From the KnowledgeBase
PUaccess: Answers to Frequently Asked Questions (FAQ)
For greater security, Princeton has adopted "bank-like" methods of logging into core University enterprise applications. PUaccess requires all Princeton faculty, staff and students to set an enhanced security profile (ESP). Setting your ESP will require you to set a new password, select a personal image/phrase, and select and answer three security questions.
PUaccess includes a "Single Sign On/Single Sign Off" security feature that will allow you to authenticate to more than one core University enterprise system applications without having to enter your credentials repeatedly; the enhancement will also allow you to sign out of all University enterprise applications with just one click.
- How do I activate PUaccess or setup my enhanced security profile (ESP)?
- What applications on campus are protected by PUaccess?
- What is Single Single On?
- What is Single Sign Off OR how do I exit PUaccess protected applications?
- Will I see any other changes after PUaccess is upgraded?
- Does PUaccess have an inactivity timeout?
- Can individual applications have their own timeouts?
- What are some tips and tricks for using PUaccess enabled applications?
- What are the rules for password creation?
- How can I choose a password that is both safe and easy to remember?
- I know I have to set three security questions, but am I going to have to answer all of them every time?
- How do I set my computer as a "trusted" device?
- Why have I been locked out of my account?
- What if I have forgotten my password after setting my ESP?
- How do I change my ESP password/image and phrase/security questions if I want to?
- I've forgotten the answers to my security questions. Can I reset those questions and answers?
What applications on campus are protected by PUaccess?
- PeopleSoft HR and Student Administrative System
- HR Self Service
- PeopleSoft Prime Financials
- Information Warehouse
- Prime Portal Applications
- Labor Accounting
- Concur Travel & Expense
- Marketplace - SciQuest
What is Single Sign On?
Single Sign-on is a new feature of PUaccess that
will allow you to work
in more than one core University Enterprise application concurrently
without having to enter your login credentials
here for a list of applications that are PUaccess enabled. Once you log
into one of these applications, you can access any of the other
applications on the list within the same browser session without having
to log in again. For a demonstration, watch this short Single
Sign On (logging in) video.
What is Single Sign Off OR how do I exit PUaccess protected applications?
Single Sign-off allows you to sign out of all PUaccess enabled applications you may have open with just one click. When you log out of any application, you will see the log out confirmation page below:
If you click the LOG OFF button you will be logged out of PUaccess and all PUaccess enabled applications you may have open within that browser. It is good security practice to then quit or exit your browser completely. From the File menu, select Exit or click the red X in the top right corner of your window. For Mac users, Safari in OS X does not have a red X, so make sure to select Quit Safari from the Apple menu.
If you click the Close this application button, you will close the application you intended to log out of but all other PUaccess enabled applications you may have open within that browser will remain active.
For a demonstration, watch this Single Sign Off (logging out) video.
Note: If you are at the Log Off confirmation page and take no action, you will be logged out of PUaccess after 5 minutes.
Will I see any other changes after PUaccess is upgraded?
The user experience while logging in to PUaccess will remain mostly unchanged. There are two changes:
- When you answer the challenge question, the answer will now be masked.
- If you had previously marked your device(s) as ‘trusted’ in
order to avoid having to answer a challenge question, that trust
indicator will be lost as a result of the upgrade. So, when you log in
to PUaccess for the first time after the upgrade you will need to
answer a challenge question. You may choose to re-tag your device(s) as
trusted by checking the checkbox on the challenge question page.
Does PUaccess have an Inactivity Timeout?
Yes, PUaccess has a 1 hour inactivity timeout. So, if you are inactive in ALL PUaccess enabled applications that you are logged into within a browser, you will be logged out of PUaccess and will be required to log in again as a security measure.
Can individual applications have their own timeouts?
Yes, individual applications may choose to have their own inactivity timeout. Even though you may be active in PUaccess, if you are inactive in a particular application, that application may timeout. Here are the inactivity timeouts within individual applications:
TigerHub (for students) – 15 minutes
HR Self Service – 15 minutes
PeopleSoft HR and Student Administrative System – 1 hour
PeopleSoft Financials – 1 hour
Information Warehouse – 1 hour
Concur Travel & Expense – 2 hours
Marketplace – SciQuest – 1 hourLabor Accounting – 1 hour
Note: If an application times out but PUaccess is active you can get right back into that application without having to log in.
What are some tips and tricks for using PUaccess enabled applications?
- Browser notes
Single sign-on and single sign-off only work
within a single browser session. If you access PUaccess enabled
applications through multiple browsers, single sign-on and single
sign-off will not work across those multiple browsers. Always log
out of PUaccess and close your browser at the end of your work session
If you intend to close only a specific application then use the application’s log off button/link. If you just close the browser tab and try to access the application again later you may experience some unexpected behavior such as getting an ‘Invalid User/password’ message in PeopleSoft due to the persistence of stale application cookies. If you encounter such behavior close your browser, delete your cache and try again.
- Trusted Devices
The ‘trusted device’
designation is maintained through a local cookie within a browser on
your device. If you manually delete your browser history or cache or
have your browser set to delete cache every time you shut down the
browser, you will need to answer a challenge question the next time you
attempt to log in to PUaccess from that browser unless you check the
‘trusted device’ box again. Remember that the trusted device
designation is specific to a given device/browser combination.
If VPN is required to access any PUaccess enabled application from off-campus then you will not be able to log in to that application through PUaccess unless you VPN in.
- Why do Concur and SciQuest behave slightly differently?
Due to the
limitations of these two applications, if you are concurrently logged
into either of these applications and another PUaccess application and
then log out of PUaccess via that other application, Concur and/or
SciQuest will remain active. So, be sure to close your browser. If you
log out of Concur or SciQuest then they are no longer active, as
desired. If you get unexpected behavior after timing out or logging
out of Concur or SciQuest, close the browser.
No, You can set your own computer as a "trusted" computer. If you use an "untrusted" computer, for example, a public computer, you will be asked to answer one security question.
How do I set my computer or device as a "trusted" device?
If you have entered your password correctly when you are logging in to a secure site, PUaccess determines whether or not your session requires any additional information. If so, you will be shown a security question to provide additional authentication. After answering the question correctly, you may check the box to remember this device as a trusted device. You should only check this box if you are connecting from your own computer or device, and never from any public device such as a cluster computer or a kiosk.
If you enter your password incorrectly or answer the security question incorrectly five times in a row, your account will be blocked/locked. If your password gets blocked it will be unblocked 5 minutes later and you can try again. If you cannot remember your password, follow these step-by-step instructions to reset your password by answering your security questions. If your security questions are locked, then contact the OIT Help Desk at 258-HELP (4357) to reset your account.
What if I have forgotten my password after setting my ESP?
Follow these step-by-step instructions to reset your password by answering your security questions.
To alter your ESP settings after your initial setup, go to the PUaccess Account Management page.
You will be allowed five tries to answer each of your security questions correctly. After five unsuccessful attempts to answer the security questions, your account will be locked. Locked accounts must be reset by the OIT Help Desk.