Skip to main content
more options

About GuestIDs

Note: The Cornell NanoScale Science & Technology Facility is currently using a different ID system for its guests. See the Cornell NanoScale Science & Technology Facility web site for more information.


A centralized GuestID system allows users who are not eligible for a NetID to access certain services. The GuestID system includes:

  • Provisioning: creating and distributing GuestIDs.
  • Profile Management: allowing guests to change the information associated with their GuestID such as name, email address, and password.
  • Authentication: identifying the guest who is using a GuestID when accessing a service.
  • Authorization: granting permission to a GuestID to access a service.
  • Reporting: compiling information and statistics on GuestIDs and their associated authorizations.
  • Auditing: reviewing what transactions have taken place on the GuestID System.

GuestIDs may not be used for tasks involving sensitive data and transactions. Instead, Sponsored NetIDs should be issued. Some examples of cases when Sponsored NetIDs should be used are:

  • Access to administrative or sensitive data 
  • Access to sensitive transactions, such as approving disbursement of university funds
  • Access to confidential data

In addition, a Sponsored NetID must be used for access to Cornell Exchange email and calendar.

For more information about the differences between NetID, Sponsored NetID, and GuestID, see ID Types.

Searching

Any authenticated user in CornellAD will be able to search GuestIDs.

Workflow

Workflow approvals are generated during self-service account creation.

The workflow generates an email to the administrators listed in the"managedby" group of each OU. The email contains a link to the self-service page that allows approval or disapproval of each request.

Any of the administrator's actions (such as approval or disapproval) will be reflected when others try to access the request. This is done to make sure that all administrators need not approve.

GuestID Migration

Users of the legacy GuestID system (ColdFusion-based applications) should create a plan to migrate users into the new system once it goes live. The legacy GuestID system will be retired once all legacy guest accounts have been recreated in the new system.