Contained within this document:

Introduction


This is a user guide to the HESA Identity System, the single-sign-on system and authorisation provider for HESA web applications. The IDS enables users to have a single account to access the Data collection system and the Minerva DQ database.



Roles

The level of access to HESA systems that a user has is dictated by the roles they possess within the system. Below is a list of the roles available and the access they grant.

Data Collection Record Contact

For each data stream, the Record Contact is the first point of communication during data collection. The Record Contact for is responsible for overseeing a provider's data submission process, liaising with HESA and ensuring that deadlines are achieved.


Record Contacts may either administer the Data Collection roles for themselves or delegate this activity by granting the Data Collection Admin role. If administering roles themselves, Record Contacts will be expected to invite people to hold  Data Collection roles for their provider. They will also be expected to accept or reject requests to hold Data Collection roles.

Record Contacts are responsible for ensuring that people who either no longer act for your organisation or no longer have a role in the submission of data to this collection have their roles revoked.



Data Collection Admin

This role allows the administration of Data Collection roles for and is delegated by the provider's Record Contact.

Data Collection Administrators are responsible for the administration of the Data Collection roles for the provider. They will be expected to invite people to hold Data Collection roles for their provider and also be expected to accept or reject requests to hold Data Collection roles for their provider.

Data Collection Administrators can revoke Organisation roles from people who no longer act for their provider, but the Record Contact is ultimately responsible for ensuring roles are up to date for their data stream.



Data Collection Guest

This role allows colleagues to view information about and contained in the HESA Data Collection System for a given data stream. Guests will have read-only access to the system only and will not be able to upload, alter or delete data.



Data Collection Query

The Query role provides a user with access to view and respond to the Minerva queries for the given data stream.

Institutions are required to actively engage with data quality checking and resolution of data quality queries within the collection period.



Data Collection Submitter

The Data Collection Submitter role provides a user with full access to the HESA Data Collection System in order to upload to manage data submission.



Staff Identifiers contact

This role provides instant access to the Staff Identifiers Directory, without the need to contact HESA and await a file transfer.

By agreement, HESA supplies providers with a Directory within the Identity System to assist HR colleagues in contacting other providers in order to access the staff identifiers of newly recruited members of staff who were previously employed in other HEPs, for use by the new employer in making the Staff return. The HESA Staff Liaison Contacts Directory contains the contact information of the HESA Staff Identifiers contacts at all HEPs. The contact details provided in the Directory must only be used for this operational purpose and the information it contains must be treated as confidential.

The Directory can be found in the Reports tab, on front page along with your contact details, once you have logged in. Simply click on the link, which will generate a report of all the current Staff Identifier contacts.

IDSstaff.png

Browser Compatibility

HESA is aware the Identity System is not compatible with Internet Explorer 7. Please try using an alternative browser such as Firefox or Chrome.

Creating an Account

There are two ways to get an IDS account - you can register for an account and request roles, or you will receive a role invitation email containing a link.

To create an account if you have not received role invitations:



  • Click 'Register'.
  • A verification email will then be sent, to prove that you have access to the email address you provided. This email will contain a link and once you have clicked this, the account will be verified and you will be able to log in. Please note that invitations will be sent from ids-no-reply@hesa.ac.uk. It may be worth checking your junk folder and ensuring that your email application allows emails from this address.
  • At this point, the account will not have permissions attached to it and you may need to request a role if you wish to access the Data Collection System or Minerva.

Registering an account from a role invitation


Possession of certain roles bestows the ability to invite other users to a subset of roles for a particular organisation even if the invitee doesn't have an account yet. For example, the Data Collection Staff Record contact can invite other users to have access to the data collection system and/or Minerva for the Staff stream.

If you are invited to a role you will receive an email like the one below with the subject line 'You have been invited to one or more roles. Please log in to either accept or decline':

From: ids-no-reply@hesa.ac.uk  

Dear Sir/Madam,

You have been invited to one or more roles as below.

