Academic collaborators, 3rd party contractors, and volunteers may need a Duke NetID and/or other services. These users would not automatically be granted accounts through other system of records. The Sponsored Accounts system allows Duke employees to submit guest requests for those users. These requests should only be submitted for users when there is a business use case for the sponsorship.
In addition, Sponsored Accounts is utilized to request test or service accounts (commonly referred to as non-person accounts) by members of Group Manager Support Groups. These accounts may be transferred to an individual owner, even if they are not a member of a support group. Affiliates are not eligible to directly sponsor any non-person accounts.
Policies and Account Lifecycle
Duke Sponsored Guest Account Policy
In order to further Duke's mission of research, education, and collaboration, guest accounts may be granted to individuals seeking access to resources within Duke University and/or Duke Health who are not already Duke students, staff, or faculty.
Guest accounts may be granted for a variety of reasons, including contractors who manage Duke resources, hospital volunteers, visiting faculty or students, and external research collaborators.
Sponsoring an Account
Guest accounts must be sponsored by a active Duke faculty or staff member or other approved sponsor. Students, alumni and other accounts may not request guest accounts, and current employees and students may not be granted a guest account until after they have left Duke University or Duke Health employment. An application is initiated by the Sponsor and requires the person requesting the guest account to provide information to confirm their identity.
Services Provided for Guest Accounts
Centrally provided services that may be granted to the guest account include a NetID for access to electronic resources, and/or a DukeCard for access to physical resources. For Duke Health guest accounts, a DHE Active Directory account, remote access via Duke Health VPN, and access to certain clinical applications (e.g. Epic/Maestro Care) may also be granted.
Sponsor Responsibilities
In order to become sponsors, Duke employees must read and agree to follow the terms and conditions, signing off that they accept the responsibilities associated with sponsorship. Sponsors are responsible for having a legitimate business reason for requesting an account for a guest. Sponsors may be contacted by the University or Duke Health security offices should their sponsored guest accounts be involved in inappropriate use.
It is the sponsor's responsibility to request termination of the guest's access immediately upon termination of contract or if the guest becomes an inactive user.
Guest Account Holder Responsibilities
Individuals receiving a guest account are responsible for complying with Duke's policies as well as applicable laws and regulations. Should a person with a guest account violate Duke's policies or applicable laws, their account will be terminated.
Guest Account Lifecycle
Guest accounts are created with a default account length (usually one year) that can be shortened by the sponsor as appropriate. Sponsors are responsible for ensuring that guest accounts are granted and renewed only as long as there is an active business need for access.
Sponsors and guests will be notified 30 days prior to the sponsorship expiration date for renewal confirmation. Guest account access will be disabled on the account's expiration date if the sponsor takes no action.
Should a sponsor leave the university, the guest will be notified and have 30 days before their account is disabled. Sponsors may designate a fellow Duke employee to become the sponsor of a guest account upon their departure.
Revocation of Guest Accounts
A guest account's access is subject to revocation by the Provost's Office or the Office of the Executive Vice President or the sponsor at any time. If an account is revoked, it will be disabled immediately. Guest accounts may not be created if the applicant's identity has been flagged with "ineligible for hire," without explicit approval from Human Resources.
Export Control
As the sponsor of a guest account, it is your responsibility to ensure that the guest is not a foreign national of a sanctioned country and has been informed of their responsibilities for protecting the confidentiality of any sensitive, proprietary, or export controlled data that they are granted access to during the course of their affiliation with Duke University and/or Duke Health.
For questions about access to or protection of confidential or proprietary data, please contact your departmental IT resources, the University IT Security Office (security@duke.edu), or the Duke Health Information Security Office (infosec@mc.duke.edu).
For questions about sanctioned countries (https://export.duke.edu/exporting/countries-concern) or US government export control regulations and granting access to export-controlled data, including confidential or proprietary data, please contact the Office of Export Controls (export@duke.edu or https://export.duke.edu).
Types of non-person Accounts
Service accounts are used for shared departmental access, integration of back-end services or applications, long-term use.
Test accounts are used for application testing, can function as a user account, short-term use.
Sponsoring an Account
Non-person accounts must be requested by members of a Group Manager Support Group. An application is initiated by the Sponsor and requires the sponsor to provide an account purpose and a name for the service or application associated with the non-person account. This name will be viewable in the directory.
Services Provided for Non-person Accounts
Centrally provided services that may be granted to the guest account include a NetID for access to electronic resources. Sponsors can also provision a Duke Health Enterprise (DHE) Active Directory Account. Sponsors can request Grouper API Access as well as submit a request for an Azure/EntraID application registration and service principal. This is used to create an Azure AD application and an associated service principal.
Sponsor Responsibilities
In order to become sponsors, Duke employees must read and agree to follow the terms and conditions, signing off that they accept the responsibilities associated with sponsorship. Sponsors are responsible for having a legitimate account purpose for the non-person account. Sponsors may be contacted by the University or Duke Health security offices should their non-person account be involved in inappropriate use.
non-person Account Lifecycle
Non-person accounts are created with a default account length (usually one year) that can be shortened by the sponsor as appropriate. Sponsors are responsible for ensuring that the non-person accounts are created and renewed only as long as there is an active reason needed for the account to exist..
Sponsors will be notified 30 days prior to the sponsorship expiration date for renewal confirmation. The non-person account access will be disabled on the account's expiration date if the sponsor takes no action. Sponsors have the ability to unexpire an account if it has expired within the last 30 days.
Should a sponsor leave the university, the non-person account will be automatically transferred to the sponsor's previous supervisor. The supervisor will determine if the account should be expired or continue to remain.