When you create a new CCR account, you will be sent an email asking you to verify your email account.



The email will contain:  
"Your account "username" has been created, please use the following link to finalize the setup:"

with a link to click on to verify your account.  This link is valid for 24 hours.  If you do not verify your email address before it expires, you will need to request a new verification email via CCR help.  Click on the link and you will be redirected to the CCR identity management portal:



Click on the Verify button and you will see this confirmation.  You can now login to the CCR IDM portal:



Important:

This process only activates a CCR account.  You must be provided access to resources after your account is activated.  Please contact your instructor or faculty member who is sponsoring your account for further action.

Adding Users to Projects in Coldfront



How do I know these emails aren't a phishing attempt?


This is a GREAT question and we strongly encourage users to question any type of email asking you to update account information or provide passwords.  We take security very seriously and will always take the following measures when communicating any account related changes with you:


1. All account activation email communication will be digitally signed using our PGP key:

  https://www.buffalo.edu/ccr/pgp-key


2. Our website will always be updated with instructions and related information. Ensure you're viewing our website using a secure (https) link and verify that the SSL certificate is valid.


The email message sent to all CCR users has a PGP signature.  Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication.  Some email clients will recognize the email is signed and give you options for verifying the PGP signature.  If your email client doesn't, you can login to one of the CCR servers and verify that the signature is authentic.  The steps for verifying this are below:


Save a copy of the email sent from CCR as a text file on one of the CCR servers (rush, presto, etc).

Import the CCR public key for comparison with the email text:

gpg --import /util/ccr/pgp/ccr_help_key.asc

gpg: key C1F7CD96: public key "CCR Staff <ccr-help@ccr.buffalo.edu>" imported

gpg: Total number processed: 1

gpg:               imported: 1  (RSA: 1)

gpg: no ultimately trusted keys found


Check the key fingerprint (optional):

gpg --fingerprint  C1F7CD96

pub   4096R/C1F7CD96 2015-08-27 [expires: 2025-08-24]

      Key fingerprint = DFAD E01B C0CA 44C5 FDC2  26C9 781A AE84 C1F7 CD96

uid                  CCR Staff <ccr-help@ccr.buffalo.edu>

sub   4096R/CE2FB3C2 2015-08-27 [expires: 2025-08-24]


Verify the signature in the email against the CCR public key:

gpg --verify <your_text_file>

 


NOTE: The WARNING message means the public key wasn't signed by a certificate authority (like SSL certifcates are) but this does not mean the signature is invalid.  It just means you should ensure you obtained our public key through a trusted source, i.e. our website or directly from rush (using scp).  CCR's PGP information can be found HERE.  For more information about PGP, check out this website.