Resources

Comparisons

Choosing the most appropriate network is the best way to maximize the performance of your computer and mobile devices.

Good Practices

As a rule, do not share downloaded materials with others via peer-to-peer software like BitTorrent or other torrent applications.
Email scams (known as phishing) are a common method to trick you into visiting a fraudulent website, opening an infected document, or logging in to "validate your email account."
To keep your device current, enable automatic updates and install updates when notified.
Downloading or sharing software, entertainment, or images may violate United States copyright law. Many torrent applications default to continue sharing your downloads with other users.

How-Tos

This article is designed to assist in getting Box Drive installed on Health Sciences Technology (HST) supported devices.
When inviting an internal or external user as a collaborator within a folder, you will have the ability to set the level of access that user has to your content.
Sometimes when you're sharing a file with someone you know they will need it for only a certain amount of time, or perhaps legally they or you can only have access to it for a certain amount of days.
How do Box Notes work in folders that have been synced? Box Notes are synced to your computer like other documents, and will appear in your Box Sync folder. Box Notes will open in your browser.
While you are working in Box Notes Box Secure Storage automatically creates saved versions roughly every five minutes or after f
The University DOES NOT recommend downloading data when working with Box for secure storage.
What is Box Secure Storage? Box is a secure, cloud-based tool for storing and sharing sensitive data.
Box Edit is an add-on feature that allows you to edit or create files directly on Box.
There are two apps that can help you work with Box files from your desktop. The recommended app to install and use is Box Drive.
Box Secure Storage provides many security features designed to protect your sensitive data files. However, there are actions you can take to make sure your data stay protected while in Box:
Users should keep their collaborators (the people to whom they give access to folders) up-to-date.
Box keeps track of your file versions when you upload new files and when you use
Sometimes when you try to access Box, you may be prompted to login to a Box screen rather than the standard University of Minnesota login page. You should not use this Box screen to login.
There are two apps for editing Box data from your Desktop. The University's preferred solution is Box Drive.
There are various ways to integrate and update data within Box. This article covers the basics of the three ways you may want to modify data with Box and when or why you may want to use each.
Box and Sensitive Data Box is a secure data storage and sharing tool that is the primary secure sharing tool for the University of Minnesota.
The University of Minnesota's Box Secure Storage may function differently than other university or personal Box accounts you have used.
As of February 2020, departmental accounts must either:
Try the troubleshooting tips below if you have read through the Duo
If you set your Duo authentication through your mobile device (such as a smartphone or tablet), you are encouraged to add a backup telephone number to your Duo authentication options in case you forget your mobile dev
Congratulations on your new phone!  Here's how to enroll it in Duo.  In this article:
Usernames and passwords are vulnerable to security breaches.
We strongly recommend enrolling at least 2 devices to ensure that you are able to access Duo at all times - even if you have lost your smartphone or are working somewhere with no cell service.
Duo hardware tokens are small fobs that generate passcodes and are used as part of two-factor authentication sign-in at the University.
Duo Security (two-factor authentication) is stronger than a password alone, because it uses two factors to confirm that you are who you say you are.  The first factor is something you know (your Inter
By November 2019, Duo will be required at sign-in for all UMN faculty, staff, student, sponsored, and POI accounts.  For instructions on setting up Duo, check the Duo 
In some situations, you may not be able to use a mobile device to authenticate. For instance:
There are two kinds of tokens that you can use as your Duo device:
You can authenticate with Duo using two types of tokens: Hardware tokens (first and second images below) and security keys (also called 'U2F tokens', third image below).
Lost Hardware Token Duo works with two types of tokens: U2F tokens (also referred to as 'security keys') and hardware tokens. This page describes what to do if your hardware token is lost or broken. 
There are various scenarios where you may need to remove a device from your Duo page in Self-Service:
Managers or supervisors with employees who have a business need to access databases and enterprise-level applications that use Duo must request access to those services (via an Access Request Form, or ARF).  When a fa
When any University employee (staff, faculty or student employee) or contractor ends their employment with the University, the supervisor needs to revoke access to any Enterprise systems
If you do not have your usual Duo device, use your backup device or your
If you have enrolled a landline to your Duo authentication method, you ca
Background China (Mainland/People's Republic of China) has implemented technologies to regulate the Internet domestically.
This article applies to international employees as well as traveling students, faculty, and staff. You can use Duo authentication when traveling internationally*, even without WiFi or cellular service.
After enrolling a mobile device to use for authentication, you have two ways to authentica
Anyone with a UMN Internet ID can use Duo two-factor authentication for all University sign-in pages.
Students at the University of Minnesota can register personal devices for WiFi access, even if they don't support WPA2 authentication (username and password).
Certain Departmental Pools, and starting September 16, 2020 both General Access Full and Split Tunnel VPN pools will require Two Factor Authentication (2FA) through
You can send print jobs via WiFi to printers in UMN Computer Labs but first, you need to instal
You can send print jobs via WiFi to printers in UMN Computer Labs but first, you need to instal
You can easily print a document from your personal computer by connecting to a U of M print server via CampusCloud Print.
The Pharos Print app enables you to send a document from your mobile device to a U of M print server.
As a student, you are able to print in OIT-managed printing locations using your personal laptop that is connected to the Twin Cities campus
Sometimes even if you've correctly added eduroam to your networks, you may have problems connecting.
Miniport Wifi Adapters are known to interfere with wifi connectivity for Windows users. If you can no longer connect to the network or your connection is intermittent, check for these adapters and disable them.
This guide will help you to forget your WiFi network. Forgetting a network is often a helpful step when you are having problems connecting to WiFi.
Your android device will automatically find all wireless networks in range. On campus, you will see the following UofM SSIDs (network names): eduroam and UofM-Guest.
Aruba 303H access points are deployed in residence halls across the University of Minnesota Twin Cities campus. These will provide WiFi, and Ethernet access within a particular room.
This article will help you connect a Chromebook to eduroam.
Connecting to eduroam WiFi with Windows on ARM requires additional steps compared to the desktop version of Windows 8.
Linux users can connect to the wireless network using the wireless button in the upper-right of their graphic user interface.
Often departments, or units will have devices that need access to WiFi.
If you have tried connecting to WiFi and are still having connectivity issues, do
If you have tried connecting to WiFi and are still having connectivity issues, downloading eduroam CAT (Conf
Have you tried everything and still can't connect to eduroam? Downloading the eduroam C
Faculty, Staff, and Students who would like to check or update their wireless driver software should contact theTechnology Helpline for assistance. 
UofM-Guest WiFi Network Guests on campus may use the UofM-Guest network at no charge.
Visitors from eduroam-participating universities can obtain access t
Your iPhone will automatically find all WiFi networks in range. On campus, you will see the UofM Networks: eduroam and UofM-Guest.
Connecting to Campus WiFi Your Apple computer will automatically find all wireless networks in range.
WiFi Enhancement To enhance WiFi in your area, please submit a work order through our online
Devices like the Google Chromecast are designed for home networks.
Connecting to Campus WiFi Your Windows 10 computer will automatically find all wireless networks in range.

