29 June 29, 2010

Delete User Account

Deleting an account is usually the result of employment termination, change in position or job responsibilities that no longer necessitate a SharePoint account.

The inactivation process must take place based on the ACS Information Security timeliness standards as they are listed below:

• Termination of access for an ACS Worker involuntarily terminated will occur as soon as possible but not to exceed 24 hours after termination.

• Removal of access to ACS Systems for an ACS Worker voluntarily terminated will occur as soon as possible but not to exceed 72 hours after the termination event.

• Accounts that have been inactive for 90 days or greater must be permanently removed.

Page 30: 1 share point presentation

Page 30 June 29, 2010

ACS Information Security Policy and Standards v 3.5.13.1 Password Management

a. ACS Workers will safeguard and protect their passwords. Password sharing is strictly prohibited. Writing down passwords is not an acceptable practice however, if passwords must be written down, the information must be stored securely and be accessible only by the owner.

b. Storing passwords via unencrypted electronic files or programmable function keys, scripts, macros or automated logon sequences is strictly prohibited.

c. All account passwords will have a minimum length of 8 characters.d. All account passwords will have a combination of 3 out of the 4

following elements: (1) numeric, (2) uppercase alphabetic, (3) lowercase alphabetic and(4) special character, where technically feasible.

Page 31: 1 share point presentation

Page 31 June 29, 2010

ACS Information Security Policy and Standards v 3.5.1e. Passwords will not contain portions of the logon ID, personal

names(family members or pets), guessable dates (birthdates or anniversaries), or be constructed around a dictionary word, regardless of language.

f. ACS Workers will not construct passwords which are identical to their previous 6 passwords. g. ACS Systems will be configured to force ACS Workers to change the initial or reset password or PIN assigned by the security administrator

after their first logon. h. ACS Systems will set the frequency of password changes to a maximum of 65 days and a minimum of 1 day. i. The use of default or generic passwords is prohibited. j. ACS Systems will be configured to prevent specific feedback indicating what was incorrect on an invalid logon attempt.

Page 32: 1 share point presentation

Page 32 June 29, 2010

ACS Information Security Policy and Standards v 3.5.13.3 Password Administration

a. Each Business Unit will use and document a secure method when distributing account user IDs and passwords. This process will include validation of user identity and protection of the UserID and the password within the distribution mechanism

b. ACS Workers will be provided with the ability to change/create their own password, within ACS provided guidelines.

c. Each Business Unit will use and document a process describing how

administrative passwords are changed, logged, distributed.

Page 33: 1 share point presentation

Page 33 June 29, 2010

ACS Information Security Policy and Standards v 3.5.13.4 Account Access

f. Each Business Unit will implement and maintain procedures for the removal of access to ACS Systems for terminated or transferred workers. Removal of access to ACS Systems will follow the ACS HR Access Termination Process.

• Termination of access for an ACS Worker involuntarily terminated will occur as soon as possible but not to exceed 24 hours after termination.

• Removal of access to ACS Systems for an ACS Worker voluntarily terminated will occur as soon as possible but not to exceed 72 hours after the termination event.

• Accounts that have been inactive for 90 days or greater must be permanently removed.

Page 34: 1 share point presentation

Page 34 June 29, 2010

Questions?