ctcLink Security FAQs

Purpose:  This QRG answers the frequently asked questions about ctcLink PeopleSoft security

Audience:  College Local Security Administrators

The Front Door - OKTA

Q. What does Account Activation error code 400 mean?

A. If the answer to a person's security question contains any part of the user's name, the person will get the error code 400 "Question Factor".

Q. A student needs to register classes for Winter quarter this week. I have reset her user account multiple times, clear the browser, and she was able to reactivate her account. But when she logged in again, it failed again, it took her to "ORACLE" page.  Why?

A. It doesn’t happen often but there are times accounts get locked and need to be unlocked.

Q. Is there a list of what the criteria are for the security question answer?

A. Yes:

  • Minimum number of characters? 
    • 6 if you use activate your account. If the user changes it in the okta portal, then 4. There will be an error message that would tell the user if too short.
  • Maximum number of characters? 
    • no maximum
  • Any non-allowable characters? 
    • None that we have found so far. It used to be a / but we fixed that issue.
  • I know the answer cannot contain part of the security question. 
    • This is the majority of the issues.


Q.  Is there a list of Activate Your Account (AYA) codes and descriptions?

A.  Yes:

1. Unable to find user (21000, 14)

2. User already exists in Okta (21000, 15)

3. Password cannot contain first or last name (21000, 49)

4. Answer must be at least 6 characters (21000, 47)

5. Invalid phone number (21000, 45)

6. Invalid email address (21000, 46)

7. Password mismatch (21000, 13)

8. Account creation failures (21000, 22)

- Email address issues (Email Factor)

- Question issues (Question Factor)

- Text message issues (SMS Factor)

- Phone issues (Voice Factor)

- MFA issues (MFA)

- Group Issues (Group)

9. HttpStatusCode Returned ###

- These are generic errors when Okta returns an error back that we need to look at the logs for more details.


Q. Are foreign phone numbers allowed when doing an account recovery or going through first-time users?

A. Only US and Canadian numbers are allowed, and phone numbers should not be entered in the Account Recovery section if they are from any other country.

Which College? - Institution Tiles

Q. What controls which institution tiles I see?

A. The institution tiles are controlled through the CTC_XXX_DISTR roles in HCM for employees, or the CTC_XXX_CC roles in Campus Solutions for students. The XXX is an abbreviated version of the college name.

Institution tiles
Which Pillar? - Gateway/Portal

Q. Which role(s) generate the HCM Self-Service and Financials Self-Service links in the Gateway/Portal?

A. ZZ_EMPLOYEE is a shell role assigned in HCM that syncs to Portal for active employees and ZZ Former Employee is dynamically assigned to  inactive employees.  Both roles provide access to these two links in Gateway/Portal:

HCM and Financials Self-Service links

Q. Which role(s) generate the Canvas link in the Gateway/Portal?

A. ZZ SS Advisor, ZZ SS Faculty, or ZZ SS Student.  The user needs institution access in SACR security also.  See CS 9.2 SACR Security: Basic Requirements for Staff

Canvas link

Q. Which role(s) generate the CS Staff Homepage link in the Gateway/Portal?

A. ZZ_CS_STAFF role is assigned in Campus Solutions and syncs to Portal.

CS Staff Homepage image

Q. Which role(s) generate the Student Homepage link in the Gateway/Portal?

A. The ZZ SS Student role is dynamically assigned to students in Campus Solutions and it syncs to Portal.

Student Homepage link

Q. Which role(s) generate the Reset User Account link in the Gateway/Portal?

A. The CTC_SEC_ANSWER_RESET role is assigned by SBCTC in the Gateway/Portal to a user.

Reset User Account link

Q. Which role(s) generate the Student Services Center link in the Gateway/Portal?

A. Access to the Student Services Center in the Gateway Portal, is controlled by the following roles: 

ZC CC Personal Info Student, ZD CC Personal Info Student, ZZ CC Pers Info NID Update, ZZ CC Personal Info Student, ZZ SS Advisor, ZZ SS Faculty

