Archives

Privacy Impact Assessment

Product overview - Free business icons Overview and Key Features:

The Privacy Impact Assessment (PIA) service allows users of information technology to assess the impacts and risks related to the use of personal information for staff, faculty and students. PIAs are done as part of vendor and application reviews to identify privacy and compliance risks. However, it is recommended that any changes to data flows to existing processes also undergo PIAs to avoid non-compliance with FIPPA requirements.

 

Help - Free computer icons   Getting Started:

   

Question mark - Free communications iconsGet Help:

Privacy policy guidance

Freedom of Information and Protection of Privacy (FIPP) Office

Contact the Security team with questions at security@utoronto.ca

Password Management Service

,

""Overview and Key Features:

1Password is a cloud-based, cross-platform password management solution that allows users to organize and store all passwords in one secure place.

Password re-use (using the same password across multiple accounts) is a significant contributor to data breaches, as stolen credentials can be exploited to gain unauthorized access to other accounts. To address this vulnerability, the University of Toronto has acquired 5,000 1Password Business licenses for staff, faculty and librarians and six years of 1Password Families at no cost for students.

""Getting Started:

To set up your 1Password account, visit:

"" Get Help:

For more information and FAQs, visit the password manager page.

Directory and Authentication Services

""   Overview and Key Features:

Enterprise Active Directory (EAD) is a platform that provides authorization, roles and group services. It is a central database containing users’ information that is used for authentication and authorization. EAD is integrated into almost all major computing systems in the University and provides access to services such as Office 365.

There is no specific front-end usage of EAD. What it does remains transparent while it authenticates and authorizes you to access services – no action is needed from users. For additional information about EAD, see the Enterprise Service Centre Knowledge Base.

""   Getting Started:

There are over 65 separate instances of active directories within U of T. If you are managing one of these instances and would like to integrate with EAD, please submit a ticket through the Enterprise Service Centre to discuss your application.

""   Get Help:

EAD is managed and maintained by the Identity and Access Management (IAM) team. To contact IAM about EAD, please create a ticket through the Enterprise Service Centre.

There is a mailing list for EAD, which is used to send messages about the bi-monthly update meeting. To subscribe, send an email containing “SUBSCRIBE ENTERPRISEAD-L” in the message body to listserv@listserv.utoronto.ca.

Incident Response

Product overview - Free business icons   Overview and Key Features:

The incident response service monitors and responds to notifications of compromised U of T accounts, potentially compromised systems and phishing or other malicious emails to help protect the University’s community members, data and devices.

Depending on the scale of the information security incident, the Incident Response team can provide advice or full management of incidents from start to finish.

 

Help - Free computer icons   Getting Started:

Low severity incidents:

For low severity incidents, such as a compromised account or clicking a link in a phishing email, contact security.response@utoronto.ca.

Medium to critical severity incidents:

For information about medium to critical severity incidents, refer to the Incident Response Plan. If you are experiencing a medium to critical severity incident, complete the incident intake form.

 

Question mark - Free communications icons   Get Help:

Those involved in responding to information security incidents at the University should refer to the incident response tools and resources and the Incident Response Plan for guidance.

For incident response inquiries, contact security.response@utoronto.ca.

 

Information Risk Assessment

   ""   Overview and Key Features:

The information risk assessment is a systematic evaluation process designed to identify, analyze and manage potential risks associated with projects and vendors (applications, hardware, service providers or any other vendors where data collection, storage or transfer may be involved). Regular risk assessments allow organizations to stay ahead of potential vulnerabilities, ensuring that the mitigation, avoidance, acceptance or transfer of identified risks remains effective over time.

This assessment is a proactive measure to enhance information security practices and maintain a resilient and secure environment at U of T. It is a valuable tool for those involved in projects and vendor relationships, such as project teams, departments and vendors engaged with the University, and it promotes a culture of risk-aware decision-making and continuous improvement.

 

Help - Free computer icons   Getting Started:

  

""   Get Help:

Explore the handbook to get actionable steps and helpful information for your cyber security questions and requirements. This handbook is a trusted resource created by the Information Security team for the U of T community.

 

Group Management Service (UTORGrouper)

""   Overview and Key Features:

UTORGrouper is the controlling authority for groups at UofT. Grouper simplifies group management by allowing you to delegate group management or visibility. Grouper enables you to manage your unit’s access groups centrally and have them flow to other services.

 

Help - Free computer icons   Getting Started:

If you’re an application administrator and need help connecting to Grouper, email utorgrouper.admin@utoronto.ca to create an ESC ticket. You’ll get an autoreply with a link to the ticket.

Useful Guides: 

Grouper currently handles approximately 100 applications, with many more expected to be added over time. Your first point of contact for help is the application administrators or your help desk.

If you’re an application administrator and need help connecting to Grouper, email utorgrouper.admin@utoronto.ca to create an ESC ticket.

Institutional Identity and Login (UTORid)

""   Overview and Key Features:

The UTORid (along with a password) is a user identifier used to access many University of Toronto services. Some applications requiring the UTORid include:

   

Help - Free computer icons   Getting Started:

   

Question mark - Free communications icons   Get Help:

To troubleshoot issues with your JOINid or UTORid, see articles on the Help Desk Knowledge Base before contacting support.

Information Commons Help Desk

Identity Management Service (UTORauth)

""   Overview and Key Features:

UTORauth is the University of Toronto’s authorization and authentication database. It is the central capability for managing identities and role-based access authorization to U of T resources.

UTORauth works in three ways:

  1. Identification – each person with a relationship to U of T is given central identifiers.
  2. Authentication – UTORauth uses identifiers, such as the UTORid, for validation.
  3. Authorization – UTORauth determines what users are authorized to do based on their roles.

For detailed information about UTORauth functionality, see the Enterprise Service Centre (ESC) article “UTORauth: How it works”.

 

Help - Free computer icons   Getting Started:

Administrative tools

UTORauth provides a set of tools for administrative staff to manage and obtain lists of UTORids and barcodes. An overview of these tools, as well as further information specific to each tool, is located in the ESC Knowledge Base article “UTORauth: Administrative tools”.

Resources

Question mark - Free communications icons   Get Help:

For UTORauth inquiries or technical support, email utorauth@utoronto.ca to create an ESC ticket.

Multi-Factor Authentication (MFA)

Product overview - Free business icons   Overview and Key Features:

UTORMFA is the University of Toronto’s multi-factor authentication solution. It verifies your identity using a second factor, like a mobile device or hardware token, to ensure that only you can log in to your account. Users must self-enrol in UTORMFA to access University web services, such as academic course selection.

All students, staff and faculty must enrol in DUO multi-factor authentication in order to access University web systems. Online self-enrolment takes 5-10 minutes and requires you to have a smartphone nearby with an active phone number.

 

Help - Free computer icons   Getting Started:

 

""   Get Help:

  • UTORMFA FAQs

For End Users:

Learn about UTORMFA on the Enterprise Service Centre (ESC).

For Staff:

University staff seeking UTORMFA integration with their systems may find additional guides on ESC: