access.caltech Help

Important information about changes to access.caltech passwords

Welcome to access.caltech Help. Please choose a topic below.


access.caltech Home

access.caltech is a web-based platform for accessing and launching your Caltech services. As the first integrated application from the IMSS organization, it provides common infrastructure and processes for integrating future Caltech applications.

A major feature is a unified approach for application authentication and authorization. Specifically, it lessens the burden for a user in remembering and protecting a myriad of usernames and passwords required for each separate application.

access.caltech services the entire Caltech community that includes the following.

  • Staff
  • Faculty
  • Post Doctorates
  • Graduate Students
  • Undergraduate Students
  • Guests
  • Alumni - Coming Soon
  • Affiliates - Coming Soon

To provide functionality faster to users, access.caltech is deployed in Phases. The following features are currently live.

  • My Personal Information: IMSS Single Sign On application that is an online equivalent to the current P-53 Personnel Information Change Notice Form
  • Common Sign-On Applications: All former ITS web-based applications
  • Unified authentication and authorization approach
  • Integrated password management
  • Synchronization of data and data feeds from existing systems that support P-53
  • Single Sign On REGIS
  • Single Sign On Parking
  • Single Sign On CLAS

IMSS works with a cross-sectional Advisory Committee to help define priorities and focus IMSS efforts for features delivered in future access.caltech Phases.

back to top

Key Components

There are two important components to access.caltech - 1) Your Caltech UID and 2) Your access.caltech account name.

Caltech UIDis a numeric identifier that distinguishes you, uniquely and permanently, as a member of the Caltech community. It is recorded in Caltech's business systems, and is visible to Caltech employees.

Your access.caltech account nameis what you'll use to log into network services via http://access.caltech.edu. Your access.caltech account name (i.e., username) and password identify you to the network. Your access to specific network services is determined by your Eligibility and Authority.

TIP:Your access.caltech account extends and expands on your IMSS account (i.e., former ITS account). If you already have an existing IMSS account, your ITS username and password are used for access.caltech, as well.

Ownership of a Caltech UID and access.caltech account is governed by Caltech policy as expressed in Caltech's Terms of Use.

Caltech UID

Your Caltech UID is:

  • Permanently assigned to you.Once assigned a Caltech UID, it will never be reassigned.
  • Not private.Your actual Caltech UID will remain visible in Caltech business systems and reports, and may be requested as an identifier by Caltech staff.
  • Not anonymous.Your Caltech UID is directly associated with you.

As your relationship with Caltech changes (e.g., through graduation, employment, retirement, and even death), the status of your Caltech UID may change from active to inactive and back, but your Caltech UID itself will not change.

access.caltech Account Name

Your access.caltech account is:

  • Permanently assigned to you.Once you've claimed an access.caltech account name, it will never be reassigned. You cannot easily abandon an access.caltech account name and open another.
  • Not private.You can control whether it is displayed in Caltech's online directory, and you can create an alias to use as your email address, but your actual access.caltech account name will remain visible in Caltech business systems and reports, and may be requested as an identifier by Caltech staff.
  • Not anonymous.Your access.caltech account name is directly associated with you unlike a chat-room ID or Hotmail address that may mask your identity.

Some access.caltech account names may be in use without currently being active. As a result, you may be required to select an access.caltech account name that is not your first choice.

We understand that you cannot foresee life changes that may make your access.caltech account name inappropriate after the fact. In rare cases, a request to change an access.caltech account name may be approved. Changing an access.caltech account name requires substantial effort from several different campus offices, and can result in disruption of your services during the transition.

back to top

Tips for Logging In

access.caltech uses the login credentials of your IMSS (formerly ITS) account. You may already know your access.caltech username and password -- they are also used for IMSS standard email, theIMSS Software Distributionsite, VPN, Utils, and Unix cluster access.

Please contact the IMSS Help Desk at 626.395.3500 from 8AM to 5PM (PST) on Monday through Friday if you require login assistance.

Setting Your Challenge Questions

Once you have logged into the access.caltech application, we strongly recommend that you set up your challenge questions. Setting up challenge questions will allow you to use the “Forgot Your Password” feature of access.caltech if you ever forget your password in the future.

How to Setup Challenge Questions

To setup your challenge questions, login to access.caltech and click on the 'Set Password Questions' tab.

For added security, you will need to enter your current password, select two (2) questions from a pre-defined list and provide answers for each question. Alternatively, you can define your own single custom question and answer.

Answers need to be at least 3 characters in length. Custom questions cannot be more than 60 characters in length.

back to top

How do I get my access.caltech account?

If you are a new Caltech employee, information regarding your new access.caltech account will be included in your Orientation Package.

If you are a new Caltech Student, information regarding your new access.caltech account will be included in your Registration Package.

If you are unsure of your access.caltech account username, please contact the Help Desk at extension 3500 (i.e., 626-395-3500).

TIP: Your access.caltech account extends and expands on your IMSS account (i.e., former ITS account). If you already have an existing IMSS account, your ITS username and password are used for access.caltech, as well.

back to top

Why do I need a Caltech UID?

