Access to Adobe Creative Cloud after October 30th

The University’s free student, faculty, and staff access to Adobe Creative Cloud ends on October 30, 2020.  

After October 30, the following Adobe Creative Cloud licensing will be in effect at Baruch: 

For students

Students who are enrolled in courses that require Adobe Creative Cloud use can continue to use the software without interruption.  If your course has been identified as requiring Adobe Creative Cloud, your entitlement through your CUNY Login will continue to work after October 30. 

 All other students can access Adobe Creative Cloud from the Baruch online labs located at https://onlinelabs.baruch.cuny.edu/. The online labs can be accessed using your Baruch username and password.  
 
Creative Cloud entitlements for students will be revised on a per-semester basis. 

For faculty and staff:  

Faculty and staff currently who previously received an Adobe Creative Cloud account authenticated by your Baruch email and Baruch username can continue to use the software without interruption. 

If you are faculty or staff and need access to Adobe Creative Cloud you should contact the BCTC Helpdesk for further information. 

Dealing with PDF forms

One of the side effects of our remote work environment is a different understanding of how online documents and signatures work.

I personally have been living in the electronic document world for a while now–a standard workflow for me is receiving an electronic invoice, opening it in Acrobat (either Acrobat Pro or Reader) and signing it:

This usually works well. However, there are documents that faculty and staff need to sign that are PDF forms. PDF forms are specially formatted to allow users to enter data into specific form fields. For whatever reason Acrobat does not allow documents designed as PDF forms to be signed in Acrobat.

Fortunately, there is a simple workaround (at least on Windows, see below for the issue on a Mac): You can fill out the form in Acrobat (again, either Reader or Pro) and then “Print” the document, but print it to a PDF instead of a normal printer:

“Microsoft Print to PDF” is available on any computer with Microsoft Office installed. Users with Acrobat Pro may also see an “Adobe PDF” virtual printer in your printer list. Either will work.

When you print to PDF you will get a file dialog asking you to name the file to save. I recommend using a different name than the original form.

When you print the PDF you will get a new PDF with the form fields filled out that you then can use the “Sign” functionality in Acrobat Reader or Pro to sign normally, and then email or send the file to the appropriate offices. As always, remember that email cannot be used to send information (such as social security numbers, bank account information, etc.) classified as “Confidential” by the University’s Data Classification Standard. Offices who request such data will provide you another mechanism to share that data with them.

Unfortunately Adobe Acrobat on a Mac does not allow you to print to PDF, asking you to save the PDF instead, which will not make the document editable. We are exploring options for determining the best way to handle this. For now the option of printing to paper, signing the paper, and scanning the signed form back into a PDF is probably the best option (and I believe the option most commonly used when we were working on campus.)

Zoom Meeting Changes

Please be advised that as of September 27th, all Zoom meetings will either require a passcode or a waiting room. There are more details available at https://support.zoom.us/hc/en-ushttps://support.zoom.us/hc/en-us/articles/360045009111.

Please note that according to the CUNY Zoom Security Protocol, all CUNY Zoom meetings should have a password as per CUNY policy. Having a password or a waiting room are two important ways to reduce the possibility of Zoombombing in your meeting.

Remote Access to our Student Computer Lab

Baruch students can now remotely access the software on the computers in the main student lab (Kaplan Center) using BCTC’s new Online Labs application (https://onlinelabs.baruch.cuny.edu).

This is especially helpful for students who are working with devices that cannot support the installation of software that is required for their courses.

This remote access service is designed for the use of software that is installed on the lab computers.  It should not be used for software that is delivered via the CUNY Virtual Desktop (https://www.cuny.edu/about/administration/offices/cis/virtual-desktop):  SPSS, SAS, ArcGIS, Mathematica, Maplesoft and Matlab).  Also, it should not be used for access to Adobe Creative Cloud in classes that require its use.

Access is limited to Baruch students.  Faculty and staff should continue to use VPN to access the software on office computers.

Arthur Downing
Vice President for Information Services and Dean of the Library

What account do I use?

