Resources

Comparisons

Choosing the most appropriate network is the best way to maximize the performance of your computer and mobile devices.

Good Practices

Challenge Backups are essential. Your hard drive could fail, you could lose your device, it could be stolen, or you could get a malware infection that takes your files hostage.
As a rule, do not share downloaded materials with others via peer-to-peer software like BitTorrent or other torrent applications.
Challenge Older or unpatched software increases exposure to vulnerabilities in the operating system, application software, and apps that can allow attackers to control your system or steal your private data.
Email scams (known as phishing) are a common method to trick you into visiting a fraudulent website, opening an infected document, or logging in to "validate your email account."
Challenge Identity theft can happen to anyone at any time. It can be hard to immediately tell if you are affected, or to know who to notify.
To keep your device current, enable automatic updates and install updates when notified.
Downloading or sharing software, entertainment, or images may violate United States copyright law. Many torrent applications default to continue sharing your downloads with other users.
Challenge You shop online, update student information, or a medical record, and need to enter private data (i.e., credit card number, birth date).

How-Tos

This article is designed to assist in getting Box Drive installed on Health Sciences Technology (HST) supported devices.
When inviting an internal or external user as a collaborator within a folder, you will have the ability to set the level of access that user has to your content.
Sometimes when you're sharing a file with someone you know they will need it for only a certain amount of time, or perhaps legally they or you can only have access to it for a certain amount of days.
How do Box Notes work in folders that have been synced? Box Notes are synced to your computer like other documents, and will appear in your Box Sync folder. Box Notes will open in your browser.
While you are working in Box Notes Box Secure Storage automatically creates saved versions roughly every five minutes or after f
You can choose the type of email notifications that you receive on actions taken within Box.
There are two ways to change or transfer folder ownership to another collaborator. Through the Collaborators menu in the right pane of a folder or from the Collaborators page of a folder.
Box Notes is an easy-to-use document creation tool built natively in Box and available to all Box users.
Box Notes is an easy-to-use document creation tool built natively in Box and available to all Box users.
You can create different file types or folders directly from your Box account. 
You can delete files or folders that you own.
When using Box Sync your folders and files are stored both locally on your computer and within Box.
The University DOES NOT recommend downloading data when working with Box for secure storage.
Box Notes is an easy-to-use document creation tool built natively in Box and available to all Box users.
You should always be collaborating with only the people who need access to files and folders, and with the least amount of
Box Notes is an easy-to-use document creation tool built natively in Box and available to all Box users. 
What is Box Secure Storage? Box is a secure, cloud-based tool for storing and sharing sensitive data.
The Updates page provides logs of all the activity that is happening in your Box account. The updates page shows logs for actions taking place on files and folders such as:
Box Edit is an add-on feature that allows you to edit or create files directly on Box.
There are two apps that can help you work with Box files from your desktop. The recommended app to install and use is Box Drive.
Box Secure Storage provides many security features designed to protect your sensitive data files. However, there are actions you can take to make sure your data stay protected while in Box:
Locking/Unlocking Files If you are working on a file with other collaborators, be sure to lock files before opening them with Box Edit.
  If you have not yet done so,
To hide collaborators, you must be the owner of the Collaboration Folder.
Events like leaving the university or changing roles can trigger a need to change collaboration levels or completely remove someone from a folder within Box.
This article is intended for migrating large amounts of data from Shared Drives or Folders into Box Secure Storage using the Box web interface.
This article is intended for migrating large amounts of data from Google Drive into Box Secure Storage using the Box web interface.
To print using Box Notes, click on the more options
Is the content in your trash? Are you the owner or deleter of this content?
