ÄûÃʵ¼º½

1  Short-term visitors and infrauser (no Aalto ID)

The host of the short-term visitor seeks access rights to the visitor by sending email to the key responsible person. The email must include the name of the visitor, company, contact information (including email), duration of the visit and the access rights requested.

• The key responsible approves the request
• by forwarding the email to the lobby services of the corresponding building, (the list of lobby service emails can be found on the last page) so they know to create and give out the correct access token once the visitor arrives. Include information also about Cliq keys if needed.
• by replying to the host, who will inform the visitor where and when the token can be picked up by showing proving your identity. (during open hours of the lobby)
• For infrausers the email needs to be forwarded to kulkukortit@aalto.fi. ACRE will create the user in Abloy OS and add the relevant access rights and access token. ACRE will inform the infrauser (cc host) where and when the token can be picked up. As the key responsible cc the host in the approval email you send to ACRE.
• The key responsible person denies the request by replying to the email with reasoning for the denial.

2  Access rights to special zones (user with Aalto ID)

For new employees or a visitor, the manager can evaluate the need for access to special zones, and request those through the self-service portal, idm.aalto.fi. Access rights to special zones can be requested through the portal for persons with Aalto ID. The request will be assigned to the key responsible person defined for the special zone.

• Key responsible approves the request – access right is automatically updated and an email notification is sent to the recipient of the access right.
• Key responsible denies the request – an email notification is sent to the user. As the key responsible remember to give a reason for the denial.

Once a person has an Aalto ID, they can log in to the self-service portal, idm.aalto.fi, and request access to the necessary special zones.

• The chosen special zone does not require any training/induction:
• The request is assigned to the manager of the recipient, who approves or rejects the request
  • The manager will be sent an email notification on the new request waiting for their action
  • If the manager does not react to the request in five working days, the request will be escalated/assigned to the key responsible person.
• The request approved by the manager will be assigned further to the key responsible person as an open request.  
  • The key responsible will receive an email notification on the new request pending their action.
• Key responsible approves the request – access right is automatically updated and an email notification is sent to the recipient of the access right.
• Key responsible denies the request – an email notification is sent to the user. As the key responsible remember to give a reason for the denial. The comments will be visible both in the portal and in the email notification.

If you need more information from the requester, or any other person, you can send an inquiry through the request in the portal. The recipient will receive an email notification on a new inquiry and once they reply, you will receive a notification on a new response. The discussion will be visible also in the portal on the request.

If several key responsibles have been assigned to a special zone, it is enough for one of them to handle the request. Once one has handled the request, it will no longer be available in the list of pending requests of the others.

• Access to CHEM special zones

1. In order to gain access to CHEM facilities, you need to pass the work safety course in OpenLearning/MyCourses
2. If, from the list of special zones, you choose a space that requires the work safety course, the portal will send you an email notification to alert you on taking the necessary course
3. The extended access rights will automatically be updated, once the course has been successfully passed
    

• Access right to special zone requires course completion in MyCourses

1. The user will choose the needed special zone to the request in the self-service portal.  If the course has not been successfully completed the portals will notify the user of the missing course completion (as an email notification)
2. As the course has been successfully completed, the extended access rights will automatically be updated.

3  Self-service portal to key responsible persons

This is the front-page view of the self-service portal (idm.aalto.fi) to the key responsible persons:

Start new request
Initiate a request to gain access to special zones

Pending requests
This section is visible when you have requests that are pending your action. You have also received an email notification on each new request. The email includes a link to the list of your pending requests.

Physical access to special zones 
A view to the access that you currently have

Access tokens
The view where you can manage your own token information and PIN code. Every user must register and activate their own access token (HSL card for students). In this view you can also mark your token as lost or remove it.

My responsibilities - System roles
As a key responsible this is where you can see and manage the list of persons that have access to a special zone.
 

3.1  Handling a access request to a special zone

To handle pending requests for access to special zones, click on the link in the email notification or go straight to idm.aalto.fi. On the portal front page, click on Pending request to see the list.

In the list of pending requests (picture below), click on a line to view the details on the right.

Product: special zone to which access has been requested
Recipient: person needing access
Requester: person who initiated the request (usually the recipient, but can also be the manager)
Valid from/valid until: filled in if access has been requested for a fixed period
Lower on the list you can see the reason given for the request.

Select the person you want to send the inquiry to. You can type the name in the search field, click on the magnifying glass, and select the correct person by clicking on their name:

Type in your question and click on Save:

The person you chose will receive an email notification on a new inquiry. The email will contain a link, that can be clicked to access the request. Once the person has saved their answer, you will receive an email notification to alert you of a new answer. You will be able to see the answer in the email, and on the Workflow tab of the request.

If you now have enough information to handle the request, click on Approve or Deny on the corresponding row.

After clicking on Next, you will be able to give the reason for your decision. For denials, the reason is mandatory.

(Picture below) If you approved/denied several requests at a time, you can give a common reason for all using the Reason for approvals field. If necessary, you can also give individual reasons for each line by clicking on the line specific Enter a reason link.

On this page you can also set or modify the validity dates of the access right by clicking on the text/links in the Valid from and Valid until columns. Remember to Save.

The recipient of the access right will receive an email on your decision. If you approved the request, the access right to the special zone will be automatically added to the person for the time defined. If you denied the request, the person can, if necessary, create a new request.
 

3.2  My special zones

As the key responsible of a specific special zone, you will be able to see who has been granted access to the zone and can maintain the list by adding and deleting members.

On the portal frontpage, go to My responsibilities – System roles:

Clicking on Memberships will open the list of persons that have access to the special zone.

3.3  Adding access rights as a key responsible

By clicking on the Request membership button (in the picture above) you can add people to the list without them (or their managers) creating a request.

Click on Request membership, select the desired persons by clicking on their name. Once all the defined names are on the Selected list on the right-hand side, click on Add to cart in the lower right-hand corner.

Next, give a reason for the addition and click on OK. You can also define dates, if the access is given for a fixed period. Finally click on Submit.

The role that grants access to the special zone, will automatically be added to the selected persons.

3.4  Deleting access rights as a key responsible

If the access right to a special zone needs to be deleted, select the persons from the Membership list by ticking the box in front of their name, and click on Delete membership in the lower right-hand corner. The role granting access to this special zone will be deleted from these persons automatically.

If, under special circumstances, access needs to be deleted for a special zone that has required MyCourse or OpenLearning, the deletion needs to be done manually. The key responsible needs to send a message via  service specifying the person and the course. MyCourses will edit the information in MyCourses/OpenLearning, and forward the message to IT Service Desk. They will then remove the person from the relevant AD group, to remove the access.

This will be implemented later, so not in use yet:
If the role of a person changes for example from student to staff or vice versa, the key responsible will receive an email notification. This is to alert the key responsible to check if the access right to a special zone needs to be deleted.

4  Email addresses to lobby services