access.caltech is a web-based platform for accessing and launching your Caltech services. A major feature is a unified approach for application authentication and authorization. Specifically, it lessens the burden for a user in remembering and protecting a myriad of usernames and passwords required for each separate application.
There are two important components to access.caltech - 1) Your Caltech UID and 2) Your access.caltech account name.
Caltech UIDis a numeric identifier that distinguishes you, uniquely and permanently, as a member of the Caltech community. It is recorded in Caltech's business systems, and is visible to Caltech employees.
Your access.caltech account nameis what you'll use to log into network services via http://access.caltech.edu. Your access.caltech account name (i.e., username) and password identify you to the network. Your access to specific network services is determined by your Eligibility and Authority.
Available Services and Applications from access.caltech
After you have successfully logged into access.caltech, you will see the access.caltech Home page. This access.caltech Home page will only display Single Sign On and Common Sign On applications that are available to you as an individual, not all possible Caltech applications.
The access.caltech Home page will also include the operational status of each application.
What is Single Sign On?
Single Sign On (SSO) services do not require re-authentication of your access.caltech account name and password.
Clicking on a SSO application will open this application in a separate Browser window and you will already be logged in. The only difference between a SSO and its stand alone counterpart is that authentication and authorization was taken care of by access.caltech. All other application functionality remains unchanged.
Please refer to each application's documentation for details specific to that application.
What is Common Sign On?
Common Sign On (CSO) services require re-authentication of your access.caltech account name and password. However, your account name and password is the same for all these services. Your access.caltech username and password is what you use to log into CSO services.
Clicking on a CSO application simply opens this application in a separate Browser window. All other application functionality remains unchanged. If the CSO application is not web-based, then the link is to documentation about this application.
Please refer to each application's documentation for details specific to that application.
How do I know the status of each access.caltech application?
Each Single Sign On and Common Sign On application will display their status of Green, Yellow or Red.
As described by the Status Legend on the access.caltech Home page, the meaning of each status is as follows.
- Green: Up and application is available for access
- Yellow: Caution and application is available for access, but with limitations (e.g., not all features may be available, performance may be degraded, etc.)
- Red: Down and application is temporarily unavailable.
Once you login, your session is valid until you close all instances of your Web Browser, request a logout, or leave access.caltech idle for 30 minutes, which ever happens first. Each Single Sign On or Common Sign On application controls their time out. Please refer to each application's documentation for details specific to that application.
It is important to remember that each Single Sign Out (e.g., My Personal Information) or Common Sign Out (e.g., Webmail) application manages their individual time out process. Therefore, the duration of how long an application has been idle before it times out may be different for each SSO or CSO application.
TIP: When you are finished with using access.caltech and any Single Sign On or Common Sign On applications, closing all Browser windows is the safest and most secure approach. This is especially important if you are using a public or shared computer.
TIP: For web-based applications, idle time means you have not requested a web page or submitted a form. Specifically, entering data into a web form does not count as active time since a web application will not inherently know you are active unless you have requested a web page, submitted a form or the web page is programmed to automatically refresh itself irrespective of whether you click anything.
The main access.caltech application times out after 30 minutes of idle time. When you time out of the main access.caltech application, a dialog window will pop up indicating you have timed out. Clicking on the "OK" button will bring you to the login page for access.caltech (i.e., you have effectively been logged out). If you want to continue your session, please login again.
However, if you've already launched Single Sign Out or Common Sign On applications into their separate Browser windows, these SSO and CSO applications will remain active (i.e., you are still logged in) until you explicitly logout of each application or an application times out -- whichever occurs first.
Many SSO or CSO applications will not display any message or close that Browser window after timing out. Frequently, many SSO or CSO applications will request re-authentication (i.e., entering your username and password to resume your session.
Time Out Setting By Application
- access.caltech = 30 minutes
- My Personal Information = 30 minutes
Setting Your Challenge Questions
Once you have logged into the access.caltech application, we strongly recommend that you set up your challenge questions. Setting up challenge questions will allow you to use the "Forgot Your Password" feature of access.caltech if you ever forget your password in the future.
How to Setup Challenge Questions
To setup your challenge questions, login to access.caltech and click on the 'Set Password Questions' tab.
For added security, you will need to enter your current password, select two (2) questions from a pre-defined list and provide answers for each question. Alternatively, you can define your own single custom question and answer.
Answers need to be at least 3 characters in length. Custom questions cannot be more than 60 characters in length.
Sometimes users forget their passwords and want an online feature for resetting their password. To activate this feature, click on the 'Set Password Questions' tab.
For added security, you will need to enter your current password, and select two (2) questions from a pre-defined list and provide answers for each question respectively. As an alternative, you can define your own single custom question and answer, in lieu of picking two pre-defined questions.
Answers need to be at least three (3) characters in length. Custom questions cannot be more than 60 characters in length.
TIP: Select questions that only you know the answer to.
Ease of use, especially with passwords, must be tempered by best practice security policies and guidelines. Best practice for passwords includes the following.
- Selecting a password that is not easily guessed
- Not sharing your password
- Not posting your password in an easy to access location (e.g., written password taped to your computer screen)
- Other common sense precautions when protecting online assets
Your access.caltech password must be at least eight (8) characters long, and contain at least two (2) letters and characters from the following categories.
- Upper case letter
- Lower case letter
It cannot contain the following special characters.
- " The double quote character
- + The plus character
- = The equal character
- % The percent character
To change your access.caltech password, click on the 'Manage My Password' tab in the main access.caltech application.
Enter your current password, your new password and a confirmation of your new password.
If your new password meets all access.caltech password criteria, your password is changed. You must use this new password when you log into access.caltech the next time, when using any function that requires re-authentication (e.g., time-out) or when using any Common Sign On application.
If your new password does not meet all access.caltech password criteria, you will be presented with an error screen that displays the specific criteria that was not met.
Because some password choices are easy to guess, access.caltech also precludes passwords that are the following.
- Common dictionary words
- Simple repeating patterns
- Your name or account name
You must set up your password challenge questions to use this feature. Please reference the Setting Forgot Password Challenge Questions section of this User Guide for instructions.
From http://access.caltech.edu, click on the '[forgot your password?]' link where you will be prompted for your username and Caltech UID.
Enter your access.caltech account username and Caltech UID. Clicking on submit will display a screen containing the challenge question(s) previously set up by you. Enter answers to these questions as previously set up by you.
If you successfully answer your challenge questions, a page requesting you reset your password is displayed. Enter your new password and confirmation of your new password, and click the Submit button. Once you've reset your password, you can login to access.caltech..
If you did not set up challenge questions in the "Set Password Questions" tab, this is equivalent to disabling this feature. Please call the Help Desk, at extension 3500 (i.e., 626-395-3500), to reset your password
You may be prompted to reset your password. The following situations will require you to reset your password.
- Your password was reset by Help Desk
- You forgot your password and correctly answered your challenge questions
- Caltech Information Security deems your password is vulnerable