FAQs

The UFID number is an identifier for all university faculty, staff, students, DSO staff, and other UF affiliates. The UFID is an eight-digit number displayed using a dash between the fourth and fifth digits, like this: 1234-5678.

No. Identifiers including Social Security numbers and UFID numbers are not to be displayed with grades. Per requirements set forth by the Family Educational Rights and Privacy Act (FERPA), using partial ID numbers constitutes a breach of confidence. 

Go to one.uf.edu, click on the profile icon in the top right and it will show your hidden UFID on the right-hand side.

GATORONE Cards, which have the UFID number printed on the front, are issued to Students, Faculty, Staff, and DSO staff. The GATORONE Card gives you access to gated parking, libraries, computer labs, vending, Gator Dining, recreation centers, and many other places and services at UF. To find out more visit the GATORONE Card website. 

Typically the Office of Admissions for student applicants and the UF Human Resources for new hires. A UFID number is assigned to anyone who is affiliated with the university. 

Your GatorLink username and password is used to access computer resources at the university. 

UFIT assigns UFID numbers to newly created identities to identify authoring parties for new UFIDs. 

As contact information about a particular person is entered using the Add Person function, (e.g., name, date of birth, address, organization UFID, etc.) the UFID assignment software will alert you if that individual already has a UFID. Searching by name, DOB, SSN, email (personal or business),phone number, driver license or passport numbers. In addition, the UF Identity Administrator will routinely check for any potential identity errors.  

A campus-wide identity registry was created under the direction of the Information Technology Advisory Committee (ITAC) – Data Infrastructure and Administrative Computing Committee. The UFID numbering system is managed through the UF Identity Registry. This registry is the single, authoritative source for contact information about individuals. The practice of maintaining data in this database is known as Identity Management. 

The UF Identity Registry is the sole source of your contact information at the University of Florida. Make sure the information it is up to date by logging on to one.ufl.edu with your GatorLink username and password. Navigate to the profile icon on the top right -> view and update profile information to edit any personal information. 

Changes to your home address and phone number can take up to 15 minutes to be reflected in the online phonebook. 

The Legal Name is your official name that is entered when you are hired and usually comes from an official document such as your Social Security card, visa paperwork, driver’s license, etc. The Display Name is what you want people to see in the UF Directory (online phonebook), such as “Bob” instead of “Robert” or “John Doe” instead of “Michael J. Doe.” You can modify your own display name but not your legal name.

Please follow the instructions laid out in UF's policy found on this page.

You can add or change phone numbers in the UF Identity Registry by going to one.ufl.edu and navigating to the profile icon on the top right -> view and update profile information to edit your phone number details. 

You can choose to have your Local Home and Permanent Home data set to ‘Publish’ or ‘Do Not Publish’ in the UF Identity Registry by navigating to My Account > Update My Directory Profile in the myUFL portal. This will include both the address and telephone number. This setting can be changed at any time and may take up to 15 minutes to be reflected in the online phonebook. The University of Florida Telephone Directory will, of course, reflect your data as it stands when the paper directory goes to print. If you select ‘Publish’, your personal contact information can be made available in public directories. If you select ‘Do Not Publish’, your personal contact information remains unpublished. You will not appear in the online phonebook or public search of UF information. Your SSN is never published by the University of Florida. Note: Work address information will be published for UF employees. Even if you choose to not publish this information, it is required that you provide your home address to the university, because it is necessary for payroll and tax reporting.

You can create a GatorLink account on this site. Contact the UF Computing Help Desk, (352) 392-4357 for more information.

Changes to demographic, address, phone, etc. are done in the Identity Registry.  If as an HR/Payroll representative you are also your units Identity Coordinator you can edit information in Identity Access Management.  If not, then your units Identity Coordinator will need to make these changes for you.  If you feel you should have this access to IAM you will need to contact contact your Department Security Administrator (http://files.it.ufl.edu/identity/DSA.pdf)  and ask them to submit a request in the Application Access Request System.  BRG500 training is required for these roles.   If you’re not sure who your department security administrator is, please contact the UF Computing Help Desk, (352) 392-4357.

