Data Platform User Authentication

How are users authorized for Data Platform access?

Center users are authorized by the center administrator through the NACC Directory.

Each member of a center has a contact email address in the directory where they can receive email that is set when they are added. But, when data platform access is authorized, the member is sent a link to a survey asking for an email that is used for authentication.

How long does it take to get access to the Data Platform?

The user process runs nightly so at a minimum gathering information and creating a user may take two days.

For more details, see what is the user enrollment process.

What address should I provide for authentication?

NACC has asked centers to identify their policy for how users should authenticate. Please consult with your center leadership to learn more. If you or your center need help, please reach out to the NACC Tech Team.

NACC manages users in a registry provided by CILogon, which supports the single-sign-on process.

CILogon allows authentication for supported emails from organizations that are part of the InCommon and EduGain organizations. CILogon also allows authentication using ORCiD.

However, you should not be using ORCiD unless you absolutely have to. ORCiD only has to be used if an email is not supported by CILogon, and you should check with your center on the policy before choosing to use ORCiD.

If you are using ORCiD for authentication, be certain that you've followed the steps for enabling your ORCiD account for authentication.

Generally, it is OK to just give us your work address. If it is wrong, NACC will notice and fix it. Just be aware that it will take longer than if you gave the correct address in the first place.

However, you can determine the exact email address with the following steps.

If you are using ORCiD for authentication, be certain that you've followed the steps for enabling your ORCiD account for authentication.

Open the flywheel authtest page and clicking the "Institutional Login with CILogon" button.

This will open a page on cilogon.org with a dialog to select your "identity provider". An identity provider is the system that is used to authenticate when you login to the NACC Data Platform. It is important that you select the correct one and do not click "Log On" until you are ready.

By default the identity provider is set to ORCID. Most centers should not be using ORCiD for authentication.

To use a different identity provider, click the dropdown list labeled 'ORCID' and use the search bar to search for your organization.

Once your identity provider is selected, click the "Log On" button. You will be taken to the login screen for your identity provider, which depending on your choice will either be at your organization or ORCiD.

Once you have authenticated, an authorization token page will be shown

Copy the email labeled with https://flywheel.io/email and provide that in your directory survey.

Again, most people's work address is the correct one, but it is not a problem if you provide the wrong address. It will just be a little slower to get your access setup.

How do I use ORCiD for authentication?

Using ORCiD puts a lot of the responsibility of managing your information on you, and you need to follow the directions carefully. Most of the problems users have with authentication relate to using ORCiD. Don't use it if you don't have to.

1. If you don't already have one create an account at ORCiD

   

2. Log into your ORCiD account

   

3. Find the "Emails & domains" panel on the left of the page, and click the pencil icon

   

4. On the "Emails & domains" popup window make sure that the authentication email address you entered in the directory is listed first, and the accessibility is set to "Everyone". The email needs to exactly match what you gave as your authentication email: if a letter is uppercase or lowercase they need to match.

   

You should also turn on two-factor authentication:

1. Click the user menu next to your name

   

2. Under "Security" open two-factor authentication and set to ON

   

What is the user enrollment process?

Once a center member is authorized for data platform access, the user enrollment process begins.

1. An email is sent to the authentication email address provided when the user is authorized asking the user to claim their record in the NACC user registry.

   The email includes the authorization address and a web link to claim the record for the address in the registry.

2. Once the user record is claimed and the user is created in NACC systems, another email will be sent indicating that the user is able to login to the NACC Data Platform.

How do I claim the user registry record?

You will receive an email with the authorization address and a web link to claim the record for the address in the registry.

• If you are using your institutional login for authentication, click or open the link.

• If instead you are using ORCiD for authentication, be certain that you've followed the steps for enabling your ORCiD account for authentication. And, once those steps are complete, click the button or follow the link in the email.

Clicking the "Claim Record" link will open a page on cilogon.org with a dialog to select your "identity provider". An identity provider is the system that is used to authenticate when you login to the NACC Data Platform. It is important that you select the correct one and do not click "Log On" until you are ready.

By default the identity provider is set to ORCID. Most centers should not be using ORCiD for authentication.

To use a different identity provider, click the dropdown list labeled 'ORCID' and use the search bar to search for your organization.

Once your identity provider is selected, click the "Log On" button. You will be taken to the login screen for your identity provider, which depending on your choice will either be at your organization or ORCiD.

If you successfully login, you will be logged into your user record in the NACC user registry at cilogon.org. You can logout of the registry at this point.

What do I do if I got an error when I claimed my registry record?

Errors will occur if the service you logged into didn't support the claim to the user record. Each record is associated with an email address, and the registry is attempting to match that. So, basically, the email you told us you would authenticate with doesn't match what you authenticated with.

Possible scenarios:

• You meant to use your institutional login, but instead logged in with ORCiD.

  Resolution: retry your claim but choose the identity provider for your email.

• You gave us a different authentication email than returned by your institution's identity provider; e.g., you gave a medicine.wisc.edu address but used the wisc.edu identity provider.

  Resolution: reply to the claim email and we can reset the email for you.

• You meant to use ORCiD, but your account is not configured to work for authentication.

  Resolution: Revisit your ORCiD settings

If it is not clear to you which is the case, reach out to NACC (reply to your claim email) and we will help you figure it out.

How do I retry claiming my registry record?

1. Visit https://cilogon.org/me and click the "Delete All" button.
2. Visit the claim link emailed to you

Why do I keep geting emails to claim my record?

If you went through the claim process, but keep getting messages saying you need to claim your record, then either an error occurred, or you have a new authentication address.

For errors, see what to do when you get an error

As far as authentication email addresses, if the email is different, you will get a new claim email. Note that the addresses eyam.user@dummy.org, Eyam.user@dummy.org and Eyam.User@dummy.org are treated as different.