VPN - Exception Process for External Users

Issue/Question

• Who needs an exception for VPN?
• How do I submit an exception request for the VPN? What is the exception process?

Environment

• Oregon State University
• External User
• VPN

Explanation

The OSU VPN server is available to all current OSU employees, students, associates and sponsored accounts.

Duo two-step login is required to access the VPN for all ONID account users.

VPN access defaults to full tunnel, Duo required.

If a user does not have an ONID account, an exception is needed to access the VPN. Exceptions must be requested by department IT and sponsored by a current OSU employee, and a business justification is needed.

A department can also ask to have VPN access temporarily extended for former students and former employees. The request must be made by a current employee and a business justification is needed.

Resolution

VPN Exception Requests for non-ONID Users

If you are not a current OSU student or employee and need access to the OSU VPN server, please contact your department IT. Community Network customers should contact the Service Desk.

If you do not have an ONID account, your IT department will submit a request for an exception to use the VPN using this form: Request an Exception to the VPN  (form is restricted to IT Pros). 

IT requesting a VPN exception will need to provide the following:

• Business purpose: why the customer needs access
• If split tunnel is being requested, why it is needed, why full tunnel will not work; and type of data being accessed
• The sponsor’s name, contact information and department
• The external user's relationship to OSU
• Contract term (if any) 

The default connection type for external users will be full tunnel unless an adequate business case can be made that requires split tunnel.

The request will be submitted to the Office of Information Security who will review the request.  For external users, the expiration date will be the contract term end date, or annually, whichever is first.  Annual reviews will be conducted by the Office of Information Security.

Access to confidential data will require multi-factor authentication (Duo), full tunnel access only and use of an OSU-provided device.

Sponsored ONID Account

In some cases, it may make more sense for an external person to be granted a sponsored ONID account. This is generally true when the OSU business case involves a need for more than VPN access. For example, a volunteer who needs access to OSU VPN and OSU Box or OSU Zoom may qualify for a sponsored account.

A business justification must be provided with a sponsored account request. Sponsored account requests must be submitted by an OSU IT person. 

• Community Network customers, please use this form: CN - New Sponsored Account
• IT Pros in distributed IT units, please use this form: IT Pros - Sponsor an Account
• All others: contact your department IT

Extend Access for Former Student or Former Employee

To request a temporary extension of VPN access for a former student or former employee, please see: VPN - Extend access for ONID user

Assistance

For assistance, contact the Service Desk.