At this time there are several accounts you might use at Baruch to access College and University resources. For more information on the different types of accounts, we have another blog post that describes what they are and how to access them. This page will tell you which account you use for which service.

ServiceCUNY LoginBaruchmailBaruch Username
CUNYfirstX
BlackboardX
CUNY OffersX
Student emailX
Office apps (students)X
AdvisorTracX
PRAssistX
HRAssistX
Office 365 (faculty/staff)X
DropboxX
Campus computersX
Online LabsX
CUNY VDIX
DegreeWorksX
VocatX
Blogs@BaruchX
VPN (faculty/staff)X
SmartEvalsX
Digital Measures (faculty)X
Interfolio (faculty)X
ePAFX
MyPasswordX
CUNYfirst MyInfoX
ZoomX
EAB (coming soon)
X
Adobe Creative Cloud (students)X
Adobe Creative Cloud (eligible faculty/staff, use Baruch email address as login with Baruch password)X
Library Catalog/accountX
Library online databasesX
Bearcat PortalX
Campus Wi-Fi (“baruch”)X

How to log in to Zoom

NOTE: CUNY has licensed Zoom for the entire University, and many schools are now using their CUNY Login to access Zoom.  Since Baruch independently licensed Zoom back in March, we are still using the Baruch username and password for access to Zoom.  We will be moving to CUNY Login but need to plan the migration of accounts and content before that happens.  For now please use your Baruch username and password to access Zoom.

Many Zoom meetings will require you to log in to your Baruch account to access the meetings  This is for security reasons–by requiring authentication we can both restrict sessions to members of the Baruch community, and be more able to track users if they disrupt a session.

You can see instructions on how to log in at https://support.zoom.us/hc/en-us/articles/201800126-Signing-in-with-SSO.

All faculty, staff and students are eligible for a Zoom account and in fact will have one automatically set up the first time they log in via SSO.  BCTC doesn’t need to do anything to set up your Zoom account, you can just log in.

If you’re a student, you may not know your username or password.  You can look at instructions on how to claim your account at https://www.baruch.cuny.edu/bctc/baruchusername/student.html.  If you have previously claimed your account and do not remember your password, you can try to reset it at https://mypassword.baruch.cuny.edu.  If you don’t remember (or have not set) your challenge questions you will need to email the Helpdesk.

Here’s what you will see when you go to

https://baruch.zoom.us

 

Screen when you go to https://baruch.zoom.us

If you click “Sign in” you will see the Baruch College login screen:

Login screen for Baruch College

This is where you type your Baruch username and password.  Once you do you’ll be in the Zoom web interface.

To log in from the desktop client, you select the “Sign in with SSO” option on the login screen:

Zoom desktop login screen

After which you will be asked to type in your organization name, which is “baruch”:

SSO Sign In organization enry

Your default browser will then open and you’ll be directed to the sign in page again:

Login screen for Baruch College

You will type in your username and password and will be directed back to Zoom.  In some cases your browser may ask if it can open the Zoom app.  Allow it to and the desktop Zoom client will open with you logged in.

Once again, the URL to get access to Zoom via your Baruch account is:

https://baruch.zoom.us

 

Welcome to Baruch! New Account Information for Faculty, Staff and Students

Whether you’re a new faculty, staff, or student joining us (virtually) at Baruch this fall, BCTC would like to welcome you to the College.

You will need access to your accounts to be successful.  There are two or three accounts you need to log into all your services at Baruch and CUNY depending on whether you’re faculty/staff or a student.

Types of accounts

Baruch username:  This account is for access for Baruch resources, such as network file shares, wireless access, and is the login used for Baruch desktop computers on campus, as well as access to Zoom, AdvisorTrac, and other services provided by Baruch.  For faculty and staff the Baruch username is the first initial and last name; for students it is the first initial, a period, and then the last name (for me “mrichichi” or “m.richichi”).  For faculty and staff this also provides access to your Baruch email account (firstname.lastname@baruch.cuny.edu).

CUNY Login:  This is an account provided by CUNY Central for access to services that everyone at CUNY has access to.  This is used for CUNYfirst, Blackboard, Dropbox, and Microsoft 365 access for faculty and staff.

