What is an Integrated User?
This article discusses the following topics:
- How are Integrated User Profiles created?
- Integrated User processes / Non-integrated User Processes
- Administrative Tools
Terra Dotta software is designed to integrate with outside authentication and information services so that users of those external systems can login to the Terra Dotta site with their pre-existing credentials and have their relevant data imported into the site's database. These integrations are called Secure Campus Login (SCL) and Student Information System / Human Resource (SIS/HR) integrations.
If your site has been integrated with your institution's SCL-SIS/HR services, your site will have what the software considers to be 'integrated users'. There is a flag for all users in Terra Dotta software indicating if they are an 'integrated' or 'non-integrated' user. The 'integrated' users have a UUUID username that serves as the key to your authentication and information services. 'Non-integrated' users have an email address for their username and login to your site using credentials that were provided to them from your Terra Dotta site.
In order for an integrated user to login to your site, they must authenticate through your SCL.
In addition, if your site has applicant parameters that are mapped to your SIS datasource, integrated users will have the values for those parameters imported through your SIS/HR integration. Neither the integrated users nor the administrators with access to the profiles of those integrated users will not be able to enter/edit the values for SIS mapped parameters. The values can only be pulled in from the SIS datasource for integrated users, while non-integrated users will be able to enter this information manually upon logging in.
Finally, if your site uses identity verification for your online signature documents, integrated users will be considered to have had their identity verified through your SCL. Unlike the non-integrated users that will need to have a signature verification form marked as received by a site administrator in order to sign documents online.
How are Integrated User Profiles created?
When a user record is created on a Terra Dotta software site, the flag indicating if the user is an integrated user or a non-integrated user gets assigned to them based on how they respond to questions presented by the User Identification Wizard.The user is created as an 'integrated' user when either:
1.) The new user has successfully authenticated through your SCL, authorized the creation of a profile from the SIS data source, and the necessary core data fields have been found through the SIS/HR lookup using the provided UUUID and password.
OR
2.) The new user is being created by an administrator, or as a recommender, from the results of a keyword search of the SIS/HR data source.
A non-integrated user is created when either:
1.) The new user has manually entered (minimally) her/his name and email address and a temporary password has been generated and sent to the provided email address.
OR
2.) The new user is being created by an administrator, or as a recommender, by manual entry of the first / last name and an email address to which a temporary password has been sent.
There are some processes/features that are specific to integrated users on your site. They are the following:
1.) When creating a profile on your site, your integrated users will be asked for permission to access and pull in the necessary core data fields and SIS-mapped parameter and address types. Their profile will not be created and they will be logged-out if they do not allow this.
2.) Your integrated users will immediately be allowed to sign online signature documents if they are over 18 years of age, and the identity verification setting is enabled. The software considers the SCL authentication to be a proof of identity for that user's session.
3.) Your integrated users cannot create/reset/change their password through the Terra Dotta site. All password management is handled through your integrated SCL.
4.) If your integrated users have an active application, they will be included in the SIS refresh task that runs each night to update core data fields, applicant parameters, and address types if they have been configured to be kept up to date.
There are some processes/features that are specific to non-integrated users on your site. They are the following:
1.) Non-integrated users will be asked to provide answers to three security questions that will be used should they need to change their password.
2.) Non-integrated users can use the 'Forgot your password' link on the login page to trigger an email to their account's email address. This will provide them a link back to your site where they will be asked to submit at least two of the three security question answers that they have provided. If they can successfully do this, they will be allowed to create a new password for their account.
3.) Non-integrated users will be asked to print, complete, and submit a Signature Verification Form to your office which, when marked as received by an administrator on the 'materials' tab of an application, will be considered their proof of identity when logged-in on that account.
An administrator can change a user's flag that determines whether or not they are an integrated user or a non-integrated user in two ways, as outlined below. Note that these processes only change the integrated/non-integrated flag. They do not change a user from external to internal or vice versa. That is a separate process, as described in this article: Configuration and Use of Internal and External applicant types.
1.) Maintenance > Edit User
When editing a user record with this tool, you can switch a user's integrated flag from 'Yes' to 'No' or from 'No' to 'Yes'.
When changing a user from 'Yes' to 'No', they will become a non-integrated user and their username will be changed to their email address. It will also generate a temporary password that will be emailed to this user.
1.) Maintenance > Edit User
When editing a user record with this tool, you can switch a user's integrated flag from 'Yes' to 'No' or from 'No' to 'Yes'.
When changing a user from 'Yes' to 'No', they will become a non-integrated user and their username will be changed to their email address. It will also generate a temporary password that will be emailed to this user.
When changing a user from 'No' to 'Yes', they will become an integrated user, and you need to change their username to the UUUID that the user has in your SIS/HR data source. You can find what this UUUID should be by going to Maintenance -> SIS/HR Tests and viewing the user's data through a keyword search.
When viewing a user record with this tool, if neither the 'Yes' nor the 'No' radio button is selected, the user has a NULL for that flag and is considered a non-integrated user on your site.
2.) Maintenance > Convert User
This tool can be used to switch a user from non-integrated to integrated by running a keyword search. After identifying the non-integrated user record on your site, you will then select the proper identity from the 'SCL User Results (SIS)' section of the search. This will change the user from non-integrated to integrated.
2.) Maintenance > Convert User
This tool can be used to switch a user from non-integrated to integrated by running a keyword search. After identifying the non-integrated user record on your site, you will then select the proper identity from the 'SCL User Results (SIS)' section of the search. This will change the user from non-integrated to integrated.
There is also a 'Batch User Convert' tool on this page that can be used to switch many users from non-integrated to integrated via file upload. To do so, you will provide a .csv file or a tab/comma delimted .txt file. Each record in this file should first contain the non-integrated user's email address and then the UUUID/username in your SIS datasource to which this user will be connected. Each record should be separated by a line feed. The file needs to have only the email addresses and UUUIDs for the users you wish to switch to integrated, it is not necessary to have a column header row in this file.
Example content of a batch upload .txt file:
achen@terradotta.com,achen
erivers@terradotta.com,erivers
rparker@terradotta.com,rparker
It is sometimes necessary to create users who are institutional constituents as 'non-integrated' users, with email-based login credentials, and then later convert them to SCL-authenticated (Secure Campus Login) users. Examples of this need include:
- Administrative users who were set up during initial implementation.
- Systems that lack an HR-lookup resource but still wish to authenticate existing staff users via SCL.
- Non-integrated applicants who are later added to the SIS
Once SCL integration (and/or HR directory integration) is complete, it is then possible to convert those users so that they can use their SCL login credentials.
How to convert a non-SCL user to SCL
In Maintenance > Edit User, look up the user in question and change the User Name from the email address to the UUUID of the individual, and change the 'Integrated User' designation to 'Yes'. The UUUID is the key identifier linking together all the elements of your campus data systems integration.
Note: The UUUID is may not be the same as the username that users type when they log in. Very often a different, more permanent ID is the one used within the software for identification purposes. The SCL interface programming in the Terra Dotta system translates the login username to the UUUID as needed during the authentication process.
If you have SIS and HR integrations in place, then you should be able to find the UUUID of individual users by lookup in the Maintenance > SIS/HR Tests interfaces*, using KeywordSearch and KeywordSearchHR to find user records. Click View to see the full data profile. The username is listed in both profiles as sis_user_name.
* In some deferred-fetch configurations, records may not be available for lookup in the SIS interface before user creation. UUUID lookup would have to be done by other means.