Skip to main content

Data Platform User Authentication

How are users authorized for Data Platform access?

Center users are authorized by the center administrator through the NACC Directory.

Each member of a center has a contact email address in the directory where they can receive email that is set when they are added. But, when data platform access is authorized, the member is sent a link to a survey asking for an email that is used for authentication.

How long does it take to get access to the Data Platform?

The user process runs nightly so at a minimum gathering information and creating a user may take two days.

For more details, see what is the user enrollment process.

What address should I provide for authentication?

NACC has asked centers to identify their policy for how users should authenticate. Please consult with your center leadership to learn more. If you or your center need help, please reach out to the NACC Tech Team.

NACC manages users in a registry provided by CILogon, which supports the single-sign-on process.

CILogon allows authentication for supported emails from organizations that are part of the InCommon and EduGain organizations. CILogon also allows authentication using ORCiD.

However, you should not be using ORCiD unless you absolutely have to. ORCiD only has to be used if an email is not supported by CILogon. If you have bannerhealth.com and wakehealth.edu email address, you have to use ORCiD. Otherwise, check with your center on the policy before choosing to use ORCiD.

If you are using ORCiD for authentication, be certain that you've followed the steps for enabling your ORCiD account for authentication.

Generally, it is OK to just give us your work address. If it is wrong, NACC will notice and fix it. Just be aware that it will take longer than if you gave the correct address in the first place.

However, you can determine the exact email address with the following steps.

If you are using ORCiD for authentication, be certain that you've followed the steps for enabling your ORCiD account for authentication.

Open the flywheel authtest page and clicking the "University Credentials via CILogon" button.

select University Credentials via CILogon

This will open a page on cilogon.org with a dialog to select your "identity provider". An identity provider is the system that is used to authenticate when you login to the NACC Data Platform. It is important that you select the correct one and do not click "Log On" until you are ready.

By default the identity provider is set to ORCID. Most centers should not be using ORCiD for authentication.

select an identity provider from the list

To use a different identity provider, click the dropdown list labeled 'ORCID' and use the search bar to search for your organization.

If your identity provider is not obvious, see the next question.

search for the university of washington identity provider

Once your identity provider is selected, click the "Log On" button. You will be taken to the login screen for your identity provider, which depending on your choice will either be at your organization or ORCiD.

Once you have authenticated, an authorization token page will be shown

the first entry in the authorization token is the email to provide

Copy the email labeled with https://flywheel.io/email and provide that in your directory survey.

Again, most people's work address is the correct one, but it is not a problem if you provide the wrong address. It will just be a little slower to get your access setup.

I don't see my organization in the Identity Provider list, which do I use?

These are the Identity Providers for emails used by more than one ADRC member.

If you don't find what you need here, please reach out to the nacchelp email.

Email DomainIdentity Provider
bannerhealth.comORCID
berkeley.eduUniversity of California, Berkeley
bu.eduBoston University
case.eduCase Western Reserve University
cumc.columbia.eduColumbia University
duke.eduDuke University
emory.eduEmory University
iu.eduIndiana University
jhmi.eduJohns Hopkins
jhu.eduJohns Hopkins
kumc.eduUniversity of Kansas Medical Center
loni.usc.eduUniversity of Southern California
mayo.eduMayo Clinic
med.usc.eduUniversity of Southern California
medicine.wisc.eduUniversity of Wisconsin-Madison
mgb.orgMass General Brigham
mgh.harvard.eduMass General Brigham
mssm.eduIcahn School of Medicine at Mount Sinai
neurology.ufl.eduUniversity of Florida
neurology.unc.eduUniversity of North Carolina at Chapel Hill
northwestern.eduNorthwestern University
nyulangone.orgNYU Langone Health
ohsu.eduOregon Health & Science University
partners.orgHarvard University
pennmedicine.upenn.eduUniversity of Pennsylvania
phhp.ufl.eduUniversity of Florida
pitt.eduUniversity of Pittsburgh
rush.eduRush University Medical Center
salud.unm.eduUniversity of New Mexico
stanford.eduStanford University
stat.unm.eduUniversity of New Mexico
uab.eduUniversity of Alabama at Birmingham
ucdavis.eduUniversity of California, Davis
uci.eduUniversity of California-Irvine
ucsd.eduUniversity of California-San Diego
ucsf.eduUniversity of California, San Francisco
ufl.eduUniversity of Florida
uky.eduUniversity of Kentucky
umich.eduUniversity of Michigan
upenn.eduUniversity of Pennsylvania
usc.eduUniversity of Southern California
uthscsa.eduUniversity of Texas Health Science Center At San Antonio
uw.eduUniversity of Washington
wakehealth.eduORCID
wisc.eduUniversity of Wisconsin-Madison
wustl.eduWashington University in St. Louis
yale.eduYale University

How do I use ORCiD for authentication?

Using ORCiD puts a lot of the responsibility of managing your information on you, and you need to follow the directions carefully. Most of the problems users have with authentication relate to using ORCiD. Don't use it if you don't have to.

  1. If you don't already have one create an account at ORCiD

    use sign in/register to create an account

  2. Log into your ORCiD account

    login to your orcid account

  3. Find the "Emails & domains" panel on the left of the page, and click the pencil icon

    click the pencil icon of emails & domains

  4. On the "Emails & domains" popup window make sure that the authentication email address you entered in the directory is listed first, and the accessibility is set to "Everyone". The email needs to exactly match what you gave as your authentication email: if a letter is uppercase or lowercase they need to match.

    set authentication email first and accessible to everyone

You should also turn on two-factor authentication:

  1. Click the user menu next to your name

    open user settings

  2. Under "Security" open two-factor authentication and set to ON

    set two-factor authentication

What is the user enrollment process?

Once a center member is authorized for data platform access, the user enrollment process begins.

  1. An email is sent to the authentication email address provided when the user is authorized asking the user to claim their record in the NACC user registry.

    The email includes the authorization address and a web link to claim the record for the address in the registry.

  2. Once the user record is claimed and the user is created in NACC systems, another email will be sent indicating that the user is able to login to the NACC Data Platform.

How do I claim the user registry record?

You will receive an email with the authorization address and a web link to claim the record for the address in the registry.

  • If you are using your institutional login for authentication, click or open the link.

  • If instead you are using ORCiD for authentication, be certain that you've followed the steps for enabling your ORCiD account for authentication. And, once those steps are complete, click the button or follow the link in the email.

Clicking the "Claim Record" link will open a page on cilogon.org with a dialog to select your "identity provider". An identity provider is the system that is used to authenticate when you login to the NACC Data Platform. It is important that you select the correct one and do not click "Log On" until you are ready.

By default the identity provider is set to ORCID. Most centers should not be using ORCiD for authentication.

select an identity provider from the list

To use a different identity provider, click the dropdown list labeled 'ORCID' and use the search bar to search for your organization.

search for the university of washington identity provider

Once your identity provider is selected, click the "Log On" button. You will be taken to the login screen for your identity provider, which depending on your choice will either be at your organization or ORCiD.

If you successfully login, you will be logged into your user record in the NACC user registry at cilogon.org. You can logout of the registry at this point.

What do I do if I got an error when I claimed my registry record?

Errors will occur if the service you logged into didn't support the claim to the user record. Each record is associated with an email address, and the registry is attempting to match that. So, basically, the email you told us you would authenticate with doesn't match what you authenticated with.

Possible scenarios:

  • You meant to use your institutional login, but instead logged in with ORCiD.

    Resolution: retry your claim but choose the identity provider for your email.

  • You gave us a different authentication email than returned by your institution's identity provider; e.g., you gave a medicine.wisc.edu address but used the wisc.edu identity provider.

    Resolution: reply to the claim email and we can reset the email for you.

  • You meant to use ORCiD, but your account is not configured to work for authentication.

    Resolution: Revisit your ORCiD settings

If it is not clear to you which is the case, reach out to NACC (reply to your claim email) and we will help you figure it out.

How do I retry claiming my registry record?

  1. Visit https://cilogon.org/me and click the "Delete All" button.
  2. Visit the claim link emailed to you

Why do I keep geting emails to claim my record?

If you went through the claim process, but keep getting messages saying you need to claim your record, then either an error occurred, or you have a new authentication address.

For errors, see what to do when you get an error

As far as authentication email addresses, if the email is different, you will get a new claim email. Note that the addresses eyam.user@dummy.org, Eyam.user@dummy.org and Eyam.User@dummy.org are treated as different.