Working from Home

 

Introduction

More and more are working from home these days. We here at UCMIT hope to make that as easy as possible for you. 

Getting Started

Below we’ve provided some links and some tipsheets for more details about these processes. (Click on a topic heading to expand it for more info.)

 
Selecting a Computer or Device to Use

In order to work from home you will need a laptop or desktop computer that can function reliably. It does not have to be one provided by UCM, but UCMIT can only provide very limited (“best effort”) support for your own personal devices. Please bear in mind that while it may be possible to access our services and applications on unsupported systems, the UCMIT Service Desk may not have the necessary information to assist you in doing so.

  • A computer running the most recent version of Microsoft Windows or the most (or second-most) recent  version of Apple macOS is going to be the most compatible with our systems, services, and policy-requirements.
  • Mobile devices (such as smart phones or tablets) running the most (or second-most) recent version of Google Android or Apple’s mobile operating systems (iOS and iPadOS) are the most compatible kind of mobile devices.
Accounts and Logins

Accessing your UCM services will require managing various sets of usernames and passwords, but there are three primary types of accounts you likely need to use. More information can be found here.

UCHAD
University of Chicago Hospitals Active Directory (“UCHAD“) accounts are used for logging into most UCM-provided clinical applications and services – such as

    • UCHAD Domain login on UCM-provided Microsoft Windows-based computers
    • wireless networking services in hospital buildings (“ucmc-staff” wifi)
    • @uchospitals.edu email access
    • UCM Clinical Desktop applications access (either through webapps off-site, uchapps on-site, or directly through the Workspace App)
    • and UCM-managed VPN services (“webVPN“).

UCM security policies prohibit issuing/transmitting passwords via email so please call the UCMIT Service Desk by phone at 773-702-3456 to claim your UCHAD account. Once the UCMIT Service Desk issues you a temporary password for your account, you must change that password either by logging into a UCM-provided Microsoft Windows-based computer or by Enrolling your account and Resetting your password at the UCHAD account management website (https://identity.uchospitals.edu/pss)

BSDAD
Biological Science Division Active Directory (“BSDAD“) accounts are used for logging into most services provided by the Biological Science Division  – such as

    • BSDAD Domain login on BSD-provided Microsoft Windows-based computers
    • @bsd.uchicago.edu email access
    • BSD Divisional File Shares and network drives (“\\BSDShares“) access
    • and BSD-managed VPN services (“bsdVPN“)

BSDAD accounts are requested online here and more information can be found here.  UCM security policies prohibit issuing/transmitting passwords via email so please call the UCMIT Service Desk by phone at 773-702-3456 to claim your BSDAD account. Once the UCMIT Service Desk issues you a temporary password for your account, you must change that password either by logging into a UCM-provided Microsoft Windows-based computer or by using the BSDAD password management website (https://identity.uchospitals.edu/pss)
Please Note: some BSD departments’ IT services are not supported by UCMIT, and for those departments you should contact their own IT group as found here (https://bsdis.uchicago.edu/it/)

CNet
University of Chicago IT and Network services (“CNet“) accounts are used for logging into most services provided by the University organization – such as

UCM employees typically do not have CNet accounts, most services for UCM staff require a UCHAD instead. CNet accounts and services are not typically managed by UCMIT, so please call University IT Services by phone at 773-702-5800 or by email at itservices@uchicago.edu for assistance with your CNet account. If UCM-affiliated persons have a business need for accessing one of the resources above, or any other explicitly requiring a CNet ID, one can be requested through the UCMIT Trusted Agents by submiting a request here. You can find more information, and manage your CNet account – change passwords, etc. – using the CNet Overview website (https://cnet.uchicago.edu) and the Account managment website (https://myaccount.uchicago.edu)

Two-Factor Authentication (2FA) And Duo Mobile Setup

Two-factor authentication (“2FA”) is an added security measure similar to how you protect your bank account with a pin number (something you know) and debit card (something you have) when you withdraw money from an ATM. 2FA is required for accessing all UCM systems and services from off-campus as well as many provided by the University. Our 2FA provider is a company named Duo Security (or Duo for short). The process of login with 2FA involves using a 2nd device to verify your login attempt – that is a second device in addition to the one you login on in the first place. So for instance, if you are trying to login to the webapps website from your desktop computer, you will need to verify you are the aware of this login attempt to your account by responding to a phone call or a notification in the Duo Mobile app on your smartphone.


Please Note:
that you must re-register the Duo Mobile app on your smartphone or tablet if they are replaced (even if you still have the same phone number.) You may do so by visiting the 2FA management site (https://2fa.uchicago.edu) and registering it as you did before. More information on 2FA can be found here (https://get2fa.uchicago.edu)

Accessing Citrix-based Apps

Many applications and resources provided by UCM (such as the Oracle E-business suite, Microsoft Office, network shared drives, and EPIC) are accessed via a portal we call the “UCMC Appications” or “Citrix Clinical Desktop” available through an app made by Citrix. These Citrix-based apps are not installed on your computer but are accessed through a Citrix app which is installed on your computer.

EPIC and EPIC Remote Access

EPIC is the hospital’s EMR and core patient care system. EPIC access requires submitting a System Access Request Form (“SARF“) and is not granted automatically  to anyone by default.

  • Before EPIC access request is submitted, one must be listed in ORACLE as an active employee and have an active UCHAD account or it close/cancel the SARF immediately.
  • Training is required for all EPIC access (including View Only)
  • New accounts without sufficient training will be created and blocked for access until training is completed.
  • Request for existing accounts requesting change of EPIC access, must have all training completed within 14 working days of submission or the request will be closed/canceled.
  • Training requirements are also available on the EPIC Support page of hospital intranet.
  • EPIC is always  accessed either through the Citrix Clinical Desktop, or a “light” version of EPIC can be accessed through the EPIC Haiku and EPIC Canto apps on mobile devices.

EPIC Remote Access

EPIC HAIKU and Canto

  • EPIC Haiku and Canto access must be explicitly requested via SARF for any non-physician.
  • Additional information (including Haiku and Canto setup) can be found on the UCM Intranet Home page
Email Setup for Mobile Devices

Please follow the directions found on our Email Client Setup page (https://voices.uchicago.edu/ucmitservicedesk/email/) and/or use the below tipsheets to access your email on your mobile device.


Please Note:
you can also always access your UCM email via the UCM Outlook Web App (https://mail.uchospitals.edu) and in Microsoft Outlook via the Citrix Clinical Desktop (https://webapps.uchospitals.edu) (see instructions above for accessing Citrix-based apps.)

VPN Access

A Virtual Private Network (“VPN”) allows you to create a secure connection to another network over the Internet – or in other words, it allows your computer at home to connect to websites, servers, and drives or file shares protected within the University’s network. All VPN services also require 2FA. The Cisco Anyconnect Secure Mobility VPN software is the same for University, BSD, and UCM, but each is accessed by different means.

For UCM and Clinical staff

UCM staff may request permission to use the medical center VPN services – webVPN (https://webvpn.uchospitals.edu/)

For University and BSD Staff

University and BSD staff who have a CNet ID are already allowed by default to use that for the University’s VPN service – cVPN (https://cvpn.uchicago.edu)

Also For BSD Staff…

BSD staff also may reqeust permission to use the BSD VPN services – bsdVPN (https://bsdvpn.uchicago.edu).