Planned Changes

Stay secure and connected!
For Instructors
Try the troubleshooting tips below if Duo isn't working for you. If you need additional assistance contact Technology Help 24/7.
Congratulations on your new phone! Learn how to reactivate, add, or remove phones with Duo.
Even if you have no access to WiFi or cellular service, you can still use Duo Security.
Duo’s "Remember Me" feature saves you time while keeping your information safe. It is like the "remember my computer" or "keep me logged in" options you may have seen on other websites.
You can use Duo authentication when traveling internationally, unless you are traveling to a U.S. embargoed country.

Resources

This University policy focuses on what you can and cannot do, and where to report violations of acceptable use.
Departments may also sponsor an internet account for a University-affiliated individual, as long as that individual provides a service or function that directly impacts students, faculty, or staff.
A single SAML entityID can be used for many different servers, both physical and virtual.
Reitired: redirected to Compare Authentication Options page https://it.umn.edu/comparison/compare-authentication-options
An Entity ID is something that you choose as a SP. This page should help you choose a good entityId for your shibboleth configuration.
A guide to help you correctly identify the security level required for your research data developed by the College of Liberal Arts Technologies and Innovation Services.
Once you have the Apache Shibboleth Module installed and configured, you can add Apache Auth directives to any appropriate content-control block ( <Directory>,<File>, <Location>) in your virtual host
Overview In this file you are telling Shibboleth a few key pieces of information so it knows how to authenticate your users. Those items are
If you've gotten this far, you have probably already chosen an Entity ID. If you have not, please see the Choosing your Shibboleth Entity ID topic.
Users agree to comply with the laws or regulations of the United States Department of Commerce, the United States Department of Treasury Foreign Assets Control, or any other applicable United States foreign agency or
This resource shows a world-wide map of locations where you can access eduroam.
This link goes to eduroam's official list of participating institutions. 
This four-minute video shows how to enroll a variety of devices, such as cell phones, for use with Duo two-factor authentication.
Learn to store, sync, and share files with Google Drive.
When guests are granted access to information technology resources they must abide by all relevant University of Minnesota policies, as well as all current federal, state, and local laws.
For an overview of the sequence of events during Shib authentication see: Understanding Shibboleth: How It A
Enable automatic updates of the the Mac operating system and apps you got from the App Store.
This policy provides information about the Information Security Risk Management (ISRM) program, including identifying and tracking information security risks, developing plans for remediation, and providing guidance o
U faculty and staff can use this password manager after checking with their technology support staff. For those in a health care component area, store the password database on a University managed device.
For web-based single sign on, you should use Shibboleth authentication instead.
The InCommon certificate service allows for delegated administration, so designated people can submit and approve certificates for their department without intervention from OIT.
Provides a list of the legitimate online services that are approved by the AAP, MPAA, and RIAA.
Through the InCommon Federation, University of Minnesota researchers can access national research and scholarship applications and web services, such as virtual organizations and
The Payment Card Compliance Office and University Information Security (UIS) work with departmen
Report an Information Security Incident
Digital Millennium Copyright Act (DMCA) Designated Agent Notification Procedures
Call 911 if you fear for your safety. Report email or other electronic harassment to University Information Security. Send email to [email protected]
If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to University Information Security
The UReport provides a way for University community members to report violations of rules, regulations and policies. The report can be made anonymously.
Report suspected potential data breaches immediately to University Information Security. Send email with details to [email protected]
University Information Security is available to consult on:
Sometimes you may want to retrieve additional attributes about the user after the user authenticates.
Service Gateway users should follow these practices:
Service Gateway users should follow these practices:
All Service Gateway users should follow the best practices listed below. During Migration During migration, Service Gateway users should do the following.
All Service Gateway users should follow the best practices listed below. During Migration During migration, Service Gateway users should do the following.
