STEAM-CIRT Call Scripts

CSC STUDENT REPRESENTATIVES, this is the 'Call Script' that you should be using whenever you are resolving a STEAM-CIRT ticket by phone. 

NOTE: Once you're up to speed on this process, you do not have to have this script up on screen every time you're doing it, however, YOU ARE RESPONSIBLE for making sure that EVERY critical step in this process is completed prior to the resolution of the STEAM-CIRT ticket.

1) Verify Identity via PPS

• Verify the User's Identity via the standard PPS Identity Verification Process.
  

MFA*) Notify an MFA liaison about your call

• During the MFA enrollment rollout, starting September 2021, you may be tasked with assisting your caller with their MFA enrollment
• Notify a MFA Liasion via Slack with the user's alias/username when you get to this point in your call, possible liaisons are:
  NOTE: We are limited in our options for liaisons, start at the top, and work your way down, if no one is available, skip the MFA steps in your ticket resolution and make a note of it in the tech notes.
  
  • Specialist on Point
  • #general with an @here tag.
  • Individual Specialists via DMs
• They are not turning on MFA at this point in your call, this is to notify a liaison that it is coming.

2) Complete the STEAM-CIRT Qualtrics Survey

• On your own computer, open the Qualtrics STEAM CIRT survey
  NOTE: The link to the survey can also be found in the tech notes of the STEAM-CIRT
• Complete the survey, by reading off the questions to the user, and recording their answers.

3) Set a new Career Account Password via Account Setup Reset Tool

NOTE: To save time, you may want to generate the Setup Password in the background while going through the Qualtrics survey with the user.

• Direct the user to purdue.edu/accountsetup
• Have them fill in the first two blanks, PUID & Date of Birth
  NOTE: They must match the example formats on the right EXACTLY
• Generate a new Career Account Setup Password via https://www.purdue.edu/apps/account/AccountSetupReset
• The previous password has been compromised, it's critical that you emphasize that they discontinue using this password for ANY account.
• Once their information is in, they should be able to proceed to the next page and set a new Career Account Password
• NOTE: The requirements listed on the webpage are out of date, current password requirements can be found here.
  NOTE: They only need this first page of the AccountSetup, they do not need to complete it
  
  • If they receive an error from this webpage:
    NOTE: NEARLY every error on this page is going to be misleading, or at least not helpful
    • Double-check that they were inputting all the information correctly, and have them try again
    • Open an incognito window in your browser, try the inputs yourself, if it works... they didn't type something right, try again
      
      • If it still fails, contact the Specialist on Point,
      • If they are not available, post an @here message in the #general Slack channel
      • If that also fails, start pinging individual Specialists, preferably NOT ones on a call
• Have them leave the AccountSetupReset tool, and continue below with the new password

4) Set Boilerkey PIN# via their Boilerkey Page

• Direct the user to visit their Boilerkey page, www.purdue.edu/boilerkey
• Have them click on the "Manage" button in the middle to get to the CAS login page
• They should log in with the new password from above, they'll need to log in with either:
  
  • PW,push
  • PW,6-digit-passcode
• Direct them to set a new Boilerkey PIN# by clicking to click on "Set your BoilerKey PIN" next to the key icon, below the green square.
  NOTE: They SHOULD use a different PIN# than before.
• Once the PIN# is set, they'll be dropped back on the Boilerkey homepage.
• Have them click on "Test your BoilerKey" next to the key icon.
• Have them test to make sure their Boilerkey is working normally again.
  NOTE: Especially due to COVID, it's important than ever that everyone knows how to log in via PIN#,6-digit-passcode
• Have the user click on "Boilerkey Self-Serve" under the black bar at the top of the page.
  NOTE: To avoid more CSC calls in the future, it's important to make sure everyone has activated the Boilerkey Self-Recovery-Tool, might as well do it while they're here.
• Next to the ambulance icon, have them click "Enable BoilerKey Self-Recovery via text messaging"
• They'll need to confirm their cellphone number via text message.

5) Secure their O365 Mailbox

NOTE: Hopefully by this point, their new password will have time to sync to O365... Otherwise, prepare to wait... syncing a PW to O365 via AccountSetupReset can take up to 30 minutes.

• Direct the user to open a new tab, and navigate to the O365 portal via your preferred method, the direct URL input is portal.office.com
  NOTE: Do this on the O365 web portal via computer, do not do it via a mail client, app, or mobile device. It MUST be done on a non-mobile browser.
• Have them log in via their username@purdue.edu
  NOTE: If they have a vanity email, their email and username will not match, needs to be their username, followed by @purdue.edu
• For their password, use the new password from above
• Once into O365, have them navigate to Outlook.
• Once they've successfully logged in, notify the liaison from above to 'throw the switch' and enable MFA for this user.
• Have them click the gear icon in the upper right corner, and then "View all Outlook settings" at the bottom of the sidebar
• Open the "Rules" tab on the left
  • Have them review or read off the rules listed. It's usually pretty obvious if a rule is legitimate or not.
  • Have them remove any malicious rules
• Open the "Sweep" tab on the left
  • Have them remove any sweep rules that they didn't create
• Open the "Forwarding" tab on the left
  • If there's any forwarding rules set to addresses that they don't recognize, have them remove them
• Tell them that they'll want to follow up after the call and review any sent, received or deleted emails to see if there's any issues that need to be addressed.
• Additionally, if they used their purdue.edu email account as the recovery email for any other accounts, they should re-secure those accounts as well after the call.

6) MFA Enrollment

NOTE: More direction will probably be needed at some point, but see what you can do on your own?

• Direct the user to sign out of the O365 Portal/Outlook
• Direct them back to portal.office.com
• Then sign back in, and they should then see this screen:

• Once prompted during Step 1: How should we contact you? they'll want to select the option for "Mobile App" for authentication, and then "Receive notifications for verification"
  NOTE: Apparently if you're adamantly opposed to using the Microsoft Authenticator App, you can use "KeePassXC Password Manager" instead? You just have to register the 'seed code' to the program for it to work. Per Justin Bryant of AgIT
  
  
• THEORETICALLY, they should be able to follow through and complete the on screen prompts without much assistance.
• If you have any issues, reach out to the MFA Liasion you contacted above.
• Once complete, please detail how the MFA enrollment went in the Tech Notes portion of your ticket, and pass along the same information to the liasion
• They will now be using MFA for their O365 logins, but since it employs 'trusted devices' they will only have to authenticate via MFA once every 14 days.
  NOTE: Just an FYI, let your user know that if they're logged into O365/Outlook/Teams on a lot of devices... they will get spammed for a bit by authentication requests as the session keys expire on those devices and they demand you confirm it as a 'trusted device' by authenticating. Over time though, those requests will spread out a bit rather than be all at once.

Resolution

• End your call and resolve the ticket.