Document toolboxDocument toolbox

Profile Validation

Owned by Emily Lang (Unlicensed)
Last updated: Aug 16, 2024 by Natosha Edmonds
6 min read

Version

Summary

Version

Summary

07/08/2024

Updated to align with One Sage release.

8/10/22

Updated process and link to new AWS VPN instructions

02/22/2022

Updated EC2 instance and VPN instructions

12/28/2021

Updated format to align with policy version tables

12/15/2021

Added version tracking table.

07/08/2021

Updated

Audience: Sage ACT

Table of Contents

Overview

One of the configuration options when setting up an Access Requirement (AR) is user type. Both click-wraps and ACT-managed ARs can be configured so that users must be validated in order to be granted data access. Users who are not validated will not be able to click the “Agree” button on a click-wrap and will not be able to submit a data access application for an ACT-managed AR.

Profile validation is a process by which users have their identity verified by ACT. Users submit an ORCID profile, a completed Synapse Pledge, and a signed identity attestation document to ACT, and then ACT must review the documentation to ensure the documents are acceptable and match the user’s Synapse profile information. For privacy and security reasons, ACT must utilize a remote desktop to review profile validation requests so that submitted documents are not downloaded onto any personal devices.

Configuring the Profile Validation Request Environment

Before validating Synapse profiles, ACT must set up VPN access and a Windows instance using Amazon Web Services (AWS). This allows ACT to validate profiles without downloading users’ personal information onto an ACT member’s laptop. You must always utilize a remote desktop to review profile validation requests.


1. Establish VPN Access 

Instructions for establishing an AWS VPN client can be found here. Please reach out to the Sage IT Team if you have any questions.

2. Download a remote desktop application

First, make sure you have created a JumpCloud account. Most new employees at Sage create a JumpCloud account during their first week at Sage. You will use your JumpCloud account credentials when setting up your remote desktop.

For Macs: Once you connect to your VPN, you will need to download a remote desktop application. The most secure way to do this is to go through the Mac app store and download a remote desktop app. “Microsoft Remote Desktop” is a good option. Use your Sage Bionetworks email to create your Apple ID. As you proceed through the steps of creating your account, choose “none” under payment methods to avoid applying a credit card to the account. 

Note that you may get an error stating that you do not have any Microsoft devices connected to your application. Once you establish your EC2 Windows Instance following the steps in the next section, your remote desktop will be established for the profile validation.

For PCs: For remote desktop applications, please see instructions below.

3. Establish your EC2 Windows Instance using the Service Catalogue

The instructions below will allow you to configure your remote desktop environment:

  1. Start your AWS VPN client with JumpCloud integration.

  2. To create your virtual windows machine (or ‘instance’) please follow the steps listed for your device here: Service Catalog Provisioning. You will be creating an EC2 Windows Instance with JumpCloud Integration. 

  3. Once your instance has been created in the Service Catalogue scroll down to AWS events. From there click on Output Value and then the Outputs Tab. You should see the following information:



4. You will need the “WindowsInstancePrivateIpAddress” value for your remote desktop. Next, in your Windows search bar, type “Remote Desktop Connection” and open the app. Type in the IP address and your JumpCloud user name. Click connect.

5. If you are using Microsoft Remote Desktop client, the PC tab will look like this:

6. Test that you can access your remote desktop by following the steps listed under “Validating Profiles” below (you can skip steps 9-15 unless you have profiles to validate). To launch the remote desktop, double click on the PC instance that you established in the remote desktop app.


Reviewing Profile Validation Requests

Once a user submits a profile validation request, an email will be triggered to ACT@sagebionetworks.org. Therefore, ACT does not need to check the Profile Validation Dashboard daily for new requests, and instead can just review the dashboard when an email is received.

How to Navigate to the Profile Validation Dashboard in your Remote Desktop

  1. Start your AWS VPN client.

  2. Go to https://sc.sageit.org and log in.

  3. Go to your “Provisioned products list” and select the Windows EC2 instance you have established for validating profiles.

  4. Click the “Actions” button and select “Start” and then “Perform Action” when prompted.

  5. On the top right of the “Provisioned product details”, click the refresh button next to the Actions button. The status will change to “Under Change”. Periodically click the refresh button until the status changes to “Available”. Now your Instance is available for use.

  6. Open your remote desktop app (likely “Microsoft Remote Desktop”).

  7. Click “Connect” when prompted and this should launch your instance (it will look like a Windows Desktop). Open an Internet browser to access the Profile Validation page.

  8. Note, the first time you access the Internet within your Windows instance you’ll need to log into Synapse with your credentials (your VPN browser will not know your login or password the first time). It is a good idea to bookmark the Synapse site on your VPN browser for future access and have Google remember your password. Once logged into Synapse, all of your starred pages will be available and accessible like usual. If you haven’t already, it can be useful to star the ACT Zone page for quick access.

  9. From the main ACT Zone page, go to ‘Profile Validation Dashboard’ which can be found in the left hand side menu towards the bottom.  

  10. Click the “Profile Validation Dashboard” link in the Wiki to review requests. 

How to Review Requests

  1. For the profile validation request to be approved:

    1. Ensure the user’s ORCID profile is public and contains at least one piece of information (i.e. education, employment, etc.).

    2. Ensure the user attached an identity attestation document in English. Document options include:

      1. Letter from a signing official (not themselves) on official letterhead attesting to their identity

      2. Notarized letter attesting to their identity

      3. A copy of a professional license (i.e. medical license, etc.)

  2. If all of the above criteria are met, you can approve the user by clicking the ‘Approve’ button. The user will automatically receive a confirmation email that their profile validation is approved.

  3. If the user does not meet all of the above criteria, you will click the ‘Reject’ box, which will generate text for a rejection email:

    1. Click the checkbox(s) for the appropriate rejection reasons - be sure to select all that apply

    2. Click “Generate Response"

    3. Review email message and make any necessary changes or additions

    4. Scroll down and click “Send”

  4. After approving or rejecting the request, you will see a comments box. 

    1. If they were approved, leave the box blank.

    2. If they were rejected, write a brief explanation for the rejection (e.g., Pledge not signed, ORCID profile not public, Missing identity document).

How to Close Out of your Environment

  1. Once you have reviewed all pending requests, exit out of the browser and close your remote desktop window.

  2. Go to your “Provisioned product details” and select the Windows instance you have established for validating profiles.

  3. Click the “Actions” button and select “Stop”.

  4. Click “Perform Action”.

  5. Disconnect your VPN connection.

Monthly Maintenance: Deleting Downloads to Protect Sensitive Information

ACT members need to regularly delete the contents of their downloads folder to ensure sensitive documents (e.g., passports, driver's licenses, state IDs) are not stored in the remote environment. Follow these steps to delete the downloads and empty the trash bin:

  1. Open Google Chrome and go to your downloads history.

  2. Click the three vertical dots on the right side of the screen.

  3. Select “Open downloads folder.”

  4. Select all files in the downloads folder.

  5. Move the selected files to the trash.

  6. Open the trash bin.

  7. Select “Empty trash.”

  8. Return to the downloads history in Google Chrome.

  9. Click the three vertical dots again.

  10. Select “Clear all.”

Common User Errors

  1. ORCID profile:

    1.  Not public: “No Public Info Available”

    2.  Does not have one piece of information (i.e. education, employment, etc.)

  2. Identity Attestation Document:

    1. Not on letterhead

    2. Not in English

    3. Student or Work Identification Badge

Resources

Certification Quiz

ORCID Profile settings

Synapse Pledge

Template for Notarized Letter

Template for Signing Official