OIT customers can use Service Gateway, a web-based application, to manage their own voice and data network connections. Common uses include the following.
OIT customers can use Service Gateway, a web-based application, to manage their own voice and data network connections. Common uses include the following.
We have defined naming conventions for unit identifiers in Service Gateway as described below.
We have defined naming conventions for unit identifiers in Service Gateway as described below.
Each management ID (MID) must have one primary user, who is ultimately responsible for all jacks managed within a unit; this is a significant role.
Each management ID (MID) must have one primary user, who is ultimately responsible for all jacks managed within a unit; this is a significant role.
Current Service Gateway users can use the tool to request services. Others can access the tool by requesting migration.
Current Service Gateway users can use the tool to request services. Others can access the tool by requesting migration.
When a unit is migrated into Service Gateway, training for the primary and secondary users is required. Training is available at no charge.
When a unit is migrated into Service Gateway, training for the primary and secondary users is required. Training is available at no charge.
Each management ID (MID) must have a minimum of one secondary user. Multiple users are recommended to ensure back-up. Primary and secondary users have similar responsibilities.
Each management ID (MID) must have a minimum of one secondary user. Multiple users are recommended to ensure back-up. Primary and secondary users have similar responsibilities.
Standard users have access rights assigned to them by the primary and/or secondary users of the MID.
Standard users have access rights assigned to them by the primary and/or secondary users of the MID.
Primary, secondary, and standard users are assigned user access rights at the discretion of the primary and
Primary, secondary, and standard users are assigned user access rights at the discretion of the primary and
During migration to Service Gateway a management ID (MID) is assigned to the unit. An MID is simply a unique identifier in Service Gateway, used to associate all voice and data network services to a department/c
During migration to Service Gateway a management ID (MID) is assigned to the unit. An MID is simply a unique identifier in Service Gateway, used to associate all voice and data network services to a department/c
Common Error Messages
Picking an entity ID If you have not done so, please read Choosing your Shibboleth Entity ID
Official installation instructions are on the official Shib wiki.
Download For now, please see the official Shib Wiki docs on Windows installation.
These are some of the important concepts and terminology used when talking about SAML or Shibboleth.
Understanding Logout
(See also InCommon's Cert FAQ, which includes browser/device support lists.)
SSL certificate code to proceed to the enrollment form on the InCommon certificate enrollment site:
Web/System administrators who request SSL certificates can go here when having problems connecting to a certificate request page.
Hello there! Please connect to eduroam. 
Cohesive Service
Meeting slides from the Email Technical Coordinators meetings, 2004-2008 are archived below. 
When traveling abroad, some foreign countries do not allow encryption. 
Get a list of the current ports and other things that are blocked at the University's border. You must sign in as a University employee to see these network filters.
This one-minute video demonstrates how to use a push method on your mobile device to authenticate with Duo two-factor authentication.
Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications.
The University uses a two-factor authentication system for users who need access to its enterprise-level applications, to ensure another level of security when working with sensitive data.
Please review the embedded Google spreadsheet below to determine if an application requires a Virtual Private Network (VPN) connection.
University WiFi updates mean improved coverage, performance, and stability.
View maps showing wifi coverage for individual University of Minnesota buildings.
See a heat map of the WiFi coverage available on floor 1 of the Coffman Memorial Union building.
If you encounter a location with poor WiFi connectivity on campus, pin the location on the UMN WiFi Feedback site. Network engineers are alerted, and where possible, take action to improve connectivity. 

Self-Help Guides

Box Secure Storage is a cloud storage and collaboration service configured to meet the University security standards for HIPAA data.
Duo Security is the University's way of adding another layer of security to the information you access online.
Learn about Shibboleth, an open-source single sign-on infrastructure, and how to install and configure it.
Did you know that many WiFi connectivity problems are the result of settings or other issues on individual users’ computers, phones and other mobile devices? The good news is many of these can be easily fixed.