Table of Contents
The Proto account
This section outlines the account that connect all of S.A. Proto's IT-landscape and services together. This is the account you'll be using to access all stuff Proto has to offer. This document aims to provide some (technical) insight into the account and is primarily aimed at developers and those interested.
Within S.A. Proto your Proto account is actually two different accounts. This may seem strange, but once you're done with this document it is actually pretty straightforward. Regular members will probably never have to worry about this, but for active members, the board of S.A. Proto and the Have You Tried Turning It Off And On Again committee it may be useful to study this document when in doubt.
If you can log in on the website of Proto, you have a Proto account. It is the account you log in with on the website and the OmNomCom, the account that stores your purchase history and the account that you use to subscribe to activities. For active members, it is also the account you use to send e-mail, access network shares and log-in to Windows machines.
On the website and on the OmNomCom you can log in to your Proto account using your e-mail or username and password. If you don't know your username, head over to your dashboard and check the “update account” panel. It'll show you your username. It has been automatically generated for you and you cannot change it. You can use this username instead of your e-mail when logging in to the site and the OmNomCom to save some time.
You can change your password on your dashboard. If you don't know your password or your password doesn't seem to work, you can set a new password using the password reset page.
Using your UTwente account
In addition to your Proto account, you can also login using your UTwente account. This is only possible on the website, and can be done by clicking on the “Login with your UTwente account” button on the login page. You'll then be redirected to the login environment of the UT, which will handle the rest of the process. Before you can use your UTwente account to login on the website, you first need to link it to your account. You can do this via your dashboard.
It is important to understand that your UTwente account is not your Proto account, but merely an extra convenience we built in so you can login to the website more quickly in some cases, and to give you access to a few functions only open for verified students of the UT. You cannot use your UTwente account for anything outside the website.
We have changed the login process and account handling between 2015 and 2017, so all of this may be confusing to longer-time members who have only known logging in with their UTwente account.
Please note that, since recently, we do not any more handle your UTwente password. You log-in via the so called Single Sign-On environment of the UT. From the UT we only get back if a log-in was successful and what the username is. This means we do not know, process or transmit your UTwente password. If you forgot or want to change your UTwente password, you can do this here.
A note for non-members
You don't have to be a member in order to have a Proto account. In fact, sometimes you need a Proto account even when you are not a member (for example, if Proto handles the selling of ticket for an event you wish to visit). It is important to note that if you have an account but are not a member, your Proto account simply has fewer permissions so you'll find that you can't do everything a regular member can do on the website. Your account also won't have a username until you become a member, which excludes you from services that require you to login with your username instead of your e-mail address.
This sub-sections are intended for those interested in the inner workings, and of course for the Have You Tried Turning It Off And On Again committee. If you're only here looking to get the basic info, you can stop here.
Proto accounts are stored on two systems.
The primary system
The primary system is the database behind the website. Here we store the user model, including password (hashed) and e-mail addresses. The usernames (as mentioned above) are stored in the member model. This is the reason why only members have usernames. This system is also where the management is done. Via the website people can change their e-mail and password, create and delete accounts, assign memberships etc. The downside is that it is difficult and cumbersome to integrate some third party software and services with our database. This is why we have the secondary system.
The secondary system
The secondary system is the so called Active Directory. Active Directory, or AD for short, is - and this is a generalization - a service for Microsoft environments which centralizes account management in large networks. We use Active Directory because are getting more and more Windows components in our IT-landscape (see services below) and this is the most efficient way to let you access all services using only one account. Active Directory also provides a native LDAP front-end based on data in the Active Directory environment. LDAP is another Active Directory-like service which centralizes account management and is mainly used by UNIX and web applications. There is no large scale use of LDAP yet in our IT-landscape, but it is certainly great to have ready.
Synchronizing the systems
Every 15 minutes the website synchronizes account details to the Active Directory (making the Active Directory a slave system; if we change the content of the Active Directory manually it is reverted back on the next sync). This makes sure new accounts are created, old accounts are removed and meta-data (name, e-mail etc) is kept up to date. Note that passwords are not synchronized. Since they are stored as a hash in the database (and Active Directory uses another hashing algorithm) there is no way we can transfer passwords between the two using the data that we store. Instead, passwords are synchronized whenever a user changes their password on the website (either when creating an account, changing the password or performing a password reset). On this moment, we have a short opportunity to send the plain-text password over an encrypted connection to the Active Directory. Please note that we never store your plain-text password. It is only processed and transmitted to the secondary system, but never retained.
Note regarding non-member accounts
Please note that non-member accounts are not synchronized to the secondary system, which means they do not exist in the AD/LDAP directories. This also means they can never access any of the services that uses that back-end. This is intentional. In addition, this means that if a user becomes a member, their password is not yet known in the AD/LDAP directories; a member must thus first perform a password sync before they can use any services that rely on the secondary system.