Data Platform User Authentication
How are users authorized for Data Platform access?
Center users are authorized by the center administrator through the NACC Directory.
Each member of a center has a contact email address in the directory where they can receive email that is set when they are added. But, when data platform access is authorized, the member is sent a link to a survey asking for an email that is used for authentication.
How long does it take to get access to the Data Platform?
The user process runs nightly so at a minimum gathering information and creating a user may take two days.
For more details, see what is the user enrollment process.
What address should I use for authentication?
NACC has asked centers to identify their policy for how users should authenticate. Please consult with your center leadership to learn more. If you or your center need help, please reach out to the NACC Tech Team.
NACC manages users in a registry provided by CILogon, which supports the single-sign-on process.
CILogon allows authentication for supported emails from organizations that are part of the InCommon and EduGain organizations.
In general, this means that an address for the primary domain such as wisc.edu
will work, but specialized subdomains such as medicine.wisc.edu
will not.
However, some universities have included these subdomains in the supported addresses, so it is best to check with someone in your center about which addresses are to be used.
CILogon also allows authentication using ORCiD. You should not be using ORCiD unless you absolutely have to. ORCiD only has to be used if an email is not supported by CILogon, and you should check with your center on the policy before choosing to use ORCiD.
To get started with using ORCiD, see the Instructions for setting up an ORCiD account, and you will need to provide the exact email address made available through ORCiD.
How do I use ORCiD for authentication?
Using ORCiD puts a lot of the responsibility of managing your information on you, and you need to follow the directions carefully. Most of the problems users have with authentication relate to using ORCiD. Don't use it if you don't have to.
-
If you don't already have one create an account at ORCiD
-
Log into your ORCiD account
-
Find the "Emails & domains" panel on the left of the page, and click the pencil icon
-
On the "Emails & domains" popup window make sure that the authentication email address you entered in the directory is listed first, and the accessibility is set to "Everyone". The email needs to exactly match what you gave as your authentication email: if a letter is uppercase or lowercase they need to match.
You should also turn on two-factor authentication:
-
Click the user menu next to your name
-
Under "Security" open two-factor authentication and set to ON
What is the user enrollment process?
Once a center member is authorized for data platform access, the user enrollment process begins.
-
An email is sent to the authentication email address provided when the user is authorized asking the user to claim their record in the NACC user registry.
The email includes the authorization address and a web link to claim the record for the address in the registry.
-
Once the user record is claimed and the user is created in NACC systems, another email will be sent indicating that the user is able to login to the NACC Data Platform.
How do I claim the user registry record?
You will receive an email with the authorization address and a web link to claim the record for the address in the registry.
-
If you are using your institutional login for authentication, click or open the link.
-
If instead you are using ORCiD for authentication, be certain that you've followed the steps for enabling your ORCiD account for authentication. And, once those steps are complete, click the button or follow the link in the email.
Clicking the "Claim Record" link will open a page on cilogon.org with a dialog to select your "identity provider". An identity provider is the system that is used to authenticate when you login to the NACC Data Platform. It is important that you select the correct one and *do not click "Log On" until you are ready.
By default the identity provider is set to ORCID. Most centers should not be using ORCiD for authentication.
To use a different identity provider, click the dropdown list labeled 'ORCID' and use the search bar to search for your organization.
Once your identity provider is selected, click the "Log On" button. You will be taken to the login screen for your identity provider, which depending on your choice will either be at your organization or ORCiD.
If you successfully login, you will be logged into your user record in the NACC user registry at cilogon.org. You can logout of the registry at this point.
What do I do if I got an error when I claimed my registry record?
Errors will occur if the service you logged into didn't support the claim to the user record. Each record is associated with an email address, and the registry is attempting to match that. So, basically, the email you told us you would authenticate with doesn't match what you authenticated with.
Possible scenarios:
-
You meant to use your institutional login, but instead logged in with ORCiD.
Resolution: retry your claim but choose the identity provider for your email.
-
You gave us a different authentication email than returned by your institution's identity provider; e.g., you gave a medicine.wisc.edu address but used the wisc.edu identity provider.
Resolution: reply to the claim email and we can reset the email for you.
-
You meant to use ORCiD, but your account is not configured to work for authentication.
Resolution: Revisit your ORCiD settings
If it is not clear to you which is the case, reach out to NACC (reply to your claim email) and we will help you figure it out.
How do I retry claiming my registry record?
- Visit https://cilogon.org/me and click the "Delete All" button.
- Visit the claim link emailed to you
Why do I keep geting emails to claim my record?
If you went through the claim process, but keep getting messages saying you need to claim your record, then either an error occurred, or you have a new authentication address.
For errors, see what to do when you get an error
As far as authentication email addresses, if the email is different, you will get a new claim email.
Note that the addresses eyam.user@dummy.org
, Eyam.user@dummy.org
and Eyam.User@dummy.org
are treated as different.