SLAC Computing Accounts (Unix and or Windows SSO) - LSSTDESC/slac-authentication-transition GitHub Wiki

DESC members that are associated with other projects, including Rubin Operations, USDF, commissioning, the LSST camera team, etc, may have a SLAC Unix account. DESC Operations will be reaching out to those with SLAC Unix accounts to provide specific instructions. Once you have prepared for the SLAC move to authenticate with federated identity, you will have two accounts with the same username - one Unix account and one Windows account. Details about managing a SLAC Windows SSO account are available.

You have only a SLAC Unix account

If you have been reminded that you have only a SLAC Unix account. First make sure you can access your SLAC Unix account. Please see these links if you do not recall your SLAC Unix account password or need to complete the annual SLAC CyberSecurity training. Once you have access to your SLAC Unix account, you can proceed with these instructions which will guide you through creating a new SLAC Windows Single Sign On (SSO) account which will have the same username as your SLAC Unix account. The passwords on the two accounts are independent.

• Create a SLAC Windows account by visiting this site: https://oraweb.slac.stanford.edu/apex/slac/f?p=136
  • Log in with your SLAC Unix credentials (if you have forgotten your password or it has expired, see these instructions)
  • You may already have a windows account (I make mistakes!), and if so, the web page will display this message:

If SLAC reports you already have a Windows account and you do not know the password, please call SLAC IT to reset your password Mon - Fri 7a - 6p Pacific +1 650 926 4357 or open a ticket by visiting this site..

Otherwise, click "Create SSO Account"

• After you click "Create SSO Account", you may see what appears to be an error message, but is not: "You already submitted a SSO(windows) account request". Ignore this and proceed to the next step.The message means that you just submitted your request and will not allow you to submit it again.

• If SLAC has a valid email on file for you, you will receive an email with a link to create your Windows password with subject: [ACTION] SLAC Account - Password Onboarding or Reset"

• If your email is handled by Microsoft 360, the links in the message may be mangled and unusable, if clicked you will receive Error: token is invalid. If this happens, we need to ask SLAC to send you this email again using another email address that you have that is not touched by Microsoft 360, such as a gmail address. Please reach out on Slack #desc-help or [email protected] and we will open a ticket for you to get this taken care of.

• Setting this password only impacts your SLAC Windows account NOT your SLAC Unix account, the passwords on those two accounts are completely separate and must be maintained separately.

• If you do not receive an email within ~30 minutes, it likely means SLAC does not have a valid email address on file for you. Remember, the email SLAC has on file is completely separate from the DESC Member database.

  • Call SLAC IT Mon - Fri 7a - 6p Pacific +1 650 926 4357 or open a ticket by visiting this site. and explain you are trying to set up your password for your SLAC Windows account and also ask to update your email in SLAC's system.

• Wait an hour for all the SLAC systems to be updated with your Windows credentials

• Test logging into a SLAC site that is not Confluence such as SLAC Intranet/SLAC Today using your SLAC credentials.

• The first time you log in via federated identity, you will likely be prompted to set up Duo two-factor authentication. Details about two-factor authentication at SLAC are available: https://it.slac.stanford.edu/support/KB0010216#mcetoc_1frvrbjf173

If you previously had an external SLAC Crowd account to access the DESC Confluence space, you still need to do a "rename" as part of the SLAC invitation process described here.

How to log into SLAC web applications using your SLAC Federated Identity

When you visit a SLAC web application such as the DESC space in SLAC Confluence and click "Log in", you will see a login screen:

click on "SLAC Login" and log in using your SLAC Windows SSO credentials.

If this is the first time you have logged in using your SLAC Windows credentials, you may be prompted to set up DUO for two-factor authentication. Details about Duo and two-factor authentication at SLAC are available on this web page

If you previously had an external SLAC Crowd account to access the DESC Confluence space, you still need to do a "rename" as part of the SLAC invitation process described here.

How to complete the annual SLAC CyberSecurity Training

• Visit: https://slactraining.csod.com/
  • Click on forgot password and provide your SLAC username. The system will send you an email with a temporary password - just for the training. This is not a password you will use anywhere else, including in Confluence. But you should also save this password, because you will need it next year to complete the Cybersecurity training in 2025 🙂
• SLAC will send that email with the temp password to the email address they have on file for you. This is NOT necessarily the same email that DESC has in its member database. That is a completely separate system. If you find you do not receive an email with a temp password within 30 minutes, you should call SLAC IT Help +1 650 926 4357 (Monday-Friday, 7a-6p Pacific) and get your email updated in their system so you can complete the CyberSecurity Training. If you have trouble with this reach out on Slack #desc-help or [email protected]
• Once you have the training password, go back to: https://slactraining.csod.com/
  • enter your SLAC System ID as the username and provide the temporary password.
  • Complete CS100.

Once that is done, SLAC's training documentation states: Your training completion should automatically post to your SLAC training record within 2 hours. If it does not, email a copy of your certificate to [email protected] to receive course credit.

When SLAC accepts your course credit, they should re-enable your account. You will likely need to reset your password.

Reset your SLAC Unix account Password

The easiest way to do this, if you know your current/old password:

try to reset the password using this web form: https://unix-password.slac.stanford.edu/chpw/kpasswd1.pl

If that fails, the fastest way is to call SLAC IT as described in the web form. If that is not possible, send email to [email protected] or post on #desc-help on Slack to request a ticket be opened for you.