Acceptable use policy

Identity Provider - IDP

General description of SAML2 WebSSO

The service provides authentication of users which have an electronic idenitity at Mid Sweden University , together with release of attributes pertaining to the authenticated user. The provider of the service/centre of learning is a member of SWAMID, the Swedish identity federation for Research and higher education. The service has been deployed in accordance with SWAMID’s policy and encompassing rules and guidelines which have been laid down by SWAMID.

 

Policy for personal integrity

The service adheres to the policy for the handling of personal data which has been published by Mid Sweden University in accordance with Swedish law.

 

The service and limitations of service

Mid Sweden University undertakes to guarantee the availability of the service in accordance with Mid Sweden University’s requirements and expectations. The process for creation, deletion and maintenance of electronic identities at Mid Sweden University is described here . Mid Sweden University follows SWAMID’s recommendations for release of attributes based upon entity categories. Mid Sweden University reserves the right to change the actually released attributes, having communicated such with a service provider, regardless of the recommendations from SWAMID concerning the entity category the service provider has been placed in.

 

Service and support


Questions and faults regarding Mid Sweden University and it’s SAML2 WebSSO service should be directed to the following local support channels: 

 

Tfn:            010-142 80 00
E-post:       itsupport@miun.se
Webb:        www.miun.se/itsupport

Contingent liability Mid Sweden University

Regulations for the use of the network and other IT resources at Mid Sweden University.

The IT resources of the university belong to Mid Sweden University and are meant to be used in the framework of the activities of the university. The IT resources may only be used by authorized users. The use of the IT resources may not interfere with existing legislation, the rules of SUNET, the regulations listed in this document or the regulations of the respective activity.

Authorized user

An authorized user is a user who has been authorized to use the IT resources of the university

  • The authorization is personal and cannot be transferred to a third person
  • The user identity must not be hidden when using the IT resources
  • The authorization expires when the employment, studies or other link to Mid Sweden University ends
  • The authorization can be withdrawn when the regulations are violated or when Mid Sweden University finds it necessary.


Use of the IT resources at Mid Sweden University

The IT resources of Mid Sweden University must not be used to spread, store or share information in an inappropriate way

  • interfering with existing legislation,
  • in activities that are not tied to the university,
  • for purposes that may harm the university´s name or reputation,
  • aiming at the marketing of products or services that are not linked to the university,
  • or in any other way interfere with the university´s activities.

Equipment and network

It is not allowed to:

  • attach equipment, such as switches, routers, access points or other types of network equipment,
  • offer services, such as DHCP, DNS, FTP, HTTP, HTTPS, SMTP using the Mid Sweden University network.

It is allowed to attach private equipment, such as mobiles or computers, to the Mid Sweden University network.

Information security and GDPR

As a user, I am also obliged to

  • follow the university´s rules and regulations for information security Information security
  • handle personal data in accordance with GDPR GDPR

Consequences/Sanctions

Users who breach the regulations may be suspended from further use of the computers and network of Mid Sweden University, and also suspended from their studies or work, or even fired.

Acts that are considered criminal will be reported to the police. Individuals who breach the above-mentioned regulations are personally liable in terms of consequences, sanctions or compensation.

Links:

SUNET´s regulations:
https://www.sunet.se/policy-for-tillaten-anvandning/
Information security:
https://www.miun.se/informationssakerhet
GDPR:
https://www.miun.se/en/staff/support/general-data-protection-regulation/gdpr-kurs/

Accounts

Frequently Asked Questions about MFA

What is MFA and why is it needed?

Multi-Factor Authentication (MFA) is the use of two or more independent means of evidence (factors) to assert the identity of a user requesting access to an application or service. The most common form of multi-factor authentication is two-factor authentication (2FA), which pairs your first authentication factor (typically something you know like your password) with a second factor of an entirely different kind such as something you have (like your smartphone).

When is MFA required?

Each time a user attempts to log in externally (not at campus and not connected with vpn) to certain services like to the mail or to the website miun.se, MFA authenication is required. The MFA-session from a device is valid for 14 days.

E-mail on the smartphone does not work after activating MFA

The built in e-mail apps on Android and iPhones has certain problems to handle MFA. Install "Microsoft Outlook" from Play store or App store and use it to read your e-mail from the smartphone.

 

 

Network access

RemoteApp Mac

How to access remote applications at MIUN from Mac

By using Microsoft Remote Desktop you can access remote applications at MIUN.

