Third-Party Vendor Access
Overview
The purpose of the vendor access request process is to ensure that third-party vendors (contractors, consultants, service providers, etc.) are granted access to university information systems in a secure, controlled, and compliant manner, consistent with CSU and campus-specific information security policies.
ITSO is responsible for reviewing and approving vendor access requests that involve sensitive systems or data, ensuring appropriate security controls (such as least privilege, MFA, and logging) are in place, and managing exceptions to standard policies.
Are you eligible?
Current faculty and staff; system administrators in academic; and administrative departments can request vendor accounts.
Cost
There is no direct cost to you or your department.
Get Started
To request third-party vendor access or make changes to existing vendor account access, please see below for further instructions.
If a request is made for a new vendor account and vendor group, the SDSU Sponsor will create a ServiceNow ticket to the IT Security Office and provide the following information:
- SDSU Sponsor Name
- SDSU Sponsor Department
- New Vendor Representative: First Name, Last Name, Email Address, Phone, and Company, Access End Date of Vendor Account
- IP Addresses and Network Ports (e.g. 443 [HTTPS], 80 {HTTP], 3389 [RDP}, etc.) that the vendor will need access to
- SDSU Sponsor Name
- SDSU Sponsor Department
- Description of Changes Requested
- Existing Vendor Representative(s) to be deleted or
- New Vendor Representative to be added (provide first name, last name, email address, phone, and company, access end date of vendor account)
If a request is made for updates to existing access requirements, the SDSU Sponsor will create a ServiceNow ticket and provide the following information:
- SDSU Sponsor Name
- SDSU Sponsor Department
- Description of Changes Requested
- Existing firewall rules to be deleted or
- New firewall rules to add (provide IP addresses and ports)
Get Help
Submit a ServiceNow ticket. Access should only be activated on an as-needed basis and disabled when not in use.
Get Help
To request a service, please submit a ticket via ServiceNow.
Report an Incident
Please contact the Information Security team immediately if you experience or are aware of any of the following: