Main Nav

I realize this conversation will extend well beyond Banner, but I’m curious as to how you may handle a situation like the following:

 

We have a need to create accounts for individuals who are not on campus to be used in the Banner system.  The proposed way is to create the account and then provide the password via email (yes, I know…GASP!)  I’m not familiar with the internal security aspects of Banner, but I have to believe it has the ability to generate a single use password for an occasion such as this, no?

 

My eventual desire would be to develop a portal-type environment to handle this as self-service…if this isn’t already provided by Banner.

 

Thanks in advance

 

J

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.

Comments

As it relates to Banner, you may get more reliable information on the Administrative Systems list at Educause, but I do believe you can force a password change on the login (I know we have done that in the past).

But if the password lands in the wrong hands, what good does a single use password do, right?  So the person who shouldn't have the single-use password logs in one time and changes the password to something else.  The unauthorized person still got in.

We've been struggling with the password issue with our ERP for some time, and right now we are looking at a two-factor kind of reset.  We'll text a code or email a code to a previously authorized account on file.  That code PLUS other information would be entered to reset a password.

Theresa


Thanks, Theresa.  Your thoughts parrot my own.  For 2 factor have you considered whether you will use something commercially available or develop in-house?

This is going to lead to a larger discussion on a global password policy for Binghamton.  My hope is that we can use something like Banner to showcase what should be done for all systems. 

Thank you


Good morning, from our DBA:

 

Banner security uses Oracle passwords for access.  There are options for access control but they are more complex (such as times you can log in).

 

The password for Banner at Fairfield is set by Laurie or myself, but the user only uses it once to log in via SSO. 

 

If you have additional questions, please don’t hesitate to email me directly and I’ll get you (or yours) in touch with our DBA. My email is pfrancis@fairfield.edu

 

Have a great day all!

 

 

Paige Francis, CIO

Fairfield University

 

Follow me: Twitter | Linked In

Fairfield University Technology News: http://fairfieldutech.tumblr.com

 

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged info rmation and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.

 

 

While we are on the topic, and understanding that the Oracle passwords can be configured and secured, is anyone familiar with the Banner table GORPAUD?

We stumbled across this while planning for a unified authentication via AD.  It appears that this file keeps a log of every password reset.  It stores the password in plain text.  I was wondering if anyone had experience with it and if it was practical to configure it for encryption it or just turn it off?

 

Tim

 

 

Timothy A. Pierson 

Associate VP, Information Technology and CIO

Piedmont Technical College

Lex Walters Campus

620 N. Emerald Rd. | P.O. Box 1467

Greenwood, SC 29648

Pierson.t@ptc.edu

Phone:  864.941.8437

Mobie:  864.992.6741

CISSP, CCNA:Security, MCSE: Security

 

"It is not the critic who counts; the credit belongs to the man who is actually in the arena. Who strives valiantly; who errs and comes short time and time again; and who, if he fails, at least fails while daring greatly. His place shall never be with those cold and timid souls who know neither victory nor defeat." - Theodore Roosevelt

 

 

 

 

 

Tim -

Check the Banner General 8.0 Release Guide - page 14.  This table is supposed to be encrypted, but Ellucian made encryption optional when they re-did security with Banner 8.0 in order to provide backward compatibility for integration with third-party systems such as Blackboard.  It might be time to re-visit this if the initial decision back in 2010 was to not encrypt GORPAUD.

Bob Hughes
Director, Enterprise Application Systems
Mt. San Antonio College



Jamie,
 
I don't know if Banner can be set up for single use passwords.  Once we set up the account, we send them an email message to their College account asking for their phone number and the last 3 digits of the College-wide ID number to verify them.  We then call them at the number provided and give them their password over the phone.
 
We do have a portal (Luminis) and it authenticates against Novell's eDirectory currently.  The portal is connected to Banner Self-Service and syncs the password to Banner when it changes and the individual logs into the portal.
 
Dave

 
David Hoyt
Chief Information Systems Officer
 
  Collin College     
  Collin Higher  Education Center
  3452 Spur 399
  McKinney, TX  75069
 
P - 972.599.3133   F - 972.599.3131
>>> On 11/12/2013 at 10:01 AM, in message <5d09ab935a41e187a3d731f55af63e45@mail.gmail.com>, Jamie Arnold <harnold@BINGHAMTON.EDU> wrote:

I realize this conversation will extend well beyond Banner, but I'm curious as to how you may handle a situation like the following:

 

We have a need to create accounts for individuals who are not on campus to be used in the Banner system.  The proposed way is to create the account and then provide the password via email (yes, I know.GASP!)  I'm not familiar with the internal security aspects of Banner, but I have to believe it has the ability to generate a single use password for an occasion such as this, no?

 

My eventual desire would be to develop a portal-type environment to handle this as self-service.if this isn't already provided by Banner.

 

Thanks in advance

 

J

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.

Thanks Bob.

 

TTim

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.