Yes, adjunct professors should be listed in the UF Identity Registry. You can update your Registry information by navigating to My Account > Update My Directory Profile in the myUFL portal. If, after updating your information there, you still have inaccuracies in your entry, please contact the UF Computing Help Desk, (352) 392-4357.

If you still need help, contact the UF Computing Help Desk, (352) 392-4357.

The GatorLink Single Sign-On (SSO) is a feature that has existed for several years in the myUFL Portal and was extended to non-Portal applications in 2010. An application that uses the UF GatorLink Sign-on screen can now participate in the SSO feature. This feature generally allows an application that is being logged on to by the user to verify the credentials of the person based on the current browser session and information stored at the Identity Service Provider (IdP). If a user has already logged on to a GatorLink protected application the user may be allowed to sign on to subsequent application within the same browser session without reentering the GatorLink username and password. The GatorLink IdP software is aware of the browser session and in many cases will pass credentials to the second, third, etc. application started within the specific browser session. The experience varies depending on the internet browser used, the version of the browser software, and the specific application being accessed. Once the browser is closed all applications within that browser are closed and require new credentials (i.e., a re-entering of your GatorLink SSO) to return to the application. The GatorLink SSO feature allows users to work on enterprise, college and department-level applications without continually being asked for their credentials. An application can request a credential as deemed needed by the owners of the application. 

To ensure a high level of security and to meet certain security standards, we often rotate password based on access level.  

Most people can store a forgotten-password hint in myUFL. Simply click on “My Account” in the myUFL Menu and then click on “Store My Password Hint.” You also may store a question and response as a password hint. If you forget your password, you can use the hint to reset your password in the myUFL portal. Those with a P5 password policy level will need to reset their password in person with picture ID at the UF Computing Help Desk in the HUB on Stadium. If you are having difficulties please contact the UF Computing Help Desk, (352)392-4357.

Yes.

UF HR has provided an HR Toolkit for Security Roles which contains useful instruction sets for performing various tasks in the UF SailPoint IdentityNow system.

HR has also updated the training courses for DSAs (requestors), Primary DSAs (this is new), and Role Approvers:

• IAM100: Security Role Requesters (for all DSAs, including Primary DSAs)
• IAM200: Primary Requesters (for Primary DSAs)
• IAM300: Governance Groups (for all Approvers)

These are recommended for anyone who will be using UF’s SailPoint.

Only Requestors (DSAs), Approvers (Governance Group members), and Auditors can log in to SailPoint.

Each department can have multiple DSAs, and for role requests any DSA can make requests. However, each department can have only one Primary DSA who will serve as the “manager” for that department in UF SailPoint IdentityNow.

The current list of DSAs can be found here.

Primary DSAs have the added responsibility for ad-hoc role removal and “Mover” certifications for people in the departments for which they are specifically listed as primary DSA as well as any sub departments that do not have a Primary DSA specifically defined.

These differences are covered in the IAM100 and IAM200 training courses, which are required to obtain the UF_SEC_REQUESTOR role, but also, strongly recommended for all DSAs including those who had the role before the switch the UF SailPoint.

Yes, the old ARS system was able to support multiple DSAs with equal responsibility within a department, but SailPoint IdentityNow uses a more conventional single-manager model, where each person has a single manager within the system. This means we had to adopt this Primary DSA convention to serve a people’s managers within SailPoint.

No, each department ID can have only one Primary DSA.

In this case, please reach out to UFIT Identity and Access Management. We can assist in reassigning any certifications, aiding in role revocation, or assigning a new Primary DSA.

IAM will assign either another DSA or work to administratively certify the access. 

UFIT IAM worked with the HR Liaisons to determine who should be Primary DSA for each area in the run-up to our launch of the new system. Going forward we will work with the DSAs in their respective areas to make any changes to who will fill the Primary DSA role.

