You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Overview

MIT Touchstone provides a single-sign-on point of entry for users of MIT services obviating the need for separate local accounts across systems and standardizing basic account management procedures for guest users, like resetting forgotten passwords and making name changes. In January, MIT Touchstone became the only means of access for non-MIT "guest" users of MIT Wikis Since its inception MIT Wikis has defaulted to using MIT Certificates for purposes of authenticating members of the MIT community. Since Fall 2008, MIT Touchstone login has also been available as a fallback option, making it possible for MIT users to log in even if they don't have certificates. As of April 9, all logins to MIT Wikis will be routed through MIT Touchstone.

  • MIT Touchstone is:
    1. A centralized authentication and login service for MIT-community users

    2. A centralized authentication and account/profile management service for users outside of the MIT community

  • Touchstone Accounts are:
    • Free
    • Self-service
    • Web-based
    • Based on open standards including SAML and Shibboleth
    • Shibboleth Single Sign-On enabled

How this change will affect you:


You are a MIT user if you:

  • have a MIT Kerberos account
  • have a @mit.edu email address
  • have a MIT personal certificate

All other users are Guest users

MIT community members

As of April 9, 2009, all users of MIT Wikis will be presented with a MIT Touchstone login page. MIT users should choose the a. button and present their certificate or Kerberos credentials.

Users with a Kerberos account or personal certificate do not need to create a Touchstone Collaboration Account to use MIT Wikis. Touchstone supports both Kerberos and certificates.


Guest users

Guest users will see a login page when accessing Stellar for the first time after the switchover. This Stellar informational page will appear only once and a cookie will be set to automatically send users to the appropriate login page in Touchstone. You must enable cookies to authenticate successfully. Clear your cookies to see this login page again. Guest users should choose the b. button and log in with their email address and password.

Please note

All non-MIT guest users MUST have an MIT Touchstone Collaboration Account in order to access Spring 2009 Stellar course sites and wiki spaces.


Previous Stellar users

Users with an active account in Stellar have received an email with instructions on how to create and activate their Collaboration Account. An email with an activation code will be sent to you upon registration. Click on the link in the email, activate your account and proceed to log in to Stellar to access your sites. Once registered, non-MIT users can securely authenticate to all class sites that they have been granted access to by the Instructor.

Important

The Stellar password you have set in the past will no longer work. To ensure that you can access your Stellar sites from past semesters, please create your Collaboration Account using the same email address that you used to access Stellar before this Spring.



New Stellar users

Users without Stellar accounts must provide an email address to the Instructor or Admin of the site they wish to access. The Instructor must add you to the membership list of this site. You will receive an email with instructions on how to create your Touchstone Collaboration Account.

Users can also create a Collaboration Account first and then provide their email address to the Instructor. So long as the email address is the same as the one you used to create your Collaboration Account, you will have access to Stellar.

At this time, using OpenID to login is not recognized by most MIT applications. However, if you wish, you may associate your OpenID account with your Collaboration Account. To do this you must create a Collaboration Account first, then update your user profile to associate your OpenID account to your Collaboration Account. Once the association is complete, you can use your OpenID account to login. Please note that MIT Touchstone does not yet support OpenID 2.0.



Login Steps - All Users

  1. From the Stellar homepage or CourseGuide click the @Stellar tab or navigate to the class site you are joining and click the LOGIN link at the top of the left navigation bar.
  2. Stellar will check to see if you have an MIT personal certificate.
    • If you do, you will be logged in.
    • If you don't and you haven't logged in to Stellar recently, you will see the new Stellar login page. Click on the "Go to Touchstone" button at bottom.
  3. If you have cookies enabled, you are directed to the "MIT Touchstone" authentication options login page.
  4. Select login button a if you are an MIT user (see above for instructions).
    • The grey Touchstone login page is displayed. Choose your preferred login method and click the appropriate button.
    • You are redirected back to Stellar.
  5. Select login button b if you are an non-MIT user and you already have a Touchstone Collaboration Account (see above for instructions).
    • The red Touchstone Collaboration Accounts login page is displayed. Enter your user name and password. Complete the login.
    • You are redirected back to Stellar.
  6. Select the "Sign up!" link if you are an non-MIT user and you don't have have a Touchstone Collaboration Account (see above for instructions).
    • Complete the form fields - be sure to use the same email address you've used with Stellar before if you want to keep access to your class sites from previous semesters - complete the word verification, check the Terms of Service box and click "Create Account."
    • Check your inbox (and spam filer) for a Collaboration Account activation email from touchstone-support@MIT.EDU containing an activation code and link. Click on the link, follow the instructions to activate your account.
    • Go to step 1 above to access Stellar with your new account information.


Instructors and Admins of Stellar sites

Adding MIT users to class sites remains the same. The process for adding Guests and Non-MIT users has changed. You will no longer use the Account Request Form. Guests and non-MIT class participants must now create and activate a Touchstone Collaboration Account to access Stellar. You can initiate this process from your class site's Edit Participant Group page - follow the directions under "Non-MIT User access."

Adding a Non-MIT Participant to a class site membership list

  1. Navigate to the class to which you want to add a non-MIT class participant.
  2. Select Membership in the left navigation bar.
  3. Select Edit Participants in the tabs across the top of the page.
  4. Add the non-MIT user's email address to the Add User field and click Submit.
    • You are directed to the Add New Participants page for you to double check the email address of the person you wish to add. Carefully check the email address(es) added and make any necessary changes. Click Submit.
    • A success confirmation page will appear briefly to inform you that an e-mail has been sent to the person asking them to create a Collaboration Account. Click Continue or allow the page to redirect.
    • You are returned to the class Membership page. The person is added to the class roster as "User, Provisional." You can view their email address by hovering your mouse pointer over their name.
    • The new user will receive an email with instructions for creating and activating a Touchstone Collaboration Account, similar to the emails users received previously when their accounts were created in Stellar.
    • When the user activates their account and logs in to Stellar for the first time, their actual name will replace the "Provisional User" placeholder.

What will change in Stellar

A note about @domain.mit.edu accounts:

Stellar only supports @mit.edu email addresses. An @domain.mit.edu address may be used to register for a Touchstone Collaboration Account in order to access Stellar, however, there are limitations. If an Instructor chooses to register for a Collaboration Account and use it to access various MIT systems, he/she may find their access and privileges severely limited. Professors exist in the central MIT authentication and identity management systems only – that information is not shared with departments, labs, and centers that maintain their own email system.

For example, there may be applications that expect the internal MIT account name to be passed in order to grant certain privileges to the user within the application. There may also be applications that grant privileges based on data feeds from existing MIT systems.

The Collaboration Accounts management system has no way of knowing if the user is a faculty member or any other information about the person. It only knows the email address that was used to register the account. Hence, applications may treat a professor that uses a collaboration account, such as @math.mit.edu, as someone with fewer privileges than an undergraduate student.

At this time, Stellar cannot accommodate manually managing the access privileges for such a user. Because of this situation, MIT users are strongly encouraged to use their MIT identity to log in via the MIT identity provider page (gray) rather than the touchstonenetwork identity provider page (red).

Additional Information about MIT Touchstone Accounts

Touchstone Accounts provide the following services:

  • Self-service user account registration and maintenance
  • Self-service password management and resets
  • Authentication
  • Shibboleth/SAML attribute releases

  • No labels