Why are we moving to individual usernames?
In order to improve security, CCS is moving to individual usernames rather than shared or generic user names (such as GVKCIRC, GVKTECH). CCS considered several factors in making this decision. The primary reason is the introduction of a web-based staff client. Public services staff will use the web-based Leap client for almost all day-to-day work. The web-based client is a modern, streamlined tool that can be used on computers or mobile devices, and was a factor in the ILS investigation process. The ability to use the client for outreach events in the community was highly attractive. CCS has spent a lot of time researching how we can best maintain security of the database while still allowing staff to use Leap during outreach activities outside of the brick-and-mortar library building. The recommendation from Polaris is to give each library staff member an individual login. CCS staff spoke with other Polaris consortia including Pinnacle (IL) and Bridges (WI) who are using individual logins. A current thread on the Polaris user forum also indicates that many customers currently using shared logins are moving towards individual logins. In an environment with shared logins, each time a staff member left a library, the shared password would have to be changed for all staff with access. In some libraries, that could be multiple times per month. With individual logins, the staff member’s login can easily be disabled. CCS reviewed options with the IT Library Staff Advisory Group, and their recommendation was to proceed with individual logins.
How logins be managed?
Each library already has procedures in place for both onboarding and separation of employees, including creating AD and email accounts where applicable. CCS recommends libraries add a step to each process: open a CCS help desk ticket. For new employees, CCS would need a name, email, and level of access, and effective date. For separations, CCS would need the employee name or username and effective date.
How should staff manage logins at shared desks?
Staff don’t have time to log in and out between shifts. The Leap client is browser-based, which means library staff must go to a specified URL and enter their username and password to log on. The process is faster than opening and loading a traditional staff client. At many libraries, desk staff have access to other tools like their email or collection development tools, which require them to log in and out in accordance with their shifts. The Leap client would be very similar. At circulation desks where staff may float between workstations, libraries will need to reconsider workflow and use the training and testing period to update internal standards. For libraries that intend to collect credit card payments at the desk, individual logins is best practice and part of POS PCI compliance.
Can any users, like volunteers, have shared logins?
Any user that has access to modify records or view patron data will have an individual login.