Connecticut State Colleges & Universities
IT Support Center

Frequently Asked Questions (FAQ)

The following are some of the important questions that come up from time to time, that you may find helpful answers to...

Q: How do I log into the Protective Enclave?
A: For detailed instructions on how to access the Protective Enclave, check out the Logging into the Enclave page.

Q: When using Core-CT, what activities must be done from inside the Protective Enclave?
A: Work completed by anyone maintaining employee records in Core-CT (e.g. Workforce Administration, benefits, Time and Labor, and Payroll) must be done within the Protected Enclave. Restricting access to Core-CT to the Protected Enclave for employee administration purposes, will mitigate the exposure of sensitive DCL3 data.

Employees maintaining their own personal information, entering time, or approving time can access Core-CT outside of the Enclave.

Q: How do I access my Banner Folders in the Protective Enclave?
A: For detailed instructions on how to access your Banner Folders from the Protective Enclave, check out Working in the Enclave page.

Q: How do I save a file when using Internet Explorer?

A:When you are viewing the page you want to save, click the wheel icon - File - "Save as...":

 

NOTE: Ctrl + S is disabled and will not work in the Protective Enclave.

Q: I'm trying to login to the Protective Enclave and I'm having problems authenticating. What do I do?
A: If you are having difficulties logging into the Protective Enclave, try logging into the MFA portal first. You will be able to use a backup method to get in (either text/phone call or answering your security questions) and then you can change your MFA settings if needed. Once you are able to successfully login to the MFA portal, then try to login to the Protective Enclave. Note that if you immediately log into the Protective Enclave site after successfully logging into the MFA site, there is a short window of time where you will only be prompted for username/password and not your MFA authentication (phone call, text or Mobile app).

There are many more FAQ items in this document that may help you as well so be sure to see if your question is answered here first.

Q: I thought I had to enter a PIN when authenticating using MFA? It's not prompting me for a PIN.
A: You are prompted for a PIN for all authentications except when you are using the Mobile App option and have enabled it to use your fingerprint. In this case, you had to enter your PIN when you set it up to accept your fingerprint, but after that you will not be prompted for your PIN while using your fingerprint.

Q: I'm seeing a timeout message appear after logging into the Protective Enclave. Why is it timing out so quickly?
A: Within a few minutes after logging into the Protective Enclave, you'll notice the browser session used to login (using the Citrix Receiver) will warn you it will be timing out soon:

and then it will timeout due to inactivity:

You do not need to keep the browser window connected to the Citrix Receiver open in order to use the Protective Enclave Desktop. You can let it timeout or you can choose to close the browser window. NOTE: If you log out of the Citrix session (using Log Off), you will close the Protective Enclave Desktop:

Q: I accidently clicked the X in the upper-right hand corner of the Protective Enclave Desktop window. Did I lose what I was working on?
A: No. You will not immediately lose your work if you disconnect your Protective Enclave Desktop. You will however need to reconnect to the Protective Enclave and launch a new Protective Enclave Desktop. If you reconnect within 10 minutes of disconnecting, it will be right where you left off. NOTE: Disconnecting or closing the Protective Enclave Desktop is not the proper way to close your Protective Enclave Desktop. Instead, when you are done for the day, you will want to save any unfinished work and Sign Out.

Q: Why am I being prompted for my password after not using the Protective Enclave Desktop for a short amount of time?
A: That is a "screensaver" password that simply locks the desktop due to inactivity. For security reasons, after 15 minutes of inactivity, your Protective Enclave Desktop session will lock the session and you simply need to provide your password to unlock the desktop. NOTE: This is not the same as "logging off" or "signing out". When you are done for the day, you will want to save any unfinished work and Sign Out of the Protective Enclave Desktop.

Q: Is there a maintenance window when I shouldn't be working in the Protective Enclave?
A: Yes. There is a scheduled, weekly maintenance window on Sunday morning from 2AM to 4AM that you may be disconnected even from an active Protective Enclave Desktop session. We highly recommend you do not work in the Protective Enclave during this time and close and save any work before 2AM on Sunday.