  1. Start Microsoft Remote Desktop (Install it from Self Service if missing)
  2. In Microsoft Remote Desktop Click on Add Workspace
  3. In the URL field enter the following and then click on Add.
    https://remoteapp.miun.se/RDWeb/Feed/webfeed.aspx

  4. Enter your credentials and click on Continue.
  5. You will now see your accessible applications. Start the applications by double click.
  6. Enter your credentials and click on Continue.
  7. Your remote application starts.

Telephony via Tele2

How do I switch SIM-card?

Follow this guide if you do not know how to switch your SIM card:

Guide: How to switch SIM-card

How do I make phone calls via Teams?

To dial a number from Teams, go to Calls, click Dial a number, and then enter the number of the person you want to reach by using the key pad. Then click Call.  

Read more in Microsofts guide about calls via Teams.

Only you who have a telephone connection in the telephony system can see a keypad under "Calls" in Teams and can call an external telephone number from Teams.

How do I refer my phone; set my status of presence?

You do this in Trio User, which you get access to via the following link:

https://trio-miun.uc.tele2.se/TrioUser/

The web link is distributed as a shortcut to staff with a Windows personal computer, so it easily can be reached from the desktop and in the Start menu. If you want to delete it, do it via the Software Center: "Trio User Shortcut Desktop".

If your computer is a Mac, a web link to Trio User has been sent to your computer. It is located under Programs on the computer and can then be found in the Finder and if you use the search function on Mac (spotlight), shortcut CMD + space, and search for "Trio".

In Trio User you enter your status of presence via the referral interface. In Trio User you can also have access the staff catalog.

When it comes to referrals, the connection to your calendar will work as before, so that a booked meeting will keep you busy on the phone (and Teams).

This Quick reference guide from Tele2 contains info about Trio User.

What number is displayed to the recipient of a call? Can I change it?

The default is that it is the 010 number that is displayed, regardless of whether you are calling from Teams or from your business mobile.

Your phone is automatically set as busy on the 010 number if you have a meeting booked in Outlook. Calls to your 07x number (mobile number), however, bypass the referral even if you have the status busy. This is so that you can be reached for family matters or anything else urgent. The general recommendation is to only use the 010 number in your contact information.

In Trio User under "Settings" and "Set role" you can change which number is displayed. If you want the 07x number (mobile number) to be displayed, change the settings from "Arbete fast" to "Arbete mobil" (Work mobile).

What code should I enter to listen to my voicemail in Trio User?

You need to enter a code to listen to a message in your voice mailbox. The code is the last four digits of your connection, ie. in the 010 number.

What data volume is included in the subscriptions?

The agreement with Tele2 includes an average consumption of 5 GB per subscription. The new thing is that we can "borrow" data from a colleague. This means that if user A exceeds 5 GB in his consumption, but user B has not consumed that much data, then extra data can be taken from the pot that is created centrally for this.

The advantage is, among other things, reduced administration, and faster processing of an upcoming need for more data volume. However, this does not mean that we have "free surfing"! There is a responsibility on each employee not to waste. At the same time, more people are given the opportunity to get help quickly if they need more data volume (the adjustment is done automatically).

Statistics will be taken on this for follow-up and adaptation of the service in the future. Abuse will be reported to the manager and suspension from the amount of data can take place.

Where can I see how much data volume I have used?

Send an SMS to 243 with the text "data" and you will receive an answer on how much data has been used this month.

What is required to put Team Meetings in Outlook on Mac?

For Teams to work fully in Outlook on Mac, you need to activate your personal Office 365 license which is available through Self Service. Do as follows:

  • Quit all Office programs.
  • Start the app, Self Service.
  • Click on the "Activate Office 365 license" and the "Activate" button.
  • After this, Outlook is started and you activate the license by entering your MIUN email address.
  • You can continue working in Outlook while the calendar is being updated in the background, it takes about 10 minutes.
  • You are then prompted to restart Outlook and then Teams is in the calendar.
  • To the right in the top bar of Outlook, you have the option "New Outlook". If you choose it, you get Teams as a default för meetings.

What is Trio?

Trio Connect is the name of the new telephony system. All employees get access to Trio User. In Trio User you will find the staff catalog and enter your attendance status via a reference interface. When it comes to referrals, the link to your calendar will work as before; a booked meeting shows you as busy on the phone (and in Teams).

Can I chat with someone external who has Skype?

