ctcLink Institution Level Service Accounts

Purpose:  The utilization of service accounts is imperative for colleges to schedule automated tasks and to facilitate group email notifications efficiently. Utilizing individual employee ID accounts for these purposes may lead to operational risks, such as the inability to manage scheduled jobs during an employee's absence and restricted job-related notifications to a single user. To mitigate these risks and ensure comprehensive notification coverage, a service account can be assigned a group email address, allowing multiple individuals to receive alerts regarding job executions. Moreover, clearly defining responsibilities and audit controls for these accounts is essential from an audit compliance standpoint.

Audience: Local Security Administrators (LSAs)

ctcLink Institution Level Service Accounts

SBCTC Responsibilities

The central security administration team at SBCTC will undertake the following duties:

  • Creation of local service accounts.
  • Maintenance of a standard naming convention for accounts, e.g., JOBS_WAXXX, JOBS_WAXXX_2.
  • Updating role assignments associated with service accounts.
  • Auditing role assignments to ensure they are current and appropriate.
  • Performing biannual recertification of service account roles and access.
College Responsibilities/Limitations

Each institution is advised to limit the number of service accounts to two. The designated local Security Administrator will be responsible for the following:

Overseeing the operational control of the account post-establishment, including password management and auditing account usage.  It is critical that the Local Security Administrator be the account owner (one LSA), and control the usage of the account.  In the case where the primary owner is out and someone has to intervene on the job account to fix errors, the password should be reset when the primary owner returns.  It is Best Practice to change the password on these accounts every 90 days as they are considered privileged type accounts.  

  • Submitting requests for service accounts through the SBCTC Service Desk (https://servicedesk.sbctc.edu) with the necessary details outlined below.
  • Complying with biannual recertification requests initiated by SBCTC.
  • Refraining from altering role access for these service accounts without proper authorization.
Request Process

Local security administrators must provide the following information when submitting service account creation requests (https://servicedesk.sbctc.edu):

  • Detailed description of the intended use for the service account.
  • Required access levels and roles (specify Roles/SACR).
  • Run Control setup details.
  • Schedule details for recurring tasks.
  • Name and contact information of the Security Administrator accountable for the service account.
  • The procedure for monitoring service account usage, including password management protocols.
  • Preferred email address to be associated with the account for notification purposes.

Please ensure all requests and communications adhere to these guidelines to maintain system integrity and operational continuity.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.