You should be removing a collaborator's access as soon as they no longer need the file or folder that you are sharin
Sometimes a folder should only be accessible to other users within the University of Minnesota system. This article explains how to do this to a folder.
Shared links can be used to quickly get a collaborator directly to a shared file or folder.
Users should keep their collaborators (the people to whom they give access to folders) up-to-date.
While you can share with both internal and external collaborators through your Box account there are special considerations to take when sharing with alumni.
Tags in Box can help you organize and easily find your information.
Box keeps track of your file versions when you upload new files and when you use
According to the Research Data Management Policy, the University of Minnesota owns all data created by faculty, staff, and non-student tr
Sometimes when you try to access Box, you may be prompted to login to a Box screen rather than the standard University of Minnesota login page. You should not use this Box screen to login.
Why can't I see a folder I was invited to? If a user is invited to collaborate on a folder and they do not a
Each user has an unlimited amount of storage space available. However, individual files must be less than 15 Gb each. If you need to make files smaller use a compression tool such as 7-zip.
Box has several visual indicators that can help you easily understand things about the folder, such as collaboration level and ownership. The below is an overview of these icons and indicators.
Permission levels on Box follow a €˜waterfall' design in which individuals only have access to the folder they are <
You are able to upload individual files or entire folders into your Box account.
You can easily upload files or send attachments to a specific Box folder by email when you enable the Allow uploads to this folder via email option.
There are two apps for editing Box data from your Desktop. The University's preferred solution is Box Drive.
You can both create and edit files in Box using Microsoft Office Online Integration.
The Trash folder allows you to recover files and folders that have been deleted. By default, items in the Trash will be purged after 60 days.
There are various ways to integrate and update data within Box. This article covers the basics of the three ways you may want to modify data with Box and when or why you may want to use each.
Box and Sensitive Data Box is a secure data storage and sharing tool that is the primary secure sharing tool for the University of Minnesota.
The University of Minnesota's Box Secure Storage may function differently than other university or personal Box accounts you have used.
As of February 2020, departmental accounts must either:
Try the troubleshooting tips below if you have read through the Duo
If you set your Duo authentication through your mobile device (such as a smartphone or tablet), you are encouraged to add a backup telephone number to your Duo authentication options in case you forget your mobile dev
Congratulations on your new phone!  Here's how to enroll it in Duo.  In this article:
Usernames and passwords are vulnerable to security breaches.
We strongly recommend enrolling at least 2 devices to ensure that you are able to access Duo at all times - even if you have lost your smartphone or are working somewhere with no cell service.
It happens to everyone from time to time: tokens break, tablets die, phones fall into the wrong hands. By following these steps right away, you can still keep yourself and the U secure.  
Duo hardware tokens are small fobs that generate passcodes and are used as part of two-factor authentication sign-in at the University.
By November 2019, Duo will be required at sign-in for all UMN faculty, staff, student, sponsored, and POI accounts.  For instructions on setting up Duo, check the Duo 
In some situations, you may not be able to use a mobile device to authenticate. For instance:
There are two kinds of tokens that you can use as your Duo device:
You can authenticate with Duo using two types of tokens: Hardware tokens (first and second images below) and security keys (also called 'U2F tokens', third image below).
Lost Hardware Token Duo works with two types of tokens: U2F tokens (also referred to as 'security keys') and hardware tokens. This page describes what to do if your hardware token is lost or broken. 
Duo Security (two-factor authentication) is stronger than a password alone, because it uses two factors to confirm that you are who you say you are.  The first factor is something you know (your Inter
Even if you have no access to WiFi or cellular service, you can still use Duo Security.  
There are various scenarios where you may need to remove a device from your Duo page in Self-Service:
Managers or supervisors with employees who have a business need to access databases and enterprise-level applications that use Duo must request access to those services (via an Access Request Form, or ARF).  When a fa
When any University employee (staff, faculty or student employee) or contractor ends their employment with the University, the supervisor needs to revoke access to any Enterprise systems
If you do not have your usual Duo device, use your backup device or your
If you have enrolled a landline to your Duo authentication method, you ca
Background China (Mainland/People's Republic of China) has implemented technologies to regulate the Internet domestically.
This article applies to international employees as well as traveling students, faculty, and staff. You can use Duo authentication when traveling internationally*, even without WiFi or cellular service.
Duo's "Remember Me" feature saves you time while keeping your information safe. It is like the "remember my computer" or "keep me logged in" options you may have seen on other websites.
After enrolling a mobile device to use for authentication, you have two wa
Anyone with a UMN Internet ID can use Duo two-factor authentication for all University sign-in pages.
What is Martin? Martin is what Salesforce calls a full sandbox. That means that it is a complete copy of the production system.
What is Don? Don is what Salesforce calls a full sandbox. That means that it is a complete copy of the production system.
Students at the University of Minnesota can register personal devices for WiFi access, even if they don't support WPA2 authentication (username and password).
This article walks you through how to leave messages for other users from within your Voice Mailbox.
Once setup and entered into the web portal you are able to change the password for your telephone interface.
Certain Departmental Pools, Full Tunnel VPN, and Split Tunnel VPN Pools require Two Factor Authentication (2FA) through
You can send print jobs via WiFi to printers in UMN Computer Labs but first, you need to instal
You can send print jobs via WiFi to printers in UMN Computer Labs but first, you need to instal
You can easily print a document from your personal computer by connecting to a U of M print server via CampusCloud Print.
The Pharos Print app enables you to send a document from your mobile device to a U of M print server.
As a student, you are able to print in OIT-managed printing locations using your personal laptop that is connected to the Twin Cities campus
Sometimes even if you've correctly added eduroam to your networks, you may have problems connecting.
Miniport Wifi Adapters are known to interfere with wifi connectivity for Windows users. If you can no longer connect to the network or your connection is intermittent, check for these adapters and disable them.
This guide will help you to forget your WiFi network. Forgetting a network is often a helpful step when you are having problems connecting to WiFi.
Your android device will automatically find all wireless networks in range. On campus, you will see the following UofM SSIDs (network names): eduroam and UofM-Guest.
Aruba 303H access points are deployed in residence halls across the University of Minnesota Twin Cities campus. These will provide WiFi, and Ethernet access within a particular room.
This article will help you connect a Chromebook to eduroam.
Connecting to eduroam WiFi with Windows on ARM requires additional steps compared to the desktop version of Windows 8.
Linux users can connect to the wireless network using the wireless button in the upper-right of their graphic user interface.
Often departments, or units will have devices that need access to WiFi.
If you have tried connecting to WiFi and are still having connectivity issues, do
If you have tried connecting to WiFi and are still having connectivity issues, downloading eduroam CAT (Conf
Have you tried everything and still can't connect to eduroam? Downloading the eduroam C
Faculty, Staff, and Students who would like to check or update their wireless driver software should contact theTechnology Helpline for assistance. 
UofM-Guest WiFi Network Guests on campus may use the UofM-Guest network at no charge.
Visitors from eduroam-participating universities can obtain access t
Your iPhone will automatically find all WiFi networks in range. On campus, you will see the UofM Networks: eduroam and UofM-Guest.
Connecting to Campus WiFi Your Apple computer will automatically find all wireless networks in range.
WiFi Enhancement To enhance WiFi in your area, please submit a work order through our online
Devices like the Google Chromecast are designed for home networks.
Connecting to Campus WiFi Your Windows 10 computer will automatically find all wireless networks in range.
This article describes how to configure an Xbox 360 for DHCP.

