Acceptable use policy

Identity Provider - IDP

General description of SAML2 WebSSO

The service provides authentication of users which have an electronic idenitity at Mid Sweden University , together with release of attributes pertaining to the authenticated user. The provider of the service/centre of learning is a member of SWAMID, the Swedish identity federation for Research and higher education. The service has been deployed in accordance with SWAMID’s policy and encompassing rules and guidelines which have been laid down by SWAMID.

 

Policy for personal integrity

The service adheres to the policy for the handling of personal data which has been published by Mid Sweden University in accordance with Swedish law.

 

The service and limitations of service

Mid Sweden University undertakes to guarantee the availability of the service in accordance with Mid Sweden University’s requirements and expectations. The process for creation, deletion and maintenance of electronic identities at Mid Sweden University is described here . Mid Sweden University follows SWAMID’s recommendations for release of attributes based upon entity categories. Mid Sweden University reserves the right to change the actually released attributes, having communicated such with a service provider, regardless of the recommendations from SWAMID concerning the entity category the service provider has been placed in.

 

Service and support


Questions and faults regarding Mid Sweden University and it’s SAML2 WebSSO service should be directed to the following local support channels: 

 

Tfn:            010-142 80 00
E-post:         helpdesk@miun.se
Webb:        www.miun.se/helpdesk

Contingent liability Mid Sweden University

Regulations for the use of the network and other IT resources at Mid Sweden University.

The IT resources of the university belong to Mid Sweden University and are meant to be used in the framework of the activities of the university. The IT resources may only be used by authorized users. The use of the IT resources may not interfere with existing legislation, the rules of SUNET, the regulations listed in this document or the regulations of the respective activity.

Authorized user

An authorized user is a user who has been authorized to use the IT resources of the university

  • The authorization is personal and cannot be transferred to a third person
  • The user identity must not be hidden when using the IT resources
  • The authorization expires when the employment, studies or other link to Mid Sweden University ends
  • The authorization can be withdrawn when the regulations are violated or when Mid Sweden University finds it necessary.


Use of the IT resources at Mid Sweden University

The IT resources of Mid Sweden University must not be used to spread, store or share information in an inappropriate way

  • interfering with existing legislation,
  • in activities that are not tied to the university,
  • for purposes that may harm the university´s name or reputation,
  • aiming at the marketing of products or services that are not linked to the university,
  • or in any other way interfere with the university´s activities.

Equipment and network

It is not allowed to:

  • attach equipment, such as switches, routers, access points or other types of network equipment,
  • offer services, such as DHCP, DNS, FTP, HTTP, HTTPS, SMTP using the Mid Sweden University network.

It is allowed to attach private equipment, such as mobiles or computers, to the Mid Sweden University network.

Information security and GDPR

As a user, I am also obliged to

  • follow the university´s rules and regulations for information security Information security
  • handle personal data in accordance with GDPR GDPR

Consequences/Sanctions

Users who breach the regulations may be suspended from further use of the computers and network of Mid Sweden University, and also suspended from their studies or work, or even fired.

Acts that are considered criminal will be reported to the police. Individuals who breach the above-mentioned regulations are personally liable in terms of consequences, sanctions or compensation.

Links:

SUNET´s regulations:
https://www.sunet.se/policy-for-tillaten-anvandning/
Information security:
https://www.miun.se/informationssakerhet
GDPR:
https://www.miun.se/en/staff/support/general-data-protection-regulation/gdpr-kurs/

Accounts

Frequently Asked Questions about MFA

What is MFA and why is it needed?

Multi-Factor Authentication (MFA) is the use of two or more independent means of evidence (factors) to assert the identity of a user requesting access to an application or service. The most common form of multi-factor authentication is two-factor authentication (2FA), which pairs your first authentication factor (typically something you know like your password) with a second factor of an entirely different kind such as something you have (like your smartphone).

When is MFA required?

Each time a user attempts to log in externally (not at campus and not connected with vpn) to certain services like to the mail or to the website miun.se, MFA authenication is required. The MFA-session from a device is valid for 14 days.

E-mail on the smartphone does not work after activating MFA

The built in e-mail apps on Android and iPhones has certain problems to handle MFA. Install "Microsoft Outlook" from Play store or App store and use it to read your e-mail from the smartphone.

 

 

Network access

RemoteApp Mac

How to access remote applications at MIUN from Mac

By using Microsoft Remote Desktop you can access remote applications at MIUN.

  1. Start Microsoft Remote Desktop (Install it from Self Service if missing)
  2. In Microsoft Remote Desktop Click on Add Workspace
  3. In the URL field enter the following and then click on Add.
    https://remoteapp.miun.se/RDWeb/Feed/webfeed.aspx

  4. Enter your credentials and click on Continue.
  5. You will now see your accessible applications. Start the applications by double click.
  6. Enter your credentials and click on Continue.
  7. Your remote application starts.

Office 365

Rules and routines for Office 365

Rules for Office 365

Routine description for digital workspaces. The routine is a part of the Mid Sweden University management information system for information security.

Instructions for Teams

E-mail and Teams – archival requirements and GDPR

The General Data Protection Regulation also applies to information in e-mail, chats, etc. In principle, all messages that are accessed or sent from a user account contain at least one personal data (sender / recipient / signature, etc.). Therefore, we must, in addition to following the rules of public documents, also follow the rules of personal data processing.

Create: Word, Excel and PowerPoint

Create: OneNote – a digital notebook

OneNote is an alternative to a regular notebook. You have your own place to quickly save your thoughts, ideas and plans. If you are e.g. working in a group, OneNote is useful for the joint meeting notes.

Introduction and training – OneNote

OneNote video training

Save: OneDrive – a personal area for saved files

OneDrive is your personal space where you can save files. You own them, but if you want, you can share selected documents with others, and in real time, together and from anywhere, work in the document and update it.

Introduction and training – OneDrive

OneDrive video training

Save: SharePoint – a common area for saved files

SharePoint is a common area where files from a team are saved. The files are shared within the team and all team members can work with the files in real time.

Create and share files – SharePoint

Video: Create, upload, and share files in a document library

Communicate/collaboration: Outlook– E-mail and Calendar

Communicate/collaboration: Teams – a chat-based collaboration workspace and a meeting tool

Teams is a collaboration workspace where you can create specific groups, e.g. your department (or equivalent) or for a project/work area. The group can share files and collaborate in real time, and the team can e.g. have a common Planner with tasks that need to be implemented and use Forms to create votes in the team. It is also possible to connect other external applications.

In Teams you can make phone calls, chat, participate in calls and online meetings.

Introduction and training – Teams

Microsoft Teams video training

Communicate/collaboration: Yammer – a discussion forum based on areas of interest

Yammer is best described as a social network for the organization, much like the organization's own Facebook. It is built around open communication and is in many ways inspired by the large social forums we otherwise use. Compared to Teams, Yammer acts more like a discussion forum.

Introduction and training – Yammer

Yammer video training

Plan/investigate: To do – to plan your work with to do-lists

When using To do you can plan your time with to-do lists, it is also possible to share them.

Plan/investigate: Planner – a project board in the cloud

Planner is a digital planning solution where each task is added to and distributed within the group. The data can then be followed up in a simple and clear way.

Introduction and training – Planner

Microsoft Planner video training

Plan/investigate: Forms – a survey tool

Forms is a tool to create and conduct studies, tests and polls.

Introduction and training – Forms

Guide Microsoft Forms

Secure authentication, MFA

Guide MFA för Windows

Download the guide to print here

Install two-factor verification

To access your accounts more securely, we are introducing an additional security step, two-factor verification, which makes it harder for hackers to break in to your account to access your documents and information. To install it you need your computer and your mobile.

The installation is done in two steps:

  1. Download and install the Microsoft Authenticator app to your mobile
  2. Add your Miun account to your app.

Step 1

  • Download and install the Microsoft Authenticator app on your mobile.
  • Install from AppStore for an Apple unit
  • Install from Play Butik for an Android unit

  • Give the app access to your camera to photograph a code, as well as your contacts. Save these settings.
  • When the app is installed on the unit you wish to use to log in, select Next and then Next again in the dialog box ”Configurate your account”.
  • Select Add account followed by your work or school account.
  • The app asks you to scan a QR code you will now generate on your computer.

Step 2

You need to follow a guide on your computer to decide how you wish to handle the two-factor verification.

  • Follow the pages 4-6 if you have a Miun computer and are located on campus or using VPN
  • Follow the pages 7-12 if you are outside of our network and cannot use VPN

To use VPN, click on the network icon next to the time. It looks like a screen or a fan, depending on whether you use a network cable or wifi.

       

When you click on the network icon you will se a menu. Click on vpn.miun.se and connect. Log in using your normal password.

You are now connected via VPN.

  • To generate the QR code you need to scan, go to the webpage https://mfa.miun.se/
  • ·Select your Miun account
  • Select the option Mobile app as well as Receive notifications for verification.
  • Select Configurate.
  • Scan the QR code using the Microsoft Authenticator app on your mobile.
  • Answer on your mobile unit.
  • Add your phone number and approve via the app.
  • Please also add your private phone number in case you lose your work mobile.
  • Click Save and you are done.

Installation outside of campus

If you work outside of campus and cannot use VPN, you may activate MFA from any Windows computer, as long as it is connected to the internet.

  • Go to https://remoteapp.miun.se/
  • Click on the link.
  • Click on AzureMFA enrollment.
  • Select Open.

  • Enter personal\username and password, like when you log in to your computer.
    Please note! personal\ needs to be in front of your username.
  • Select your Miun account, or enter your Miun e-mail address if your account does not appear.
  • Enter personal\username and password, like when you log in to your computer.
    Please note! personal\ must be entered before your user name.
  • Select the option Mobile app as well as Receive notifications for verification.
  • Select Configurate.
  • Scan the QR code using the Microsoft Authenticator app on your mobile.
  • Answer on your mobile unit.
  • Add your phone number and approve via the app.
  • Please also add your private phone number in case you lose your work mobile.
  • Click Save and you are done.

You are done!

 

 

Guide MFA for Mac

Download the guide to print here

Install two-factor verification

To access your accounts more securely, we are introducing an additional security step, two-factor verification, which makes it harder for hackers to break in to your account to access your documents and information. To install it you need your computer and your mobile.

The installation is done in two steps:

  1. Download and install the Microsoft Authenticator app to your mobile.
  2. Add your Miun account to your app.

Step 1

  • Download and install the app Microsoft Authenticator to your mobile.
  • For Apple units: Available in AppStore.
  • For Android units: Available in Play Butik.

  • Give the app access to your camera to photograph a code, as well as your contacts. Save these settings.
  • When the app is installed on the unit you wish to use to log in, select Next and then Next again in the dialog box ”Configurate your account”.
  • Select Add account followed by your work or school account.
  • The app asks you to scan a QR code you will now generate on your computer.

Step 2

  • •Start Microsoft Remote Desktop (Install from Self Service if needed).
  • •Click on Add Workspace.
  • Type the following address and click Add:
    https://remoteapp.miun.se/RDWeb/Feed/webfeed.aspx

  • Enter your login information and click Continue.
  • Here are the apps you can start. Select Azure MFA enrollment.
  • Enter your login information again and press Continue.
  • A remote desktop will start.
  • Select your Miun account or enter your Miun email address if your account does not appear.
  • Enter personal\username and password, like when you log in to your computer.
    Please note! personal\ must be entered before your user name. Press the right option key and the ? key for  \


  • Select the option Mobile app as well as Receive notifications for verification.
  • Select Configurate.
  • Scan the QR code using the Microsoft Authenticator app on your mobile.
  • Answer on your mobile unit.
  • Add your phone number and approve via the app.