When it comes to external contacts who have Skype, it works to chat with them one-on-one via Teams and only with plain text, see Microsoft's info on this.

Will I be able to connect to Skype meetings arranged by my external contacts?

Yes, you can continue to connect to external Skype meetings, either via a web client or with the help of Teams that have the functionality to also connect to Skype meetings.

Will the fixed desk telephones (SNOM) and conference telephones (SNOM) work after the change of provider?

Tele2 has confirmed that both SNOM desk telephones and SNOM conference telephones will work in the new solution, but settings need to be changed in them. INFRA expects that they will be able to test the new settings until we change provider, 29 Oct. It will be possible to change the settings in the SNOM phones as soon as the transition to Tele2 is done, otherwise it will not work to make calls with the current solution via Telia.

If it should take a day or two to change settings in all SNOM phones, the option to call from the computer can be used. The recommendation is to, if possible, switch from a fixed-line telephone to only call via the computer (via Teams in the new solution, which replaces Skype / Touchpoint used today).

What is A5?

This is the type of Office 365 license needed to get access to Teams telephony functionality. The licenses began to be activated on October 20.

What is “Teams Only”?

This means that telephony is via Teams and that it is no longer possible to use Skype.

Is it possible to use eSIM in the new telephony with Tele2?

Yes, it is possible to get an eSIM instead of a regular SIM card if it suits your solution better. This makes it possible for you who, for example, use a newer iPhone to get dual SIM cards in your mobile (where one of the slots only can handle one eSIM). Of course, it also works in Android and other phone versions that support this.

Is it allowed to use the Mid Sweden University’s SIM card in my private mobile phone?

It is allowed to use the Mid Sweden University’s SIM card (also eSIM) in your private mobile phone to be reachable from the university line during your working hours. If you choose to use this solution, please return your business mobile to the Service centre, if you have one.

Please note that none of Mid Sweden University's insurances or guarantees apply if you use this solution.

Can I use my private mobile phone instead of the university's standard model?

Yes, it is allowed to use your private mobile if you prefer and / or only want a single phone with you during the day. Remember that you must be contactable during your working hours on the job number you have from the university. You need to have a SIM card (or eSIM) from Mid Sweden University in your private mobile in these cases, if you do not use another solution for your job telephony. Please remember to return your business mobile to the Service centre in cases where you have one and the job's SIM card is in another phone. This is because it is not allowed to use the work phone as your own private equipment.

Please note that none of Mid Sweden University's insurances or guarantees apply if you use this solution.

Secure authentication, MFA

Guide MFA för Windows

Download the guide to print here

Install two-factor verification

To access your accounts more securely, we are introducing an additional security step, two-factor verification, which makes it harder for hackers to break in to your account to access your documents and information. To install it you need your computer and your mobile.

The installation is done in two steps:

  1. Download and install the Microsoft Authenticator app to your mobile
  2. Add your Miun account to your app.

Step 1

  • Download and install the Microsoft Authenticator app on your mobile.
  • Install from AppStore for an Apple unit
  • Install from Play Butik for an Android unit

  • Give the app access to your camera to photograph a code, as well as your contacts. Save these settings.
  • When the app is installed on the unit you wish to use to log in, select Next and then Next again in the dialog box ”Configurate your account”.
  • Select Add account followed by your work or school account.
  • The app asks you to scan a QR code you will now generate on your computer.

Step 2

You need to follow a guide on your computer to decide how you wish to handle the two-factor verification.

  • Follow the pages 4-6 if you have a Miun computer and are located on campus or using VPN
  • Follow the pages 7-12 if you are outside of our network and cannot use VPN

To use VPN, click on the network icon next to the time. It looks like a screen or a fan, depending on whether you use a network cable or wifi.

       

When you click on the network icon you will se a menu. Click on vpn.miun.se and connect. Log in using your normal password.

You are now connected via VPN.

  • To generate the QR code you need to scan, go to the webpage https://mfa.miun.se/
  • ·Select your Miun account
  • Select the option Mobile app as well as Receive notifications for verification.
  • Select Configurate.
  • Scan the QR code using the Microsoft Authenticator app on your mobile.
  • Answer on your mobile unit.
  • Add your phone number and approve via the app.
  • Please also add your private phone number in case you lose your work mobile.
  • Click Save and you are done.

Installation outside of campus

If you work outside of campus and cannot use VPN, you may activate MFA from any Windows computer, as long as it is connected to the internet.

