Training for TEAM Local Security Managers

Training for TEAM Local Security Managers

The User Management Process

Updated 8/2013

FTA Office of Program Management

Objectives• In order to have a secure overall process for user

management in TEAM. We need:– Standard Operating Procedures– A method to ensure the quality of TEAM user information– Internal controls for staff access and authorization


Local Security Manager Responsibilities

• Setting up user accounts • Annual monitoring of TEAM users• Reset passwords for users assigned by your office• Unlocking accounts due to failed login attempts and

time locks• Ensure accurate completion, processing, and filing of

TEAM user access forms


The TEAM User Access Forms• Package location:

– TEAM Home Page: http://ftateamweb.fta.dot.gov/links.htm– FTA Public Website: http://www.fta.dot.gov/funding/grants_financing_7205.html – FTA Net: http://ftanet/tpm/TPM-10/TEAM-UserUpdates.asp

• Includes 2 types of forms:– Staff/Contractor/Auditor– Grantee/Recipient

• Includes instructions and contacts:– Which form to use– Where completed forms go for processing– What additional documents may be needed– What Authorizations may be necessary


Staff Access• Staff TEAM User Access forms must have supervisory review and signature

• Special access to job-specific functions should be signed by a HQ representative for that function (Authorizations for Special Functions, page 18)

– Budget Functions– Legal Signoff– Civil Rights Functions– PIN Number for Obligation Activities, Earmark Management, etc– Accounting functions


Contractor Access• Contractors acting as FTA staff who require access to

TEAM MUST be Authorized by their COTR Contracting Officer’s Technical Representitive.– Example:

• Triennial Review Contractor must be Authorized by Triennial Review COTR.


Auditor Access• Auditors who require access to TEAM MUST be

Authorized by the FTA Audit Liaison in TBP.

• This access should be promptly removed when audit activities are complete.


Grantee Access• Ensure that the Grantee is authorized to have the functions that they

are requesting.

• Have the grant manager sign off as FTA Authorizing oficial to verify identity.

• Make sure ‘Designation of Signatures’ are on file for users “PINing” on behalf of others in their office. – (See TEAM User Access Forms and Instructions Appendix1)


Good Practices I• Add notes to the user record to note user record

activities, password resets, access changes, etc.

• Use TEAM to notify user of username and password

• Username and password are in the same email

• DO NOT email a PIN and Password in the same email


Good Practices II

• Attach scanned user access forms to the user record

• Do NOT add/modify users without proper documentation

• Do NOT reset email addresses or roles/privilages without an updated TEAM User Access form

• If you are not sure about a user ask questions to verify information

• Verify that reauthorization is not necessary before attempting to reset password


Staff/Contractor/Auditor FormStaff/Contractor/Auditor Form

•Collect the formCollect the form

•Verify the information & Verify the information & Authorizations Authorizations

Multiple Authorizations may Multiple Authorizations may be required for special be required for special access!access!

•LSM signs as FTA Operational LSM signs as FTA Operational ApprovalApproval

•Process the form in TEAM (Verify Process the form in TEAM (Verify & Certify!)& Certify!)

•File the form (attach in TEAM and File the form (attach in TEAM and file ‘paper’ document securely)file ‘paper’ document securely)


FTA Authorizations• Identifies the appropriate individuals that must provide

signature to authorize access to special functions

• One or more FTA authorizations may be required – Attach file with additional authorizing documents as necessary


Supervisor Authorization• A Supervisor MUST sign to authorize staff access

• Administrative Officers MUST be notified to add new staff users to the OASIS TEAM User Group

This ensures that the Office maintains awareness of system access!


Authorization for Special Functions

Regular Access - Employee's Supervisor or COTRSpecial Access• Help Desk Functions/Local Security Manager Functions

– Associate Administrator (AA) or Regional Administrator (RA)• Budget Functions

– Director of Financial Systems or Director of Budget (TBP)• Earmark Administration Functions

– Director of Transit Programs (TPM)• Civil Rights Functions

– Civil Rights Officer, HQ (TCR)• Legal Signoff

– Chief Counsel or Deputy Chief Counsel (TCC)• FTA Obligation Authority (Award Access and PIN, also listed on pick list for 'Paper' Grants)

– Only as indicated in the Federal Transit Administration Delegations of Authority• Auditor Access

– FTA Audit Liaison (TBP)


Grantee FormGrantee Form

•Collect the formCollect the form

•Verify the information & Verify the information & AuthorizationsAuthorizations

Additional documents may Additional documents may be required for special be required for special access!access!

•LSM signs as FTA LSM signs as FTA Operational ApprovalOperational Approval

•Process the form in TEAM Process the form in TEAM (Verify & Certify!)(Verify & Certify!)

•File the form (attach in TEAM File the form (attach in TEAM and file ‘paper’ document and file ‘paper’ document securely)securely)


Designation of Signature Authority• Used to delegate signature or “PIN” authority to

someone other than the Official Named on the Resolution Authority

• Template available in User Form Instructions (TEAM User Access Forms and Instructions Appendix1)


TEAM User Security ScreensCreating a User Account in TEAM

Select the Add User module by selecting the TEAM Administration drop down menu then the Security drop down menu from the Navigational Menu

Complete the information on the General Info tab per the data provided in the TEAM User Access Request form. It is critical that the email address is valid as this will be used for security features including automated communication to the user when account modifications are made.