If people's names were truly unique, we could identify users just by their names. However, sometimes names are not unique. Your Caltech UID is a unique number assigned by Caltech to you and only you. Unlike a Social Security Number, a Caltech UID is not useful outside Caltech, and can be freely used within Caltech to help identify you specifically. Like a name, Caltech UID is not confidential.

back to top

Do I have to be a student to use this system?

No. This system is available for use by all access.caltech supported communities (e.g., faculty, staff, etc).

back to top

How long is my session valid?

Once you login, your session is valid until you close all instances of your Web Browser, request a logout, or leave access.caltech idle for 30 minutes, which ever happens first. Each Single Sign On or Common Sign On application controls their time out. Please refer to each application's documentation for details specific to that application.

back to top

Why do I sometimes see references to CAS?

Central Authentication System (CAS) is used by access.caltech for authentication. CAS is a java application that maintains state and authentication data on clients. It was initially developed at Yale University. Client software (e.g., web services) connects to Caltech's CAS server to authenticate and process user login requests. Cookies must be set on the Web Browser for the service to work properly.

How does CAS work?

There are three phases to CAS authentication.

The first is to check to see if the user has logged in. This is done by calling the Caltech CAS server and passing the web service as a service parameter. The CAS server either redirects the user to your service page, passing it a ticket or takes the user's Browser to the login page and requests that the user logs in using their access.caltech account and password.

The CAS service stores some cookie information in the user's Browser to assist with finding records that are used to bypass a user's login. Your web service page then calls the validation service at the CAS server, passes the web service and ticket returned from the login process.

This second step is required to prevent impostors from granting invalid tickets and invalid authentications. If the service and ticket values are valid, the CAS server returns a stream that contains relevant information for the service to continue.

The third phase of CAS authentication is a recommendation. Each web service should create a session to authenticate with other services on the same application/web server. If a valid session exists on the web or application server, there is no need to call the CAS server for authentication.

back to top

I authenticated using Netscape, but my Internet Explorer is also running and I am asked to be authenticated again?

Authentication is valid for a specific Browser. If you use two Browsers or Browsers on different machines, you will need to authenticate again inside each browser.

back to top

What cookies are stored in my Browser?

Two cookies are stored in the user's Browser by the CAS service. The first is a session cookie stored by the application server. This cookie is used for load balancing and session preservation across servers. The second cookie is created by the CAS server. Both cookies are destroyed when the Browser exits, the session expires, the CAS server is restarted, or an explicit logout is called from the Browser or web service.

back to top

I am developing a program for students and faculty and want to use this service to authenticate users, how do I do this?

Contact the office of the CIO for further information.

back to top

I forgot my password, but the 'forgot your password?' process doesn't work for me?

If you did not set up challenge questions in the "Set Password Questions" tab, this is equivalent to disabling this feature. Please call the Help Desk, at extension 3500 (i.e., 626-395-3500), to reset your password.

back to top

Available Services and Applications from access.caltech

After you have successfully logged into access.caltech, you will see the access.caltech Home page. This access.caltech Home page will only display Single Sign On and Common Sign On applications that are available to you as an individual, not all possible Caltech applications.

The access.caltech Home page will also include the operational status of each application and a Caltech News Feed.

What is Single Sign On?

Single Sign On (SSO) services do not require re-authentication of your access.caltech account name and password.

Clicking on a SSO application will open this application in a separate Browser window and you will already be logged in. The only difference between a SSO and its stand alone counterpart is that authentication and authorization was taken care of by access.caltech. All other application functionality remains unchanged.

Please refer to each application's documentation for details specific to that application.

What is Common Sign On?

Common Sign On (CSO) services require re-authentication of your access.caltech account name and password. However, your account name and password is the same for all these services. Your access.caltech username and password is what you use to log into CSO services.

Clicking on a CSO application simply opens this application in a separate Browser window. All other application functionality remains unchanged. If the CSO application is not web-based, then the link is to documentation about this application.

Please refer to each application's documentation for details specific to that application.

What are Other Applications?

Clicking on these application links simply takes you to existing applications as a convenience. These systems continue to manage their own username and passwords, independent of access.caltech.

What is Caltech's News Feed?

Caltech's News Feed is displayed in the right column. Clicking on a news article title or on 'more' will open a separate Browser window displaying the full news article.

If Caltech's News Feed is momentarily unavailable, facts about access.caltech will display instead.

back to top

How do I know the status of each access.caltech application?

Each Single Sign On and Common Sign On application will display their status of Green, Yellow or Red.

As described by the Status Legend on the access.caltech Home page, the meaning of each status is as follows.

  • Green: Up and application is available for access
  • Yellow: Caution and application is available for access, but with limitations (e.g., not all features may be available, performance may be degraded, etc.)
  • Red: Down and application is temporarily unavailable.

back to top

How do I use Managing Your Password?

Ease of use, especially with passwords, must be tempered by best practice security policies and guidelines. Best practice for passwords includes the following.

  • Selecting a password that is not easily guessed
  • Not sharing your password
  • Not posting your password in an easy to access location (e.g., written password taped to your computer screen)
  • Other common sense precautions when protecting online assets

Your access.caltech password must be at least eight (8) characters long, and contain at least two (2) letters and characters from the following categories.