Baruchmail:  All student email is provided through Baruchmail access at baruchmail.cuny.edu.  While the initial password for the account is the same as the Baruch username, the accounts are not otherwise linked and can have different passwords.  Baruchmail is also what students use to access OneDrive and online Microsoft 365 apps (such as Office apps.)  Student email addresses are of the format firstname.lastname@baruchmail.cuny.edu.

How to Claim Your Accounts

Faculty/staff

Baruch Username: As of July 1st, we have automated the creation of faculty and staff  Baruch accounts with our Account Management System (AMS).  New faculty and staff will receive an email with instructions to claim their account within 24 hours after personnel data is entered into CUNYfirst by HR.  It is critical that you complete all paperwork and provide all data that HR asks for in a timely fashion, as we cannot enable accounts without that information and verification of employment eligibility.

Once you follow the instructions sent to your email, and your account is created, you can start using your Baruch email address for all official Baruch business.

CUNYfirst:  You an go to https://managelogin.cuny.edu/ to claim your CUNYfirst account.  You will need your EMPLID which should have been in the mails to claim your Baruch username that you received from AMS above.  You will also need other personal information.  Your CUNY Login will be of the form firstname.lastnameXX@login.cuny.edu, where XX are the last two digits of your EMPLID.  Please note that this CUNYfirst login is NOT an email address.  Most services now dependent on the CUNY Login do know your Baruch email address and will use that as the email address for those services.  (Note, however, that some Microsoft 365 functionality that is dependent on using it for email instead of another system may not work properly.)

Students

Baruch username:  Student account creation has some automated parts, but we do not have an automated email notification system to enable students to claim their account.  (We are working on this service.)  For now, Baruch usernames can be claimed at https://www.baruch.cuny.edu/bctc/baruchusername/student.html.  After entering in the required information you will receive both your Baruch username and Baruchmail email address.

Once you claim your account, it is highly recommended you go to https://mypassword.baruch.cuny.edu/, click “Edit Profile”, log in, and create challenge questions for if you need to reset your password.  Please make sure you pick answers you will remember (and are also not too easy for someone to figure out.)  This will also allow you to make sure your password is working correctly.

Baruchmail:  https://www.baruch.cuny.edu/bctc/baruchmail/    has information on how to access your Baruchmail account.  To log in you use your email address (firstname.lastname@baruchmail.cuny.edu) and your inital password as shown at the Baruch Username page.  You will then be asked to change your password, and to set up password recovery information.

Common issues with passwords

For students, while the initial passwords for Baruchmail and Baruch username are the same, they are not linked.  It is possible you changed one or the other and the passwords are different.

If you can’t claim your account, you may need to check with the appropriate Admissions office or the Registrar to ensure that your personal information is correct.

The Helpdesk will reset passwords to the default initial password.

In the future we hope to have more password reset options available.  We need to balance user convenience with security.

Why so many accounts?

CUNY is a big place.  We have multiple areas providing IT services for our community, and historically we have had different levels of coordination and different needs for the colleges and the central organization.  As we look to improve IT services across the College and University we are seeking to unify accounts under a single login, but such a process takes time and resources.  We are hoping to use the CUNY Login to authenticate to services that are both by CUNY and by Baruch College, and are actively working with CUNY CIS to make that happen.  Any such changes to user authentication will be planned and provided with as much warning and help as possible to ensure a smooth migration.

Introducing AMS

One of the challenges we face in BCTC is configuring and enabling access to network resources for faculty and staff.  This requires creating an account for login to Baruch resources, which involves getting users their initial passwords; configuring the account with the correct access to the systems they need; enabling access to email, the wireless network, etc., and disabling access when the person leaves the College–but not so soon that they can’t complete their work for the College and University.

Until this month we were relying on manual processes for much of this work, and multiple account creators in multiple locations to do this work.  This meant rules were being applied inconsistently and accounts might not be created the same way every time.  It also meant that if off-boarding procedures weren’t followed properly that accounts might not be disabled in a timely fashion.  This causes numerous potential security and liability issues for the College and is unacceptable.