  • Data Collection Staff Record Contact
You will need to sign up for an account in order to access this role. Please follow the URL below in order to do this.

https://identity.hesa.ac.uk/Account/Verify/23cc668a-3b37-4542-a227-c3ad3ecdca66

This is an automatic email sent by the HESA Identity Service. Please do not reply to this email. If you don't think you should have received this email, please contact ids.admin@hesa.ac.uk to resolve the issue.

Full registration


Click the link and you'll be taken to the HESA IDS site and presented with a 'Create a New Account' form. You should then complete the registration form and click Register. You'll see a message which says 'Thank you for registering. You can now log on and accept any role invitations'.

When you register for the first time you will be asked to set up password.  To enable an account to be set up, the password you create must be Strong, incorporating a mixture of letters (upper and lower), numbers and non-alphanumeric characters [ ] ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | \ : " ; ' < > ? , . /

Identity system- create a new account screen

You will then be asked to set up three recovery questions.  It is advisable you make the answers very memorable to you, as failure to remember all the answers will mean the account will have to be fully reset, deleting all roles previously held and requiring the user to request these roles once more.

IDSrecovery.png
Once you have logged in to the system you will see a message like the one below:

IDSnewaccountfrominvite1.png
To accept the role(s) that you have been invited to, select the Roles tab:

IDSnewaccountfrominvite2.png
You can then accept the terms for the role by clicking the checkbox, and then click the green tick to accept the role. 

If the role is associated with any granting rights these will be shown at the bottom of this tab:

IDSnewaccountfrominvite3.png

Requesting a role


Once you have created an account you are able to request one or more roles to enable you to access the various HESA systems.

To request a role go to the ‘Roles' tab in the account details screen; in the top right hand corner you will see a link that says ‘Request a role'. Selecting this will direct you to a page that contains the full list of roles that can be requested and a full organisation list. Choose the role and organisation relevant to you and then press the Request button. Your request will then be sent to the appropriate person within the organisation for approval.

Once your request has been approved or denied you will be sent an email notification from the system informing you of the outcome and whether any further action is required.

Inviting colleagues to roles and responding to requests


If your account has granting rights you are able to invite colleagues to have particular roles and respond to requests for roles.

To see whether you have granting rights select the ‘Roles' tab within the Account details page. Beneath the list of roles that you hold you will see a list of those that you have granting rights for.

To invite someone to a role, select the ‘My Orgs' tab in the top right-hand corner of the screen (note that this will only be visible if your account has granting rights).

IDSinviting.png
This will take you to the following screen:

  IDSrolesadmin.png

Once you have completed these three items press the ‘Invite' button and an email will be sent to the invitee to notify them. Until the invite has been accepted a record will be kept in the ‘Unaccepted role invites' tab and once accepted it will appear in the ‘Confirmed roles' tabs. This enables you to keep a record of the invitations issued.

To respond to a request for a role you will need to go to the ‘Unapproved role requests' tab. This will show a full list of outstanding requests requiring action and can be filtered to narrow down your search if desired:

IDSrolesadmin2.PNG
To accept a request, select the green tick box alongside it. The request will then disappear from this screen into the ‘Confirmed roles' tab. To refuse a request you will need to select the red cross icon.

Forgotten your password?


If you have forgotten your password please select the link from the log in screen:

IDSforgot.PNG
You will then be asked to enter your email address and answer some of your recovery questions before the password can be emailed to you.   

Updating your password and/or recovery information


Within the IDS you are able to update your password and recovery information. Users can change their passwords within the ‘Contact details' tab of the Account details page. Recovery information can then be edited through the ‘Recovery details' tab.



Data Collection access

Access to the HESA Data Collection System will now be managed through the IDS. In order to access the data collection system for a given data stream, at least one member of staff will need to be registered in the IDS with the ‘Submitter’ role. This role enables users to access the Data Collection System and submit data on behalf of the provider. Please note that this replaces the previous system of Access and PIN codes and will be the only way to access the Data Collection System.

Please note that access to fixed database submissions are unaffected by this change.