The format for a username is the TEAM user’s last name and initial of their first name. The system will not allow you to add a duplicate and may ask that the initial Username entered be modified. In this case add the middle initial, if available, or second letter of first name.

Example: Name: John Doe Username: DOEJ Name: John Doe Username: DOEJO Users who require rights to PIN must be both Set and Activated here. This process is completed by selecting the Set PIN button (refer to Note) and then the Activate button. Note: Copy the users PIN to the TEAM User access form immediately after the Set PIN button is pushed. This will be the only time the PIN is viewable.



Add the cost center which is associated

with the TEAM user’s primary

location. If other cost centers are

needed, apply them to the Auxiliary

column.

Add the Recipient ID that has been

provided on the TEAM User Access

form.


Security Roles / Privileges

• It is important that you understand these boxes and how to accurately reflect the user’s job function in both the form and the TEAM user account.

• Security Roles Reference Document located at : http://ftateamweb.fta.dot.gov /static/Guidance-HQ/

• Contact the User, the FTA Authorizer, or the TEAM help desk if you are still uncertain of the type of access they need, or how to assign it in TEAM!

Notification• TEAM will request to generate an email notification that

will consist of the user’s temporary password. Select Ok to send the message

• For TEAM Users that have been granted a PIN an email must be sent manually with the PIN included. If it is not on the form repeat step 4b. – Note: This email notification should be sent only to the email

indicated on the TEAM User Access form and is not to include any other information.


Attaching Using Access Form


Monitoring Users


• The reauthorization of users will be performed annually during the first quarter of each fiscal year to coincide with the period during which grantees are required to sign the "Certifications & Assurances" as a condition of a grant award or application for award.

• At the beginning of each fiscal year, TPM will generate a TEAM User Report for distribution and review by Regional and Headquarters LSMs. The TEAM User Report will list all TEAM users, their last reauthorization date, system permissions, date of the last log-in and suspension date. The TEAM User Report is intended to facilitate the review and reauthorization performed by FTA LSMs, Associate Administrators (AA), and Regional Administrators (RA).

Reauthorization Scope • Per the reauthorization SOP, users who have last logged

into TEAM 18 months or more prior to the first day of the fiscal year, or who have never logged into TEAM will have their accounts automatically suspended, unless the LSM indicates that the account should be reauthorized.

• Individuals whose last log-in date in TEAM was within 18 months of the first day of the fiscal year will have their account reauthorized, unless the LSM indicates that it should be suspended.

• The TEAM help desk will conduct a batch reauthorization and suspension on the basis of the annotated user lists submitted by the LSM.



SUSPENSION OF TEAM USERS

• If a TEAM user is suspended because of multiple erroneous login attempts, he/she can be reactivated any time without having to go through the approval process again

• If a TEAM user gets suspended because their account was not reauthorized, then he/she has to fill out the user access form and go through the approval process

– Make a comment in the note section of the user’s profile stating why the user has been suspended so that the helpdesk does not un suspend the account in error.

• All TEAM users who have not accessed TEAM within 90 days will have their accounts locked and they will have to contact their LSM to regain access. However, users will be notified via email on the 80th, 88th, and 89th day of inactivity in advance of their account suspension, so as to give them the opportunity to log into TEAM to avoid being suspended.

TEAM Separations (FTA Staff and Contractors)

• Operation and Staff Information System (OASIS) will send the corresponding LSM an email notifying them of the employee separation and OASIS will send a message to TEAM that the individual has separated from FTA.

• TEAM suspends the user’s access automatically the day after receiving the OASIS message.

• FTA LSMs should take action to deactivate the user’s account after they have been suspended automatically.


Thing to look for in an OASIS message:

• • Username: John.Doe• Has Z Account: No• Personnel Type: FTA Personnel• Job Title: Personal Services Technician• Room/Cube: E46-202• Work Phone: (202) 366- ****• Transfer Date: 01/06/2012• New Office: TPM-40• Old Office: TCR-1• Notes: Update: Transfer took place 1/9/12 (TCR-1/E54-121 to TPM-40/E46-202)

• • Username: Aaron.James• Has Z Account: No• Office: TPM-20• Personnel Type: FTA Personnel• Job Title: Supervisory General Engineer• Separation Date: 10/19/2012• Work Phone: (202) 493-0107• Room/Cubicle: E46-314


TEAM Separation (Recipient)When a user leaves the organization, the user’s account must be promptly suspended. The FTA Regional Office should be notified of a user’s departure. The Regional Office staff will confirm with the organization to verify that user access needs to be suspended, and then the organization will be notified when user access has been deleted. Additionally, Regional Office staff should initiate suspension of grantee users known to have departed from the grantee’s organization.



Questions?

Contact the TEAM Help Desk for assistance!

Hours of Operation M-F 8:00a.m. to 5:00p.m. (EST) Telephone Number 888 - 443 - 5305

Email Address [email protected]

Training for TEAM Local Security Managers

Documents

Transcript of Training for TEAM Local Security Managers