StepChange Debt Charity

Creating a 3^rd Party VPN User

These accounts are usually created for 3^rd party support companies to be able to access our network via the VPN and login to servers. The account will have certain restrictions placed on it.

To be able to set up a request for a 3^rd party account, we need to have 4 pieces of information, which the requester should provide:

Name and company – for the AD account

Email address – to send the username over to

Phone number- to text the password to

Account expiry date – stops the user logging in after certain time

Setup a fresh ticket if one hasn’t already been created to document the request, then to setup the account, open AD and browse to the Service Accounts/VPN access OU:

Create the account from scratch, based on the user’s name and generate a secure password.  

Try to use the convention of <company name><username>@cccs.co.uk for the domain account for clarity. Put the company name in the Description field too, so it shows in the AD view:

Once the account is created, double click on the account to open the AD properties, then click on the ‘Account’ tab and set the options so the user can’t change the password and set the expiry date:

Add them to the relevant groups access groups, the requester should be able to let us know what these need to be, but will be bespoke depending on what a particular 3^rd party needs access to.

Once the account has been created, you need to email the username to the user requiring access, then text them the password to their mobile number.

Confirm this has been completed to the requester through Fresh and close the ticket.