Not necessarily, but having multiple DSAs per department is recommended. This recommendation is because a person can’t certify themselves, so IAM will need to identify another DSA to perform certification for you

That may be an enhancement in a future version. For now, the form will stay the same and will still require departmental IDs so audits can verify that access is being requested in an expected manner in accordance with assigned departments. The DSA Authorization Form is located here.

Yes, in the HR Toolkit, the “Complete Certification Campaigns” instruction set is a very helpful visual guide (with screenshots) which provides a workflow that will help you process your assigned certifications quickly and efficiently.

Specifically, this four-step process is recommended:

1. In SailPoint, Entitlements must be approved as part of the certification process. On the Entitlements tab, select all, and then click Approve – this will bulk approve all those Entitlements
2. On the Roles tab, select all, and then click Acknowledge – this will acknowledge all the roles that are granted by birthright.
3. Now, what’s left will be the Requestable Roles – this is where we ask you spend time scrutinizing the requested access that may no longer be needed or appropriate. You will decide to approve or revoke these. Note: If no Requestable Roles remain after completing steps 1 and 2, proceed directly to step 4.
4. After submitting decisions on all item, be sure to “sign-off” on the recertification.

When someone moves (see “what triggers a certification below”), a “Mover” certification will be created and assigned to the Primary DSA of the person’s primary department.

When someone moves between primary departments (e.g. leaving one dept for another), typically the Primary DSA of the department that the person is leaving will be assigned the certification. This gives the Primary DSA in the former department the opportunity to revoke any access the person should no longer have.

Only the person’s Primary DSA will be notified upon creation. If the Primary DSA reassigns the certification, the receiving DSA will be notified.

Certifications can be reassigned on a one-by-one basis as needed:

• open the certification you wish to reassign
• on the left-hand side of the page, click the checkbox next to the person’s name, this will change the screen to the ‘reassign’ screen
• click ‘reassign’
• in the fly-out, enter the UFID of the person you wish to reassign the certification to (Make sure the person you are reassigning to is a DSA), then select their name once found.  Then enter a helpful comment.
•  click ‘Reassign’ at the bottom of the fly-out

In situations where a Primary DSA is going to be unavailable (vacation or other planned leave), the Primary DSA can set automatic reassignment to another appropriate DSA for the duration of their leave using the steps provided here in the HR Toolkit. Please note this will ONLY reassign new certifications. Any outstanding certifications will need to be completed or reassigned on a one-by-one basis.

It’s a best practice to set an end-date on automatic work reassignments during leave.  Any work that has already been reassigned will stay with the person to whom it was assigned, but any new recertifications will come to you. 

Mover certifications are triggered in three scenarios:

• Any change to a UF employee’s department ID or Job code in UF’s HR data will generate a Mover certification. This include the addition or departure of a secondary/additional job.
• If a UF employee who leaves employment, but retains an employee-like affiliation a Mover recertification will be generated.
• For non-employees with “employee-like” affiliations, changes in their primary department ID will generate a Mover certification.

No. However, after the request is submitted, it will be denied by an automated process. Both the requesting DSA and the person for whom the role was requested will receive an email containing information about which training must be completed.

Yes. Most of the auto-approved roles from the old ARS system will continue to be auto-approved. 

Please contact IAM, we can help reach out to the Governance Group who approves the role.

For roles that require additional information, we will note that in the role description and require a comment be populated with the request. 

Yes, IAM and role owners can work to improve this. If you find a description that needs clarification, please reach out to IAM. 

Access will be granted automatically within 15 minutes after approval. No more overnight waits, barring some edge systems like Equifax and PageUp that require an overnight process. 

DSO accounts (DSO####) will not exist in SailPoint, as they are not gatorlink accounts. DSO account PeopleSoft access will have to go through UFIT’s ADI App Security team until Workday goes live. 

The additional security setups for T&L, HRMS, ePAF, etc will remain in myUFL (PeopleSoft).