From the KnowledgeBase

Title:
PUaccess: Answers to Frequently Asked Questions (FAQ)
Synopsis:
PUaccess: Answers to Frequently Asked Questions (FAQ)


Solution:

For greater security, Princeton has adopted "bank-like" methods of logging into core University enterprise applications. PUaccess requires all Princeton faculty, staff and students to set an enhanced security profile (ESP). Setting your ESP will require you to set a new password, select a personal image/phrase, and select and answer three security questions.


New!
New! PUaccess has been upgraded as of June 9, 2014. On July 1, 2014 it will be further enhanced to include a "Single Sign On/Single Sign Off" security feature that will allow you to authenticate to more than one core University enterprise system applications without having to enter your credentials repeatedly; the enhancement will also allow you to sign out of all University enterprise applications with just one click.


  1. How do I activate PUaccess or setup my enhanced security profile (ESP)?
  2. What applications on campus are protected by PUaccess?
  3. What is Single Single On?
  4. What is Single Sign Off OR how do I exit PUaccess protected applications?
  5. Will I see any other changes after PUaccess is upgraded?
  6. Does PUaccess have an inactivity timeout?
  7. Can individual applications have their own timeouts?
  8. What are some tips and tricks for using PUaccess enabled applications?
  9. What are the rules for password creation?
  10. How can I choose a password that is both safe and easy to remember?
  11. I know I have to set three security questions, but am I going to have to answer all of them every time?
  12. How do I set my computer as a "trusted" device?
  13. Why have I been locked out of my account?
  14. What if I have forgotten my password after setting my ESP?
  15. How do I change my ESP password/image and phrase/security questions if I want to?
  16. I've forgotten the answers to my security questions. Can I reset those questions and answers?


What applications on campus are protected by PUaccess?

  • PeopleSoft HR and Student Administrative System
  • HR Self Service
  • SCORE
  • PeopleSoft Financial System
  • Information Warehouse
  • Prime Portal
  • Labor Accounting
  • Concur Travel & Expense
  • Marketplace - SciQuest
  • eShipGlobal



What is Single Sign On?

Single Sign-on is a new feature of PUaccess that will allow you to work in more than one core University Enterprise application concurrently without having to enter your login credentials repeatedly. Click here for a list of applications that are PUaccess enabled. Once you log into one of these applications, you can access any of the other applications on the list within the same browser session without having to log in again.  For a demonstration, watch this short Single Sign On (logging in) video.


What is Single Sign Off OR how do I exit PUaccess protected applications?

Single Sign-off allows you to sign out of all PUaccess enabled applications you may have open with just one click. When you log out of any application, you will see the log out confirmation page below:

single sign off button


If you click the LOG OFF button you will be logged out of PUaccess and all PUaccess enabled applications you may have open within that browser. It is good security practice to then quit or exit your browser completely. From the File menu, select Exit or click the red X in the top right corner of your window. For Mac users, Safari in OS X does not have a red X, so make sure to select Quit Safari from the Apple menu.


Red X in IE  in Internet Explorer, or  Red X in Chrome in Chrome.


If you click the Close this application button, you will close the application you intended to log out of but all other PUaccess enabled applications you may have open within that browser will remain active.

For a demonstration, watch this Single Sign Off (logging out) video.

Note: If you are at the Log Off confirmation page and take no action, you will be logged out of PUaccess after 5 minutes.





Will I see any other changes after PUaccess is upgraded?

The user experience while logging in to PUaccess will remain mostly unchanged. There are two changes:
  • When you answer the challenge question, the answer will now be masked.
  • If you had previously marked your device(s) as ‘trusted’ in order to avoid having to answer a challenge question, that trust indicator will be lost as a result of the upgrade. So, when you log in to PUaccess for the first time after the upgrade you will need to answer a challenge question. You may choose to re-tag your device(s) as trusted by checking the checkbox on the challenge question page.




Does PUaccess have an Inactivity Timeout?