Planned Changes

In February 2020, Adobe changed the way it licenses Acrobat Pro Document Cloud (DC).
Stay secure and connected!
For Instructors Duo Security helps keep student data—like grades, assignments, and contact information—more secure. It also helps students protect their financial aid from theft.
Try the troubleshooting tips below if Duo isn't working for you. If you need additional assistance contact Technology Help 24/7.
Congratulations on your new phone! Learn how to reactivate, add, or remove phones with Duo.
Even if you have no access to WiFi or cellular service, you can still use Duo Security.
Duo’s "Remember Me" feature saves you time while keeping your information safe. It is like the "remember my computer" or "keep me logged in" options you may have seen on other websites.
You can use Duo authentication when traveling internationally, unless you are traveling to a U.S. embargoed country.

Resources

Metadata We run a Shibboleth Identity Provider (IdP) for Single Sign On (i.e.
This University policy focuses on what you can and cannot do, and where to report violations of acceptable use.
Departments may also sponsor an internet account for a University-affiliated individual, as long as that individual provides a service or function that directly impacts students, faculty, or staff.
A single SAML entityID can be used for many different servers, both physical and virtual.
Box Sync and Box Drive are two separate desktop applications that give users the ability to access Box content from the user's desktop environment.
An Entity ID is something that you choose as a SP. This page should help you choose a good entityId for your shibboleth configuration.
A guide to help you correctly identify the security level required for your research data developed by the College of Liberal Arts Technologies and Innovation Services.
Once you have the Apache Shibboleth Module installed and configured, you can add Apache Auth directives to any appropriate content-control block ( <Directory>,<File>, <Location>) in your virtual host
OverviewIn this file you are telling Shibboleth a few key pieces of information so it knows how to authenticate your users. Those items are
If you've gotten this far, you have probably already chosen an Entity ID. If you have not, please see the Choosing your Shibboleth Entity ID topic.
Users agree to comply with the laws or regulations of the United States Department of Commerce, the United States Department of Treasury Foreign Assets Control, or any other applicable United States foreign agency or
Beginning in November 2018, when the University begins to require Duo Security at the Sign-in page, hardware tokens will be available at no cost to UMN students, faculty, or staff who do not own mobile devices.
This resource shows a world-wide map of locations where you can access eduroam.
This link goes to eduroam's official list of participating institutions. 
This four-minute video shows how to enroll a variety of devices, such as cell phones, for use with Duo two-factor authentication.
Learn to store, sync, and share files with Google Drive.
When guests are granted access to information technology resources they must abide by all relevant University of Minnesota policies, as well as all current federal, state, and local laws.
For an overview of the sequence of events during Shib authentication see: Understanding Shibboleth: How It A
Enable automatic updates of the the Mac operating system and apps you got from the App Store.
This policy provides information about the Information Security Risk Management (ISRM) program, including identifying and tracking information security risks, developing plans for remediation, and providing guidance o
U faculty and staff can use this password manager after checking with their technology support staff. For those in a health care component area, store the password database on a University managed device.
For web-based single sign on, you should use Shibboleth authentication instead.
The InCommon certificate service allows for delegated administration, so designated people can submit and approve certificates for their department without intervention from OIT.
Provides a list of the legitimate online services that are approved by the AAP, MPAA, and RIAA.
The launch page for the University's instance of Box Secure Storage
Through the InCommon Federation, University of Minnesota researchers can access national research and scholarship applications and web services, such as virtual organizations and
The Payment Card Compliance Office and University Information Security (UIS) work with departmen
Report an Information Security Incident Report suspected information security incidents immediately to University Information Security (UIS).
Digital Millennium Copyright Act (DMCA) Designated Agent Notification Procedures Notification of alleged copyright infringement should be directed to:
Call 911 if you fear for your safety.Report email or other electronic harassment to University Information Security. Send email to [email protected]
If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to University Information Security
The UReport provides a way for University community members to report violations of rules, regulations and policies. The report can be made anonymously.
Report suspected potential data breaches immediately to University Information Security. Send email with details to [email protected]
University Information Security is available to consult on:
Sometimes you may want to retrieve additional attributes about the user after the user authenticates.
Service Gateway users should follow these practices:
Service Gateway users should follow these practices:
All Service Gateway users should follow the best practices listed below.During MigrationDuring migration, Service Gateway users should do the following.
All Service Gateway users should follow the best practices listed below.During MigrationDuring migration, Service Gateway users should do the following.