  • Please also add your private phone number in case you lose your work mobile.
  • Click Save and you are done.

Done!

 

 

Telephony via Tele2

How do I switch SIM-card?

Follow this guide if you do not know how to switch your SIM card:

Guide: How to switch SIM-card

How do I make phone calls via Teams?

To dial a number from Teams, go to Calls, click Dial a number, and then enter the number of the person you want to reach by using the key pad. Then click Call.  

Read more in Microsofts guide about calls via Teams.

Only you who have a telephone connection in the telephony system can see a keypad under "Calls" in Teams and can call an external telephone number from Teams.

How do I refer my phone; set my status of presence?

You do this in Trio User, which you get access to via the following link:

https://trio-miun.uc.tele2.se/TrioUser/

The web link is distributed as a shortcut to staff with a Windows personal computer, so it easily can be reached from the desktop and in the Start menu. If you want to delete it, do it via the Software Center: "Trio User Shortcut Desktop".

If your computer is a Mac, a web link to Trio User has been sent to your computer. It is located under Programs on the computer and can then be found in the Finder and if you use the search function on Mac (spotlight), shortcut CMD + space, and search for "Trio".

In Trio User you enter your status of presence via the referral interface. In Trio User you can also have access the staff catalog.

When it comes to referrals, the connection to your calendar will work as before, so that a booked meeting will keep you busy on the phone (and Teams).

This Quick reference guide from Tele2 contains info about Trio User.

What number is displayed to the recipient of a call? Can I change it?

The default is that it is the 010 number that is displayed, regardless of whether you are calling from Teams or from your business mobile.

Your phone is automatically set as busy on the 010 number if you have a meeting booked in Outlook. Calls to your 07x number (mobile number), however, bypass the referral even if you have the status busy. This is so that you can be reached for family matters or anything else urgent. The general recommendation is to only use the 010 number in your contact information.

In Trio User under "Settings" and "Set role" you can change which number is displayed. If you want the 07x number (mobile number) to be displayed, change the settings from "Arbete fast" to "Arbete mobil" (Work mobile).

What code should I enter to listen to my voicemail in Trio User?

You need to enter a code to listen to a message in your voice mailbox. The code is the last four digits of your connection, ie. in the 010 number.

What data volume is included in the subscriptions?

The agreement with Tele2 includes an average consumption of 5 GB per subscription. The new thing is that we can "borrow" data from a colleague. This means that if user A exceeds 5 GB in his consumption, but user B has not consumed that much data, then extra data can be taken from the pot that is created centrally for this.

The advantage is, among other things, reduced administration, and faster processing of an upcoming need for more data volume. However, this does not mean that we have "free surfing"! There is a responsibility on each employee not to waste. At the same time, more people are given the opportunity to get help quickly if they need more data volume (the adjustment is done automatically).

Statistics will be taken on this for follow-up and adaptation of the service in the future. Abuse will be reported to the manager and suspension from the amount of data can take place.

Where can I see how much data volume I have used?

Send an SMS to 243 with the text "data" and you will receive an answer on how much data has been used this month.

What happens to Touchpoint when we change provider for the telephony?

TouchPoint will stop working when we switch to Tele2. In the new telephony we will use Trio User for staff catalog and reference.

What is required to put Team Meetings in Outlook on Mac?

For Teams to work fully in Outlook on Mac, you need to activate your personal Office 365 license which is available through Self Service. Do as follows:

  • Quit all Office programs.
  • Start the app, Self Service.
  • Click on the "Activate Office 365 license" and the "Activate" button.
  • After this, Outlook is started and you activate the license by entering your MIUN email address.
  • You can continue working in Outlook while the calendar is being updated in the background, it takes about 10 minutes.
  • You are then prompted to restart Outlook and then Teams is in the calendar.
  • To the right in the top bar of Outlook, you have the option "New Outlook". If you choose it, you get Teams as a default för meetings.

What is Trio?

