The Department of Information Technology (DIT) is introducing the NetAdmin account, a privileged, administrative account designed to enhance security and streamline operations by providing dedicated access for administrative tasks within ClearPass and Infoblox. Unlike regular university accounts, NetAdmin accounts offer specialized permissions that are essential for managing these critical systems effectively. For ClearPass, NetAdmin accounts enable shared management of departmentally owned devices. This initiative aims to improve the efficiency and security of administrative functions across the university's digital infrastructure.
NetAdmin accounts are separate accounts used by IT administrators to log into sensitive services managed by DIT. ClearPass and Infoblox are the only services leveraging these accounts. Initially, DIT will create the NetAdmin accounts for department IT administrators who need access to these services. IT administrators will then need to log into SIMS to reset the password.
Before you can log into CAS with your NetAdmin account, you will need to reset your password:
After resetting your password, you can log into either ClearPass or Infoblox. On your initial login, you will be prompted to configure Duo MFA for your account. Follow the prompts to complete the DUO setup. If you use the same phone number you use for your regular Directory ID, you won’t have to create a new DUO account.
The NetAdmin accounts are managed using sims.umd.edu. The account will need to be renewed every year, based on when it was created. If the account is not renewed, it will be disabled and eventually deleted. The password will need to be updated every 90 days. For account and password expirations, account owners will get an email notification to renew.
The NetAdmin account username is: <YourDirectoryID>/netadmin. You will go through CAS with this username to access ClearPass and Infoblox for your LAN admin duties.
Anyone who needs access to Infoblox as a LAN administrator for their department or anyone who needs to manage their department’s IoT devices will be assigned a NetAdmin account. As mentioned above, DIT will create these accounts initially. When it’s time to migrate your department, someone in your department will be contacted to confirm who should have access to ClearPass or Infoblox. Please respond as soon as possible.
If you need to add or remove access to ClearPass or Infoblox for IT administrators in your department, you will need to do so using grouper.umd.edu. This is similar to how you currently manage Infoblox (IB) groups, but there will also be new ClearPass (CP) groups. The naming convention for the CP groups will follow a similar naming convention, cp-<dept>. For example, for DIT, the group is named cp-it. There will be a group for those who need access to ClearPass and a separate group for Infoblox. These groups are restricted to NetAdmin accounts. Periodic auditing will be done to ensure that policy is followed.
Before your department’s migration date, it is highly recommended to go to mydevices.umd.edu and review the list of devices you have registered and delete the ones that are no longer needed. One week before the migration date, your department will be contacted to confirm which users need to have NetAdmin accounts created. Please respond to this email as soon as possible to not delay the NetAdmin account creation. Once accounts are created, the users will be notified by email and instructed to reset their passwords using sims.umd.edu.
During your migration work session, we would like all of your department IT admins to attend, but ask that at least one member of your team joins the work session with DIT to ensure the migration goes smoothly. You will temporarily lose access to manage your department's IoT devices. Devices will remain online throughout the process. By the time the migration work session ends, you will regain access to manage your IoT devices with your NetAdmin account. An email will be sent to all department IoT administrators when the migration is complete.
After the migration, when you log in with your NetAdmin account, you should be able to see and manage all of your department’s IoT devices instead of only seeing the devices you registered. You will only be able to manage your personal IoT devices if you log in with your regular Directory ID.