OIT customers can use Service Gateway, a web-based application, to manage their own voice and data network connections. Common uses include the following.
OIT customers can use Service Gateway, a web-based application, to manage their own voice and data network connections. Common uses include the following.
We have defined naming conventions for unit identifiers in Service Gateway as described below.
We have defined naming conventions for unit identifiers in Service Gateway as described below.
Each management ID (MID) must have one primary user, who is ultimately responsible for all jacks managed within a unit; this is a significant role.
Each management ID (MID) must have one primary user, who is ultimately responsible for all jacks managed within a unit; this is a significant role.
Current Service Gateway users can use the tool to request services. Others can access the tool by requesting migration.
Current Service Gateway users can use the tool to request services. Others can access the tool by requesting migration.
When a unit is migrated into Service Gateway, training for the primary and secondary users is required. Training is available at no charge.
When a unit is migrated into Service Gateway, training for the primary and secondary users is required. Training is available at no charge.
Each management ID (MID) must have a minimum of one secondary user. Multiple users are recommended to ensure back-up.Primary and secondary users have similar responsibilities.
Each management ID (MID) must have a minimum of one secondary user. Multiple users are recommended to ensure back-up.Primary and secondary users have similar responsibilities.
Standard users have access rights assigned to them by the primary and/or secondary users of the MID.
Standard users have access rights assigned to them by the primary and/or secondary users of the MID.
Primary, secondary, and standard users are assigned user access rights at the discretion of the primary and
Primary, secondary, and standard users are assigned user access rights at the discretion of the primary and
During migration to Service Gateway a management ID (MID) is assigned to the unit. An MID is simply a unique identifier in Service Gateway, used to associate all voice and data network services to a department/c
During migration to Service Gateway a management ID (MID) is assigned to the unit. An MID is simply a unique identifier in Service Gateway, used to associate all voice and data network services to a department/c
Common Error MessagesUnable to locate metadata for identity provider (https://idp2.shib.umn.edu/idp/shibboleth)
Picking an entity IDIf you have not done so, please read Choosing your Shibboleth Entity ID
Official installation instructions are on the official Shib wiki.
DownloadFor now, please see the official Shib Wiki docs on Windows installation.
These are some of the important concepts and terminology used when talking about SAML or Shibboleth.
Understanding LogoutCurrently, Shibboleth doesn't support single logout (SLO), so the only way for a user to completely logout of all SP applications and the IDP server
(See also InCommon's Cert FAQ, which includes browser/device support lists.)
SSL certificate code to proceed to the enrollment form on the InCommon certificate enrollment site:
Web/System administrators who request SSL certificates can go here when having problems connecting to a certificate request page.
Cohesive ServiceThe Office of Information Technology (OIT) is standardizing on a single wireless platform in order to offer seamless wireless service across the Twin Cities and Rochester campuses, as well as
Meeting slides from the Email Technical Coordinators meetings, 2004-2008 are archived below. 
When traveling abroad, some foreign countries do not allow encryption. 
Get a list of the current ports and other things that are blocked at the University's border. You must sign in as a University employee to see these network filters.
University units and community members must ensure that their electronic devices and other resources which store, transmit, or process University information meet the information security processes and standards conta
This one-minute video demonstrates how to use a push method on your mobile device to authenticate with Duo two-factor authentication.
Purpose The following questions will assist units or individuals to review IT contracts or licenses for both cloud-based/off-site or on-premise/locally hosted IT services.
Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications.
The University uses a two-factor authentication system for users who need access to its enterprise-level applications, to ensure another level of security when working with sensitive data.
Please review the embedded Google spreadsheet below to determine if an application requires a Virtual Private Network (VPN) connection.
University WiFi updates mean improved coverage, performance, and stability.
View maps showing wifi coverage for individual University of Minnesota buildings.
See a heat map of the WiFi coverage available on floor 1 of the Coffman Memorial Union building.
If you encounter a location with poor WiFi connectivity on campus, pin the location on the UMN WiFi Feedback site. Network engineers are alerted, and where possible, take action to improve connectivity. 

Self-Help Guides

Box Secure Storage is a cloud storage and collaboration service configured to meet the University security standards for HIPAA data.
Duo Security is the University's way of adding another layer of security to the information you access online.
Learn about Shibboleth, an open-source single sign-on infrastructure, and how to install and configure it.
Did you know that many WiFi connectivity problems are the result of settings or other issues on individual users’ computers, phones and other mobile devices? The good news is many of these can be easily fixed.