Trio Connect is the name of the new telephony system. All employees get access to Trio User. In Trio User you will find the staff catalog and enter your attendance status via a reference interface. When it comes to referrals, the link to your calendar will work as before; a booked meeting shows you as busy on the phone (and in Teams).

Can I chat with someone external who has Skype?

When it comes to external contacts who have Skype, it works to chat with them one-on-one via Teams and only with plain text, see Microsoft's info on this.

Will I be able to connect to Skype meetings arranged by my external contacts?

Yes, you can continue to connect to external Skype meetings, either via a web client or with the help of Teams that have the functionality to also connect to Skype meetings.

Will the fixed desk telephones (SNOM) and conference telephones (SNOM) work after the change of provider?

Tele2 has confirmed that both SNOM desk telephones and SNOM conference telephones will work in the new solution, but settings need to be changed in them. INFRA expects that they will be able to test the new settings until we change provider, 29 Oct. It will be possible to change the settings in the SNOM phones as soon as the transition to Tele2 is done, otherwise it will not work to make calls with the current solution via Telia.

If it should take a day or two to change settings in all SNOM phones, the option to call from the computer can be used. The recommendation is to, if possible, switch from a fixed-line telephone to only call via the computer (via Teams in the new solution, which replaces Skype / Touchpoint used today).

What is A5?

This is the type of Office 365 license needed to get access to Teams telephony functionality. The licenses began to be activated on October 20.

What is “Teams Only”?

This means that telephony is via Teams and that it is no longer possible to use Skype.

I do not have a Mid Sweden University business mobile but still got a SIM card?

The basis for most employees' telephony is a mobile subscription, even if you only call via the computer or have a fixed-line. This means that a SIM card is sent home as it "belongs" to the subscription, even if you do not have a mobile phone. It was difficult to distinguish between those who only use the computer / fixed-line and those who need a mobile phone in this change to Tele2.

If you have received a SIM card even though you do not use a mobile phone, keep it until we change provider, on 29 October. It should not be needed to start the subscription, but still keep it for a while if it should be needed.

Is it possible to use eSIM in the new telephony with Tele2?

Yes, it is possible to get an eSIM instead of a regular SIM card if it suits your solution better. This makes it possible for you who, for example, use a newer iPhone to get dual SIM cards in your mobile (where one of the slots only can handle one eSIM). Of course, it also works in Android and other phone versions that support this.

Is it allowed to use the Mid Sweden University’s SIM card in my private mobile phone?

It is allowed to use the Mid Sweden University’s SIM card (also eSIM) in your private mobile phone to be reachable from the university line during your working hours. If you choose to use this solution, please return your business mobile to the Service centre, if you have one.

Please note that none of Mid Sweden University's insurances or guarantees apply if you use this solution.

Can I use my private mobile phone instead of the university's standard model?

Yes, it is allowed to use your private mobile if you prefer and / or only want a single phone with you during the day. Remember that you must be contactable during your working hours on the job number you have from the university. You need to have a SIM card (or eSIM) from Mid Sweden University in your private mobile in these cases, if you do not use another solution for your job telephony. Please remember to return your business mobile to the Service centre in cases where you have one and the job's SIM card is in another phone. This is because it is not allowed to use the work phone as your own private equipment.

Please note that none of Mid Sweden University's insurances or guarantees apply if you use this solution.

VPN

VPN for windows

Settings for MIUN VPN are pre-installed on all university computers.

If your computer has been installed by someone other than the IT-department or for some other reason does not have MIUN VPN, please contact Helpdesk.

Windows 10

1. Start the computer and connect it to the Internet.

  • Click on the symbol to the right, marked in read, on the lock-screen.
  • The symbol might look different if you are connected to a wireless network.

2. If your computer is connected according to point 1, click on the left symbol marked in red.

3. Enter your normal sign-in credentials (username + password) and connect. Once you have signed in you will be able to access all you files and folders on the university network.

If you are already signed in, click on the buttons as shown in the picture below. You will find the first button in the task bar at the bottom of your screen.