Yes, PUaccess has a 1 hour inactivity timeout. So, if you are inactive in ALL PUaccess enabled applications that you are logged into within a browser, you will be logged out of PUaccess and will be required to log in again as a security measure.





Can individual applications have their own timeouts?

Yes, individual applications may choose to have their own inactivity timeout. Even though you may be active in PUaccess, if you are inactive in a particular application, that application may timeout. Here are the inactivity timeouts within individual applications:

SCORE (for students) – 15 minutes

HR Self Service – 15 minutes

PeopleSoft HR and Student Administrative System – 1 hour

PeopleSoft Financials – 1 hour

Information Warehouse – 1 hour

Concur Travel & Expense – 2 hours

Marketplace – SciQuest – 1 hour

Labor Accounting – 1 hour  


Note: If an application times out but PUaccess is active you can get right back into that application without having to log in.





What are some tips and tricks for using PUaccess enabled applications?
  • Browser notes

Single sign-on and single sign-off only work within a single browser session. If you access PUaccess enabled applications through multiple browsers, single sign-on and single sign-off will not work across those multiple browsers.  Always log out of PUaccess and close your browser at the end of your work session or day.

If you intend to close only a specific application then use the application’s log off button/link. If you just close the browser tab and try to access the application again later you may experience some unexpected behavior such as getting an ‘Invalid User/password’ message in PeopleSoft due to the persistence of stale application cookies.  If you encounter such behavior close your browser, delete your cache and try again.

  • Trusted Devices

The ‘trusted device’ designation is maintained through a local cookie within a browser on your device. If you manually delete your browser history or cache or have your browser set to delete cache every time you shut down the browser, you will need to answer a challenge question the next time you attempt to log in to PUaccess from that browser unless you check the ‘trusted device’ box again. Remember that the trusted device designation is specific to a given device/browser combination.

  • VPN

If VPN is required to access any PUaccess enabled application from off-campus then you will not be able to log in to that application through PUaccess unless you VPN in.

  • Why do Concur and SciQuest behave slightly differently?

Due to the limitations of these two applications, if you are concurrently logged into either of these applications and another PUaccess application and then log out of PUaccess via that other application, Concur and/or SciQuest will remain active. So, be sure to close your browser. If you log out of Concur or SciQuest then they are no longer active, as desired.  If you get unexpected behavior after timing out or logging out of Concur or SciQuest, close the browser.




I know I have to set three security questions, but am I going to have to answer all of them every time?

No, You can set your own computer as a "trusted" computer. If you use an "untrusted" computer, for example, a public computer, you will be asked to answer one security question.



How do I set my computer or device as a "trusted" device?


If you have entered your password correctly when you are logging in to a secure site, PUaccess determines whether or not your session requires any additional information. If so, you will be shown a security question to provide additional authentication. After answering the question correctly, you may check the box to remember this device as a trusted device. You should only check this box if you are connecting from your own computer or device, and never from any public device such as a cluster computer or a kiosk.

trusted computer check box


Why have I been locked out of my account?

If you enter your password incorrectly or answer the security question incorrectly five times in a row, your account will be locked. If your password gets locked it will be unlocked 5 minutes later and you can try again. If you cannot remember your password, follow these step-by-step instructions to reset your password by answering your security questions. If your security questions are locked, then contact the OIT Help Desk at 258-HELP (4357) to reset your account.



What if I have forgotten my password after setting my ESP?


Follow these step-by-step instructions to reset your password by answering your security questions.



How do I change my ESP password/image and phrase/security questions if I want to?

To alter your ESP settings after your initial setup, go to the PUaccess Account Management page.



I've forgotten the answers to my security questions. Can I reset those questions and answers?

You will be allowed five tries to answer each of your security questions correctly. After five unsuccessful attempts to answer the security questions, your account will be locked. Locked accounts must be reset by the OIT Help Desk.

security questions




Related Links:




Last Updated:
August 4, 2014

Solution ID:
9960