Terms and conditions Single Sign-On & Two-Factor Authentication

General Terms and Conditions of Use of the Single Sign-on & two-factor authentications service of University Tun Hussein Onn Malaysia(UTHM).

To be able to use the restricted content and services, users first need to register an account and wait for the necessary login details to be sent and activated. In compliance with this requirement, it needs to be verified that the user is a member of one of the groups of persons entitled to be given access to the restricted information.

By offering its registration service (hereinafter referred to as the “Single Sign-on authentications service “ or „SSO authentications service“), UTHM offers a single  platform from where users can obtain the necessary login data for all participating systems and “SSO Ready” status. Once activated by PTM, the SSO authentications service is available to the participating systems and to users as a single tool for logging in to the various participating systems.

  1. Scope of application

1.1 These General Terms and Conditions of Use shall apply to the use of the Single Sign-on authentications service and all other services offered and provided by UTHM here under. The SSO authentications service is provided by Pusat Teknologi Maklumat(PTM), using open source identity and access management, Keycloak.

1.2 The contractual relationships between users and the participating systems and their respective online offerings in which the SSO authentications service is or can be used may be governed, if applicable, by general terms and conditions of business, or general terms and conditions of use, of the respective service providers for the various systems.

1.3 The default mobile application use for managing two-factor authentication is by using Microsoft Authenticator app. If a user is using an outdated smartphone or a brand that does not support the default store app like Google and Apple, user can use alternative app as explained in the guideline on login page by following the instruction specifically.

  1. Services

2.1 For the purposes of the SSO authentications service offered by UTHM, Single Sign-on (abbreviated “SSO”) means that after initial registration and authentication, users can log into, and access, all restricted services, areas and applications on all internet portals of the systems at UTHM, or other offerings (e.g. mobile apps) which use the SSO authentications service, using the same login details, without having to complete another registration process for each of those systems, as would otherwise be the case.

2.2 The SSO authentications service generates a unique user “identity” for each user which can be recognised and verified by all participating internet portals. This allows users, in addition, to have the data stored in their SSO account (e.g. their e-mail and password) used automatically, e.g. to access their user profiles without having to re-enter and re-verify the access data manually.

2.3 Moreover, the SSO authentications service allows certain information to be presented to users in a tailored and individual way. This makes the use of the systems more comfortable for users. For instance, users may be informed after logging in of latest news and service offering.

2.4 The SSO authentications service allows users to manage their SSO account easily and more secure with the use of 2FA.

2.5 Use of the SSO authentications service itself is free of charge for the user.

  1. Identification and registration

3.1 To be able to use the SSO authentications service, users need to be registered and verified by Pejabat Pendaftar, UTHM.

3.2 User must provide a valid document as a proof of identity requested by PTM for verification purposes in the event of lost password or replacing new device to be pair with authentication app.

3.3 Moreover, the user represents and warrants that the personal information provided on his or her valid document, including, without limitation, his or her first and last name, postal address, date of birth and email address, is true and correct. In particular, users must not enter the details of others and are required to notify UTHM without undue delay if there is any change in the personal information they supplied.

3.4 Completion of the user verfication offer to UTHM to enter into the Agreement on Use of the SSO authentications service (hereinafter also referred to as the “User Agreement”). UTHM will accept this offer, subject to the provision of clause 3.1, by sending an email to the user’s email address confirming their successful registration, or by enabling the user to access the areas or content requiring registration once the registration form has been submitted. In either of these cases, the User Agreement shall be deemed to have been entered into.

3.5 There is, however, no entitlement for users to be granted access to the systems.

3.7 Contracts may be entered into in Malay or English.

3.8 UTHM reserve the right to refuse registrations on a case-by-case basis without stating reasons.

  1. Use of login details, access to portals

4.1 Users will be able to access restricted content and offerings of the participating systems by entering their login details, i.e. email address and password, into the respective login form.

4.2 The login details are intended to be used only by the respective user personally. Users must not disclose their login details, in particular their password, to anyone (including family members and co-workers). Users must ensure that their login details, in particular their password, are kept confidential and secure at all times and are required to prevent any unauthorised use of the participating portals by third parties.

