Skip to main content

NetID Expiration

When an individual leaves the University, the NetID goes through an automatic expiration process detailed below.

Note: If needed, a NetID can be deactivated quickly.

Automatic Expiration of NetIDs for Faculty/Staff

The following table contains the milestone events that occur during the automated NetID expiration process for faculty and staff. Automatically generated email notifications are sent out to the user listing the actual expiration dates for the NetID.

Each faculty or staff member (non-temporary) has myHR employee information that indicates their status at the University. When myHR discontinues sending data for a NetID, the NetID begins to expire along the planned timeline.

Separated Faculty and Staff NetID Expiration Schedule

Days from NetID expiration NetID active? Progression of events
0 Yes myHR discontinues sending data for the NetID.
28 Yes Notification is sent to user describing pending deactivation. If a user receives this notification in error, please contact the IT Support Center.
49 No The NetID password is scrambled and cannot be reset.
70 No Services (including e-mail) are deleted. Online Directory / Global Address List (GAL) listing is removed.  Off-campus mail redirection (forwarding) ends.
131 No E-mail alias is recycled, and can be assigned to another user.

Automatic Expiration of NetIDs for Students

The following table contains the milestone events that occur during the automated NetID expiration process for students. Automatically generated e-mail notifications are sent out to the student listing the actual expiration dates for the NetID.

Each student has Student Enterprise Systems (SES) information that indicates their status at the University. When SES discontinues sending data for a NetID, the NetID begins to expire along the planned timeline. 

Separated Student NetID Expiration Schedule

Days from NetID expiration NetID active?  Progression of events
0 Yes SES discontinues sending data for the NetID.
127 Yes Notification is sent to NetID owner describing pending deactivation.
148 Yes The NetID password is scrambled and cannot be reset. The University e-mail account can no longer be accessed.

Automatic Expiration of Affiliate and Organizational NetID Accounts

Affiliate and Organizational NetID accounts are created manually and assigned a specified expiration date which can be renewed annually as required. The person requesting the NetID must list one to three NetID owners. The NetID owner(s) will receive copies of all system generated warning messages that are sent to the account.  Messages are sent to the owner as a safeguard to ensure that a department is aware that a manually asserted NetID is approaching deactivation.

The following table contains the milestone events that occur during the automated expiration process for Affiliate and Organizational NetIDs. Automatically generated email notifications are sent out to the owner(s) listing the actual expiration dates for the NetID. 

Affiliate and Organizational NetID Expiration Schedule

Days from NetID expiration NetID active? Progression of events
0 Yes The departmental administrator or NetID owner is notified of the expiration of the NetID.
7 Yes E-mail warning message is sent to the email address associated with the NetID, and to the NetID owner.
28 Yes The NetID password is scrambled and cannot be reset.
49 No Services (including e-mail) are deleted. Online Directory / Global Address List (GAL) listing is removed. Off-campus mail redirection (forwarding) ends.
60 No E-mail alias is recycled, and can be assigned to another user.

Accessing non-NetID authenticated systems

When you deactivate a person's NetID, it only removes access to systems that are NetID authenticated.  It will not automatically remove a person's access to other University systems that are not NetID authenticated. Central administrative systems that are not NetID authenticated include (but are not limited to):

  1. Administrator access to myHR
  2. Administrator access to SES
  3. Administrator access to Canvas
  4. The iBuyNU marketplace
  5. The University Travel System

Terminating a NetID

To terminate an individual's NetID, choose one of the options below:

  1. A Dean, Department Director or Department Chair can submit a request to the IT Support Center  to have a security hold placed on the NetID.  The security hold immediately disables a user’s access to all NetID authenticated systems including their University e-mail account.
  2. NetIDs without security holds will expire on the natural cycle listed above.  If supervisor access to the employee’s e-mail account is required, you have several options:
    • Work with the employee to forward e-mail of a business nature to another person in your department, or set up forwarding to a departmental email address.
    • Set up an automatic forward. Forwarding e-mail to another account and setting up a vacation message may help maintain business correspondence. The forwarding and vacation message will last until the NetID is automatically deactivated (about 70 days). At that point, mail sent to the email address will bounce back to the sender with an undeliverable message. If an individual has not set up forwarding, or a vacation message, a Dean, Department Director or Department Chairperson can send a request to the IT Support Center with the following information:
      1. NetID (or e-mail address) for the separating employee
      2. NetID (or email address) for the person who will receive the separating employee's future e-mail
      3. Text for an Out Of Office (vacation) message instructing senders to use a different address.
  3. Specify a user in your department to have full control over a separating individuals email account. To authorize access to a separated employee’s email account, a Dean, Department Director, or Department Chair may send a request to the IT Support Center with the following information:
    1. NetID (or email address) for the separating employee
    2. NetID (or email address) for the individual who will need full access to the separating employee’s mail account
    3. Business justification for the access request

Separating Employee

If the separating employee is also a Northwestern student, please keep in mind that terminating the NetID will affect access to student systems such as CAESAR. If reasonable, the University recommends that other methods be explored, such as terminating access to local systems only. When someone has multiple roles in the University, please be cautious, but act appropriately.

Northwestern IT Recommendations

Northwestern IT recommends that departments disable local server accounts in lieu of requesting an accelerated expiration of a NetID. Northwestern IT can address centrally managed services, but departmental/school support will need to deactivate local account access to local systems, and local machines.

Transferring Within the University

If transferring within the University there should be two possible reasons:

  1. Transfer within the same department (or school) into another role. Northwestern IT recommends removing access to specific University services that are no longer part of the job responsibility. To do this, a request from a Dean, Department Director, Department Chair, an HR staff consultant or a direct manager must be sent to consultant@northwestern.edu. If a transfer’s direct manager is making the request, they must cc’ the Dean, Department Director or Department Chair. The message must explain what services need to be removed.
  2. Transfer within the University to another department. Northwestern IT recommends removing access to specific University services that are no longer part of the job responsibility. To do this, a request from a Dean, Department Director, Department Chair, an HR staff consultant or a direct manager must be sent to consultant@northwestern.edu. If a transfer’s direct manager is making the request, they must cc’ the Dean, Department Director or Department chair. The message must explain what services need to be removed.

NetID Password Expiration

Northwestern uses a "password aging" system which requires you to change your password at least once every 365 days. More frequent password changes are recommended for network and data security purposes.

Forced Password Change Notification

Days since last password change

NetID active?

Progression of events

0 Yes Last password change.
323 Yes First e-mail warning message sent giving the password deactivation date (see exception for summer months).
344 Yes Second e-mail warning message sent giving the password deactivation date.
358 Yes Third e-mail warning message sent giving the password deactivation date.
365

Yes

NetID password is scrambled.

Summer Password Aging Policy

During the summer, students and faculty password aging is disabled.  NUIT put this policy in place because students and faculty may be away from their NetID and email accounts over the summer (the months of June, July, and August)  If the first warning message would be sent during those months, the aging process is frozen at that step until September. At the beginning of September, the first warning message is resent and the process resumes. Note: (1) Students with an "ex-student" status have passwords that age normally through the summer, and (2) if the first message is sent before June, the summer password aging policy does not apply.

Last Updated: 9 October 2017

Get Help Back to top