Q: My Protective Enclave Desktop just disappeared for no reason even though I was actively working in it. Why?
A: There are two common situations where an active Protective Enclave Desktop would disappear:

  • During the scheduled, weekly maintenance window: Sunday 2AM - 4 AM. Note that any work that was being done may be lost.
  • When the same account that was used to connect to the Protective Enclave is used to open another Protective Enclave Desktop (for example it is launched from another workstation). There can only be one Protective Enclave Desktop open at a time per user, therefore if a second one is launched, the first one will disconnect without any error, popup or warning. Since it's the same user launching the Protective Enclave Desktop, whatever application was being worked on from the first Protective Enclave Desktop will be right where it was left off when the first Protective Enclave Desktop "disappeared".

Q: I logged out and back into the Protective Enclave and it's only prompting me for username/password. Why?
A: There is a small window of time (a few minutes) where you are not prompted for your multi-factor authentication if you log back into the Protective Enclave. This window of time allows you to log back into the Protective Enclave and it will only prompt you for your username/password and not use your MFA authentication (phone call, text or Mobile app).

Q: How do I make the Protective Enclave Desktop window full screen, restore to a window or span dual monitors?
A: Steps are shown in the Navigating Around page.

Q: I want to add a backup phone number but there's only an entry for one phone number, not a backup. Why?
A: It only prompts to enter a BACKUP phone if the method is set to Phone Call, but if a backup phone number is set, it will still use it as a backup if you have your method set to . If your selected method is either Text Message or Mobile App, then you are only prompted to enter one phone number. To set a backup phone for text or mobile method, change your method to Phone Call so you will see the prompt to enter a backup phone. Enter a backup phone number. Then change the method back to text or Mobile App. The backup phone number you set will work even though you can't see it on the "Change Phone" page.

Follow the changing or adding a phone number steps in the MFA document.

Q: When is the MFA backup method used?
A: If you are using the phone call method and you do not answer the primary phone number or it goes to voice mail, then it will call the phone number you have defined as your backup phone number after it did not reach you on your primary phone number.
However, if you are attempting to login to the Protective Enclave using the text message method or mobile app method and you don't respond or incorrectly authenticate (enter wrong text passcode or PIN) it will give you the "Incorrect user name or password" error only and will not use your backup method. If you don't have access to your text message or mobile app, you will need to first login to the MFA portal in order to use a backup method. If you don't have access to your text message or mobile app when logging into the MFA portal, then it will prompt you to select a backup method. You may then choose to receive phone/text on either your primary or backup phone number or answer your security questions to proceed. Once logged into the MFA, you can make changes to your MFA settings and then you can log into the Protective Enclave. See the FAQ item about adding a backup phone number when using text or mobile app method.

Q: What if I forgot my mobile device at home and I'm using it as part of my MFA authentication?
A: If you don't have access to your text message or mobile app, you will need to log into the MFA portal. It will prompt you to select which backup method you'd like to use. You may then choose to receive phone/text on either your primary or backup phone number or answer your security questions to proceed. Once logged into the MFA, you can choose to make changes to your MFA settings. See the FAQ item about adding a backup phone number when using text or mobile app method.

Q: How do I add to my IE Favorites bar when I'm working in the Protective Enclave?
A: If you try to use the star icon to add the current site to the favorites bar you will see an error:

Instead, click and hold the icon to the left of the URL and then drag it to the Favorites bar:

Q: What is Request DLP bypass on the Data Loss Prevention pop-up?
A: When a file is flagged as containing DCL3, the McAfee Data Loss Prevention popup has a link to a 'Request DLP bypass'


Currently, the link to 'Request DLP bypass' is not used by CSCU. If a file is flagged as containing DCL3 and is a false positive, work with your college's Protective Enclave Liaison to allow the file to be allowed out of the Protective Enclave.