 For other type users that need access to the Student Services Center, they will need to navigate to Campus Solutions First, then go to the Student Services Center from 

Student Services Center link

Q. Which role(s) generate the Faculty Center link in the Gateway/Portal?

A. ZZ SS Faculty

Faculty Center link

Q. Which role(s) generate the Advisor Homepage link in the Gateway/Portal?

A. ZZ SS Advisor

Advisor Homepage link

Q. Which role(s) generate the HCM, FSCM and CS links at the top of the Gateway/Portal page for access to the pillar areas?


top of Gateway Portal page
HCM Pillar

Q. I have a new user that was hired this morning and the user profile is created, but they don’t have access to any data.

A. In HCM, Security Join processes have to run to apply security to users. This runs every three hours in Production.


FSCM Pillar

Q. After a Security Administrator assigns budget security to a user in Financials that user still doesn't have budget security access in the system. Why?

A. The Security Administrator forgot to run the Request Build process.

Q. I provided my user with access to the Match Workbench. However, the user
still cannot unmatch vouchers.

A. It is a process group issue under user preferences. Ensure that they have the
Matching Process groups.

Q. What does the error message “No origin was found on your operator profile”

A. This error message is typically found when trying to enter a voucher. Go to the User Preferences for the user and go to Payables. Click and enter ONL in the origin field.

Q. When my ePro approver tires to approve the transaction in their worklist, they
receive an error message saying that they are not authorized. However, I gave
them the approver role.

A. The issue is with User Preferences; they need the Approve User Preference under Requisition authorizations.

Q. How do I assign Security Administrator duties to another employee?

A. Enter a ticket to SBCTC to have them provide the local security administration roles.

Q. I can't add Commitment Control Security rules to a user, although I have tried
searching for their User ID and adding their User ID.

A. The issue is that the User ID is not setup as employee. IT must contain an employee ID to receive commitment control security.

Q. A user cannot pull up items from their worklist.

A. The user has "Use standard layout mode" enabled under personalization options. The default is "Accessibility features off." Have the user return it to "Accessibility features off."

CS Pillar

Q. I have been working with an employee who was employed at two other colleges in the system. They are now working for College A. The user is unable to choose College A as an option for setting the Campus Preferences. The only options in the dropdown are Colleges B, C and D. They state that they have never worked for College D.  Why can't they choose College A, and why can they choose college D?

A. It looks like Campus Preferences would give that drop down choice if the user has an academic history with that school. Long story short, your user doesn't have academic history at College A; therefore, that choice isn't available. Your user has an academic history with the other three colleges and they are represented in the drop menu. Campus Preferences via My Preferences is used for the user's own information. This is associated with personal student information and not employee data access. If your user needed to access campus specific information about students in the capacity of an employee you would configure SACR values for the employee.

Q. What exactly is the Calculated Value in Set Up SACR > Security > Secure Student Financials > User ID > Student Institution Set and how does this affect student’s ability to view their Financials tab? Some students show our college code underneath it but some students show other college codes. It is a value that I cannot change locally.

A. The Calculated Value is coming from the person’s User Defaults (User Defaults 2 tab under Institution Set). That is not one that impacts their Student Financials Access, the setting for the Student Financials Account is under Set Up SACR>Security>Secure Student Financials>User ID>Student Institution Set

Q. How do we reset CS Shared Account passwords?

A. For our shared accounts in CS that are non-employee accounts, activated in OKTA, if they need a password reset, they can do it themselves as the shared user.  You can log in with that user, then click "Password Help" on gateway.ctclink.us or myaccount.ctclink.us.

Q. Why would a student exist in Campus Community, but not have a Distributed User Profile?

A. The student must have an active application, i.e., have been matriculated, for the Distributed User Profile to be created by the system.

Other Topics

Q. When I login to myaccount.ctclink.us/ I do not see the two legacy applications and I am supposed to have access?

A. Your local security administrator would need to add the ZZ LegacyLink and the ZZ Legacy Transcript roles to your user profile in HCM.


Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.