Delegated Account Management - Frequently Asked Questions

OVERVIEW

This article contains frequently asked questions about Delegated Account Management.

 

General FAQ

WHAT IS A SHARED SPONSORED ACCOUNT?

A shared sponsored account is a sponsored account that is used by one or more individuals, and it is possible that the password or access to the account is shared with or transferred to other individuals (e.g., departmental roles, clubs/associations, and test accounts). 

To enhance security and minimize the risk of unauthorized access for shared sponsored accounts, IT Services has introduced the Delegated Access Management app and delegate login. These allows multiple users to log into same account using their own SFU credentials on CAS-protected web applications.

WHAT ARE THE TYPES OF ROLES ON DAM?

There are 3 types of roles on DAM:

  1. Sponsor: Person or role who is responsible for the account life cycle (request, activation, renewal, deactivation, etc. and associated payment). The primary holder of the account's password.
  2. Manager: Person or role who is responsible for managing delegated access to the account (i.e., on/offboarding), and may need to access the account for day-to-day work. Each sponsored account can have more than one manager.
  3. Delegate: Person or role who needs to access the account for day-to-day work. Each sponsored account can have more than one delegate.
WHAT IS DELEGATED ACCESS OR DELEGATE LOGIN?

By having delegated access to a sponsored account, you can now access that account (e.g., SFU Mail via web browser) using your own SFU account credentials. This type of login is referred to as delegate login – i.e., logging into a different account using your own credentials.

Note: Delegate login is currently only available to web-based CAS protected services (e.g., SFU Mail via web browser). 

I AM A MANAGER FOR A SPONSORED ACCOUNT, WHAT DOES THAT MEAN?

manager is responsible for managing delegated access to the account (i.e., on/offboarding), and may need to access the account for day-to-day work. Each sponsored account can have more than one manager.

If you are assigned as a manager for a sponsored account, you may add/remove delegates or other managers for that account on the Delegate Account Management (DAM) app at https://dam.sfu.ca.

I'VE ADDED DELEGATES TO MY SPONSORED ACCOUNT, HOW DOES DELEGATE LOGIN WORK FOR MY DELEGATES?
Once you have given delegated access to another individual, they will receive a welcome email with login instructions. You can also direct them to the how-to page on delegate login for sponsored account for more details.
I AM A DELEGATE FOR ONE OR MORE SPONSORED ACCOUNT(S), IS THERE A LIST THAT SHOWS ALL THE ACCOUNTS I HAVE DELEGATE ACCESS TO?

To view a list of delegated sponsored accounts you have access to, follow these steps:

  1. Open any web-based CAS protected services (e.g., SFU Mail via web browser)
  2. Log in using your own SFU account credentials with the format below:
Username: :yourcomputingID

Ensure you have a colon in front and replace yourcomputingID with your SFU Computing ID (e.g., :kipling).
Password: The password for your SFU computing ID
MFA: The MFA code associated with your account

 

Troubleshooting and Technical FAQ

WHY AM I NOT SEEING MY SPONSORED ACCOUNT ON DAM?

You must be the sponsor of the sponsored account for your sponsored account to appear on DAM. If you are the current sponsor, and your account is not showing on DAM, the sponsored account information may be out of date. Contact the IT Service Desk or visit SFU SAM to update your sponsored account information.

Alternatively, the sponsor can add you as a manager of the sponsored account which will allow you to see the sponsored account on DAM for you to manage delegate access.

I SEE PERSONAL SPONSORED ACCOUNTS ON DAM, SHOULD I ENABLE DELEGATE ACCESS ON THOSE ACCOUNTS?
In most cases, you don't need to enable delegate access on those accounts. Enabling delegate access provides additional login methods to the sponsored account which is typically useful for sharing sponsored accounts.
I AM NOT THE PRIMARY USER OF THE SPONSORED ACCOUNT, JUST A SPONSOR. DO I NEED TO ENABLE DELEGATE LOGIN?

We recommend talking to the primary user of the sponsored account. For cases where the sponsored account needs to be shared to others or transferred to other users at a relatively fast rate, you may need to enable delegate access and provide manager role on DAM to the primary user for them to manage account access.

In other cases where the sponsored account does not need to be shared or transferred, enabling delegate access may be unnecessary.

DOES ENABLING DELEGATE ACCESS RESTRICT NORMAL LOGIN METHODS?
 
No, enabling delegate access means enabling an additional login method to the sponsored account on web-based CAS protected services. All existing logins and the normal method of logging into the sponsored account remain the same.
WHAT SERVICES DOES DELEGATE LOGIN SUPPORT?
Delegate login is only supported on web-based CAS-protected services that allow sponsored accounts to login. Services that don't allow sponsored accounts, such as FINS and myINFO, cannot use delegate login.
I HAVE QUESTIONS OR FEEDBACK REGARDING DAM, WHO DO I CONTACT?
If you have need help or have any question or feedback regarding DAM, please contact the IT Service Desk.

 

Print Article