  • Upper case letter
  • Lower case letter
  • Numbers
  • Symbols

It cannot contain the following special characters.

  • " The double quote character
  • + The plus character
  • = The equal character
  • % The percent character

To change your access.caltech password, click on the 'Manage My Password' tab in the main access.caltech application.

Enter your current password, your new password and a confirmation of your new password.

If your new password meets all access.caltech password criteria, your password is changed. You must use this new password when you log into access.caltech the next time, when using any function that requires re-authentication (e.g., time-out) or when using any Common Sign On application.

If your new password does not meet all access.caltech password criteria, you will be presented with an error screen that displays the specific criteria that was not met.

Because some password choices are easy to guess, access.caltech also precludes passwords that are the following.

  • Common dictionary words
  • Simple repeating patterns
  • Your name or account name

back to top

How do I set my Forgot Password Challenge Questions?

Sometimes users forget their passwords and want an online feature for resetting their password. To activate this feature, click on the 'Set Password Questions' tab.

For added security, you will need to enter your current password, and select two (2) questions from a pre-defined list and provide answers for each question respectively. As an alternative, you can define your own single custom question and answer, in lieu of picking two pre-defined questions.

Answers need to be at least three (3) characters in length. Custom questions cannot be more than 60 characters in length.

TIP: Select questions that only you know the answer to.

back to top

What if I forget my password?

You must set up your password challenge questions to use this feature. Please referenceSetting Forgot Password Challenge Questionssection of this User Guide for instructions.

From http://access.caltech.edu, click on the '[forgot your password?]' link where you will be prompted for your username and Caltech UID.

Enter your access.caltech account username and Caltech UID. Clicking on submit will display a screen containing the challenge question(s) previously set up by you. Enter answers to these questions as previously set up by you.

If you successfully answer your challenge questions, a page requesting you reset your password is displayed. Enter your new password and confirmation of your new password, and click the Submit button. Once you've reset your password, you can login to access.caltech..

back to top

Why am I prompted to reset my password?

You may be prompted to reset your password. The following situations will require you to reset your password.

  • Your password was reset by Help Desk
  • You forgot your password and correctly answered your challenge questions
  • Caltech Information Security deems your password is vulnerable

back to top

What is the difference between Logout in access.caltech and Logout on a Single Sign On application?

There is a difference between logging out of the main access.caltech application and logging out of Single Sign On or Common Sign On applications. Currently, access.caltech does not have a Single Sign Out feature (i.e., clicking on one Logout button logs you out of everything).

It is important to remember that each Single Sign Out (e.g., My Personal Information) or Common Sign Out (e.g., Webmail) application manages their individual log out process.

Clicking "Logout" in the main access.caltech application logs you out of access.caltech, and will display a screen indicating you have logged out successfully.

However, if you've already launched Single Sign Out or Common Sign On applications into their separate Browser windows, these SSO and CSO applications will remain active (i.e., you are still logged in) until you explicitly logout of each application or an application times out -- whichever occurs first.

TIP: When you are finished with using access.caltech and any Single Sign On or Common Sign On applications, closing all Browser windows is the safest and most secure approach. This is especially important if you are using a public or shared computer.

Since each Single Sign On or Common Sign On application controls their logout behaviour, clicking on 'Exit', in My Personal Information application for example, will log you out of My Personal Information and close the window. Common logout behaviour includes displaying a screen indicating you have logged out.

If access.caltech is still active, you can click again on any SSO or CSO application to open in a separate Browser window. Launching a CSO application will require authentication.

back to top

How does time-out work?

It is important to remember that each Single Sign Out (e.g., My Personal Information) or Common Sign Out (e.g., Webmail) application manages their individual time out process. Therefore, the duration of how long an application has been idle before it times out may be different for each SSO or CSO application.

TIP: When you are finished with using access.caltech and any Single Sign On or Common Sign On applications, closing all Browser windows is the safest and most secure approach. This is especially important if you are using a public or shared computer.

TIP: For web-based applications, idle time means you have not requested a web page or submitted a form. Specifically, entering data into a web form does not count as active time since a web application will not inherently know you are active unless you have requested a web page, submitted a form or the web page is programmed to automatically refresh itself irrespective of whether you click anything.

The main access.caltech application times out after 30 minutes of idle time. When you time out of the main access.caltech application, a dialog window will pop up indicating you have timed out. Clicking on the "OK" button will bring you to the login page for access.caltech (i.e., you have effectively been logged out). If you want to continue your session, please login again.

However, if you've already launched Single Sign Out or Common Sign On applications into their separate Browser windows, these SSO and CSO applications will remain active (i.e., you are still logged in) until you explicitly logout of each application or an application times out -- whichever occurs first.

Many SSO or CSO applications will not display any message or close that Browser window after timing out. Frequently, many SSO or CSO applications will request re-authentication (i.e., entering your username and password to resume your session.

Time Out Setting By Application

  • access.caltech = 30 minutes
  • My Personal Information = 30 minutes

back to top

Who do I call for help with access.caltech?

Further questions about access.caltech can be forwardedto thefollowing offices.

back to top