  • Go to https://remoteapp.miun.se/
  • Click on the link.
  • Click on AzureMFA enrollment.
  • Select Open.

  • Enter personal\username and password, like when you log in to your computer.
    Please note! personal\ needs to be in front of your username.
  • Select your Miun account, or enter your Miun e-mail address if your account does not appear.
  • Enter personal\username and password, like when you log in to your computer.
    Please note! personal\ must be entered before your user name.
  • Select the option Mobile app as well as Receive notifications for verification.
  • Select Configurate.
  • Scan the QR code using the Microsoft Authenticator app on your mobile.
  • Answer on your mobile unit.
  • Add your phone number and approve via the app.
  • Please also add your private phone number in case you lose your work mobile.
  • Click Save and you are done.

You are done!

 

 

Guide MFA for Mac

Download the guide to print here

Install two-factor verification

To access your accounts more securely, we are introducing an additional security step, two-factor verification, which makes it harder for hackers to break in to your account to access your documents and information. To install it you need your computer and your mobile.

The installation is done in two steps:

  1. Download and install the Microsoft Authenticator app to your mobile.
  2. Add your Miun account to your app.

Step 1

  • Download and install the app Microsoft Authenticator to your mobile.
  • For Apple units: Available in AppStore.
  • For Android units: Available in Play Butik.

  • Give the app access to your camera to photograph a code, as well as your contacts. Save these settings.
  • When the app is installed on the unit you wish to use to log in, select Next and then Next again in the dialog box ”Configurate your account”.
  • Select Add account followed by your work or school account.
  • The app asks you to scan a QR code you will now generate on your computer.

Step 2

  • •Start Microsoft Remote Desktop (Install from Self Service if needed).
  • •Click on Add Workspace.
  • Type the following address and click Add:
    https://remoteapp.miun.se/RDWeb/Feed/webfeed.aspx

  • Enter your login information and click Continue.
  • Here are the apps you can start. Select Azure MFA enrollment.
  • Enter your login information again and press Continue.
  • A remote desktop will start.
  • Select your Miun account or enter your Miun email address if your account does not appear.
  • Enter personal\username and password, like when you log in to your computer.
    Please note! personal\ must be entered before your user name. Press the right option key and the ? key for  \


  • Select the option Mobile app as well as Receive notifications for verification.
  • Select Configurate.
  • Scan the QR code using the Microsoft Authenticator app on your mobile.
  • Answer on your mobile unit.
  • Add your phone number and approve via the app.

  • Please also add your private phone number in case you lose your work mobile.
  • Click Save and you are done.

Done!

 

 

VPN

General

As long as you have an internet connection, VPN allows you to connect to Miun’s network when you are outside the university. This allows you to access many of the Miun systems that are usually not accessible from outside, such as Agresso.

VPN for Mac

VPN for Mac

In order to connect to Miun’s network via VPN, your Mac needs to have an internet connection. After that you can connect to FortiClient VPN


FortiClient VPN

If you have FortiClient installed, it will be visible next to the clock.

 

Click on the FortiClient icon and select Connect to MIUN.

 

Enter your Miun username and the same password you use to log on to your computer and press Enter or click Connect.

 

 

You will now be connected via FortiClient VPN.

 

VPN for windows

To be able to connect to Miun's network via VPN, your computer first and foremost needs to have an internet connection. After that you can connect to FortClient VPN

 

FortiClient VPN

You can connect VPN via FortiClient in two ways, either when you log in to the computer, or when you are already logged in to the computer. Below we describe the two different ways.

1. Connect the FortiClient VPN when logging in to the computer. This requires that the computer already has an internet connection either via network cable or WiFi. 

  • Start your computer and connect to Internet by clicking on the logo in shown in the picture below. There is another logo if you are connected by wire.

  • On your login screen, select Sign-in options.

Here you can choose whether you want to log in with or without VPN.

  • Click on the FortiClient logo and then enter your username and password just like when you log in as usual, press Enter and the computer will first connect to the VPN and then log you in the usual way.

 

2. Connect your FortiClient VPN when you are already logged on to the computer

  • If you have FortiClient installed, it will appear in the system tray next to the clock.

  • Click the FortiClient icon and select Connect to MIUN.



  • Enter the same username and password that you use to log in to the computer and press Enter or click Connect.

  • If everything works as it should, you will be connected via FortiClient VPN.

The page was updated 12/28/2022