Help Desk - Temporary MFA & WiscVPN Eligibility Process and Handling
This Manifest group allows the Help Desk to give users temporary WiscVPN access and also makes them MFA-Duo eligible. The users themselves will need to enroll in MFA-Duo if they are not already enrolled: MFA-Duo - How to Enroll for MFA Duo for your NetID Login Account
Cases should be classified as Network Access > VPN > Submit Incident.
Important Help Desk Agent Notes
If a user needs VPN access but is not part of a group making them eligible, please read the two notes below before having HDQA give the user temporary access to WiscVPN.
Important: Users being added should be told to reach out to their supervisor/manager to let them know that their Static IP or WiscVPN access is temporary. Their supervisor/manager may need to follow up with their local HR department to get the user added as a Person of Interest in HRS (POI). This should provide the user with eligibility for the VPN and Duo indefinitely. Otherwise, if the user's status is going to change in the near future (like becoming an enrolled student or gaining employment at the UW), this will also provide them with the eligibility they need.
Note: If the user cannot register a Duo device and does not have a token/fob yet, please follow steps on MFA-Duo - Exemption Process to exempt them from Duo temporarily.
HDQA - Temporary VPN Eligibility Process
To add users to the WiscVPN Temporary Exemption Group:
-
Go to the Manifest Group. (Full path: uw:app:duo:service:policy:WiscVPN_Service:helpDesk_ad_hoc_mfa_eligibility)
-
Make sure you are on the Members tab. Click on Add Member(s).
-
Enter the user's NetID in the Add individual members box.
-
Click Add individuals.
-
Set the end date to no more than a month from the current date. The user will need to coordinate with their local HR to be added as a Person of Interest (POI) in HRS, or they will have to enter an eligible population (like becoming an enrolled student or gaining employment at the UW) if they wish to have further eligibility.
-
Enter the Cherwell case number as the Membership comment.
-
Click Save.
- Include the user's NetID and note the temporary eligibility.
- Remember to remind the customer that their eligibility is TEMPORARY.
- Classify as Network Access > VPN > Submit Incident. Resolve the case.