³ÉÈËVRÊÓƵ

Dos & don'ts of ³ÉÈËVRÊÓƵ ID numbers in WMS webforms

Reviewing the rules for collecting ³ÉÈËVRÊÓƵ IDs

The next time you're about to add a ³ÉÈËVRÊÓƵ ID field in your webform —ÌýSTOP!

Ask yourself, "Do I really need to ask for the ID number?"

If you can look it up on a system such as Banner — then the answer should be "No."

WMS webforms generally shouldn't be used to directly solicit confidential information from users such as the ³ÉÈËVRÊÓƵ ID number.

The ³ÉÈËVRÊÓƵ ID number links a person with the University as a student or an employee. This might seem harmless on the surface, but in sensitive situations, or if used maliciously, this identification can have serious security consequences for the person affected.

Do Not Enter symbolTo minimize any risk to the community, the best practice is to avoid collecting the ³ÉÈËVRÊÓƵ ID whenever possible. The University already makes this information available to authorized personnel through official secure applications such as Banner.

Authenticate and hide the ID field

If it's absolutely necessary to collect the ³ÉÈËVRÊÓƵ ID number in order to verify the identity of the person submitting the form, make login mandatory and make the field invisible. Capture the person's ID seamlessly when they log in so that it's included in the submission but only visible to those authorized to access the results such as a Site Manager or Reviewer.

Ìý

Practise safe information security

Follow these instructions:

  1. Ensure that the form is authenticated, i.e., require users to login
    • Go to the Form Settings
    • Under the Submission Access section, ensure that "anonymous user" is unchecked
    • select "authenticated user" or only the role(s) that should be allowed to submit the form

  2. Make the ³ÉÈËVRÊÓƵ ID field invisible to the person submitting the form.

    Either:
    1. use a Hidden component, or
    2. use a Private Textfield or Number component.

    Then:

    Add a token default value in the component to capture the logged-in user's ³ÉÈËVRÊÓƵ ID number.

    Textfield or Number component:

    • Under Default value, enter the following token:
      [current-user:field_mcgill_user_id]
    • Under VALIDATION, make sure that Required is unchecked
    • Under DISPLAY:
      • set Label display to None
      • ensure that Disabled is checked
      • ensure that Private is checked
    • Click Save component

    Ìý

    Hidden component:

    • Under Default value, enter the following token:
      [current-user:field_mcgill_user_id]
    • Under DISPLAY, ensure that Secure value is checked
    • Click Save component

Ìý

For more detailed instructions and information about webforms in the WMS, consult the IT Knowledge Base articles:

Ìý

This article was updated on August 17, 2021

Back to top