So our first goal was to automate account creation and centralize it so that it happens in a consistent and traceable fashion.  This requires an automated feed of new people to campus that can be parsed and used to stage new accounts.  It then requires a consistent, secure methodology for users to claim those accounts that does not rely on shared credentials.  It also requires that all people who need a Baruch account are in the feed, since dealing with exceptions would create the problems we’re trying to solve all over again.

To that end and in the culmination of over a year of work not just in BCTC but in coordination with Budget and Finance, Human Resources, and support from all administrative offices who hire new employees, we have implemented the first phase of the Baruch College Account Management System (AMS).  AMS tracks Baruch Active Directory (AD) accounts, and parses daily feeds from CUNYfirst (known as the 856 file) to automatically create new accounts for any new entities at Baruch.

New people are either full-time tax levy employees entered by HR, part-time employees for whom an ePAF is submitted to Human Resources and approved, or Persons of Interest (usually volunteer or privately funded employees like employees paid by the Baruch College Fund or CUNY Research Foundation.)  We have formalized the process for POIs so that all are entered into the ePAF system and are renewed manually every year.  Likewise ePAFs for part-timers are managed and entered into CUNYfirst every year based on their employment terms.  Full time employees are also entered by HR, who process both their start and end dates when appropriate.  By requiring all entities that need a Baruch account be entered into CUNYfirst by one of these methods we are assuring that we have a comprehensive feed of everyone “working” at Baruch.  This is critical for ensuring that everyone who needs an account gets one, and that only people who are authorized for an account gets one.

The 856 is then parsed nightly by a series of programs that put the important data into an administrative database, that AMS uses to do its work.  Every day it determines the new accounts that need to be created, and stages those accounts.  A notification is then sent to the user’s personal email address (collected as part of the application process or POI registration) telling them to create their account.  The link in the message expires after a day (after which a new message is sent) and the user must use that link to enter selected personal information to verify their identity.  This process can also be triggered manually if a person is visiting the Help Desk in person.

Sample "claim your account" email message

Once the person verifies their identity at the secure link, their account is created in AD, with the password they have specified.  They will then get a message to their personal email with account information, as well as to their (new) Baruch email address with additional resources and links.

Email confirming account claming and directing users to webmail.baruch.cuny.edu and telling them their email address.

Email to the user's Baruch account with links for more information.

Having a fully automated feed of employee data also allowed us to revamp the employee directory, which now has people automatically added to the directory when their account is claimed, and allows users to edit their phone number, office room number, and other information not stored in CUNYfirst:

Picture of the edit directory screen with the fields a user can edit

AMS not only makes our account creation and claiming process much more secure, it reduces time spent manually creating accounts and distributing default credentials.

Now that Phase 1 of AMS is implemented, we are focusing on future projects which include:

1) Developing the mechanism for automatically disabling accounts based on 856 data.  To do this correctly we need to both receive account status information from CUNYfirst with effective dates; and understand overall account management policies that CUNY enacts for CUNYfirst access, since access to Baruch resources must be congruent with that.We also must incorporate all contractual obligations like multi-year adjuncts and other employment arrangements.

2)  Expansion of the Campus Directory functionality to allow groupings under official CUNYfirst departments (for instance, BCTC could have areas under it like “Infrastructure Services”), allowing for display of official and “business card” titles,  identification of employee managers (both for approval of changes and to allow for organizational chart functionality in the app) and additional personal information (cell phone number, social media accounts, etc.)

3) While our student account creation process is automated, most of the work was done a while ago and is in need of updating, and to make the account claiming process more secure.  AMS will be extended to creation of new student accounts so we benefit from the enhancements there as well.

In the longer term, CUNY is working on initiatives to streamline identity management overall, which will hopefully allow for automatic provisioning of Baruch accounts directly from CUNYfirst information, and perhaps even a single unified account that provides access both to CUNY and local Baruch resources.  We are in fact working with CUNY on the process to identify the needs and move to implementation now.  But until then AMS will do the job admirably.