4.3 If a user becomes aware of or suspects any misuse of his or her login details, he or she shall notify PTM, UTHM without undue delay. In the event of actual or suspected misuse of a user’s login details, UTHM shall have the right to terminate his or her access to the internet and system of UTHM immediately. If a user is responsible for such misuse of access details, he or she shall be liable for all consequences of use by a third party. In particular, a user shall be deemed responsible already if he or she enabled the unauthorised use of his or her login details through negligence. The liability of the user ends only if and when he or she has notified the PTM, UTHM via Helpdesk ~ 07 453 7292 / 7295, unauthorised use of his or her login details and changed the password, if necessary.

4.4 Clause 4.3 shall apply mutatis mutandis if a user has selected the “Remember me” option while working on a public or shared computer and third parties thereby gain access to the systems.

4.5 The scope of access provided by the login details depends on the terms of use of the respective systems in UTHM. Moreover, the scope of access may differ depending on the professional group to which a user belongs.

4.6 Users are hereby informed that each of the systems in UTHM is operated by the PTM identified as provider of the portal concerned. Unless an offering is operated PTM itself, UTHM accepts no responsibility for the content offerings provided thereon.

  1. Termination or withdrawal of access

5.1 In the event that a user breaches these General Terms and Conditions of Use, in particular if a user

  • provides incorrect data during or after registration and/or
  • discloses or shares his or her login details, in particular his or her password, without authorisation,

UTHM reserves the right to disable the login details of that user temporarily or permanently and/or terminate his or her access with immediate effect or within a period to be determined at our discretion and/or to terminate the User Agreement by extraordinary termination without notice. If this is the case, the user concerned will not be allowed to re-register without the express prior consent of PTM, UTHM.

5.2 Moreover, user access will terminate automatically as soon as a user ceases to be a member of any of the eligible groups of persons listed on the specialist portal concerned. Users are required to notify the customer service (using the contact details specified in clause 3.3 above) without undue delay of any forthcoming or recent changes of their student or employment status.

  1. Termination of the User Agreement

6.1 The User Agreement is for an indefinite term. It may generally be terminated by either Party, for convenience, without notice (subject, however, to clause 6.2) at any time. This shall be without prejudice to the right of either Party to terminate the User Agreement by extraordinary termination for good cause. Notice must be given in text form, i.e. at least by email.

6.2 However, termination of the User Agreement with immediate effect would result in the user becoming unable to log in and, depending on the respective offering of a participating internet portal, possibly also to access subscriptions he or she purchased, or other restricted areas of the systems otherwise accessible to him or her. Therefore, any termination of the User Agreement shall only take effect when the user has terminated or otherwise ended any subscriptions or other fixed-term agreements which may remain in place with the systems at the time in question or when such other agreements have expired. Therefore, we are also unable to delete the SSO account of the user until this has been done.

  1. Data protection

Protecting the security and privacy of users’ personal data is of great importance to us. For full information on this, please refer to the Polisi ICT UTHM.

  1. Changes to these General Terms and Conditions of Use

8.1 UTHM reserves the right to amend these General Terms and Conditions of Use at any time without stating reasons. Users will then be provided with the amended version of these General Terms and Conditions of Use by email. If the user does not object to them within 14 days of receipt of the email, the amended Terms shall be deemed accepted. The objection must be in text form. In its email, UTHM shall specifically inform the user of the possibility to object, the time limit for objection and the legal consequences of the user remaining silent.

8.2 As an alternative to the procedure described in clause 8.1, the amended General Terms and Conditions of Use may be presented to the user when he or she logs in using the SSO authentications service the next time. The amended General Terms and Conditions of Use shall be agreed through acceptance by the user when he or she logs in the next time. If the user does not object to them within one month of being presented with them for the first time, the amended Terms shall be deemed accepted. The objection must be in text form, i.e. at least by email. When presenting the amended Terms and Conditions of Use to the user, we shall specifically inform him or her of the possibility to object, the time limit for objection and the legal consequences of the user remaining silent.

8.3 If a user objects to the amended Terms, either Party shall have the right to terminate the Agreement on Use of the SSO authentications service by giving notice to the respective other Party with immediate effect.

8.4 However, the possibility to amend these General Terms and Conditions of Use shall not apply to amendments which restrict the scale and scope of use of the SSO authentications service available to the user to his or her disadvantage, nor to the introduction of new obligations of the user not previously provided for in these General Terms and Conditions of Use.

Last amended: June 2023