- Can I invite people to join?
- Can anyone find my information?
- Is there a way to create my own contact lists?
- What is verification and how do I get verified?
- What measures has HID put in place for insecure environments?
- My organization is missing. How can it be added?
- Can the system check me out automatically?
- How are my contact details on Humanitarian ID if I did not register?
- How do I remove my information from Humanitarian ID?
- Will this mean even more email?
- What are services in Humanitarian ID?
- Do I still use Virtual OSOCC?
- Why does Humanitarian ID verify users?
- Who can get verified?
- How can I tell if a user is verified?
- How does Humanitarian ID verify users?
- How to remain verified?
- Can I request to get verified?
- What can verified users do?
- How to choose a secure password?
- How can I change my password?
- Why do I need to update my password every six months?
- What is two-factor authentication?
- How do I activate two-factor authentication?
- Can I switch off the two-factor authentication?
- Should I reply to emails asking for my personal information?
- How does Humanitarian ID keep my data secure?
- What features does Humanitarian ID have that help me control my information?
- Is my information secure?
- What will you do with my data?
- Who owns and runs Humanitarian ID?
- Who manages Humanitarian ID everywhere?
- Is there an app in the Apple App store or Google Play store?
- Why not just use Google, Facebook or Twitter for central authentication?
- Can I sign into other sites with my Humanitarian ID?
- How do I integrate Humanitarian ID into my website?
- Can I build a feature for Humanitarian ID?
- On which websites can I use my Humanitarian ID to login?
Yes, of course. Obviously we ask that they are involved in humanitarian response or would be during a humanitarian crises. Simply send them an message with a link to our website – http://humanitarian.id – and encourage them to register and check in.
Your profile is publicly discoverable, but you control what information you share. The availability of your crisis-specific details depends on the given situation. Some emergencies will have a public contact list. Others will be “secured” where only verified users can access the contact lists. Besides that, some contact lists may be curated by one of our Information Management Officers and be only visible to users that got accepted by the list owner or even need an invitation to be displayed. We take security seriously and will help you to stay on the cautious side. Also see: Questions about security and data privacy
We recognize that you will want to create your own contact lists and not only filter a country list by for example an organization or location. Create a list, give it whatever name you want, and start adding contacts. You can then share the list (URL) or save or print it as a PDF.
We verify Humanitarian ID users in order to make the platform as relevant, useful, and reliable as possible. Verified users can access the whole range of possibilities Humanitarian ID offers. If you want to know more see our section on: Questions about verification
You can find security related questions in the section: Questions about security and data privacy
Humanitarian ID works closely with the HumanitarianResponse.info project including leveraging their list of organizations. In order to get a new organization added, submit a simple form on their website. Additions will be available within 24-48 hours. Click here to enter your organization's details.
We will send you unobtrusive notifications of when we think that you may have left the emergency. You can also add your departure date tupon check-in to a list. This way you will receive a notification reminding you to check out. We have conducted an early investigation of the use of automatic geolocation, but found that up to 30% of UN-OCHA offices appear in the wrong geographic location given their use of satellite connectivity for Internet. Therefore, we want to make sure we get our approach right and do not make you ever feel that we are pestering you.
Since Humanitarian ID is used to manage contact lists, managers and editors are able to manually add unregistered users to a specific contact list. This action sends an email (if provided) to you suggesting you register for Humanitarian ID and thereby manage your own contact details on lists.
There are different scenarios which we expect that you may want to remove information from Humanitarian ID.
- You want to be removed from a contact list and have a registered Humanitarian ID account. In this scenario, log into Humanitarian ID and 'Check out' of the respective contact list. This action removes your details from that contact list.
- You were added to a contact list, but do not have a Humanitarian ID account. In this scenario, you were added to the contact list by a trusted administrator as they believed that it was imperative you be part of the list. The best approach here is to accept the invitation that you received by email, claim your general Humanitarian ID account, setup your profile and then modify your details on the respective contact list (or check-out to remove yourself). By claiming your account, you will be able to control your details on humanitarian contact lists.
- You have a registered Humanitarian ID account that you would like completely removed from the system. In that case, we ask that you send us an email at firstname.lastname@example.org . We will take action and confirm when the removal is complete.
During a crisis, we know that you already receive what feels like too many emails. Although you will continue to receive emails, we expect that when people use Humanitarian ID, they will be able to find the right people to contact thereby reducing the times you receive unnecessary emails. We implemented features that allow you to subscribe and unsubscribe from crises-related email groups. This will give you more power over what emails you subscribed to and are of value to you
Humanitarian ID lists can be linked to a Google Group or a Mailchimp that provide access to quick and valuable information to everyone who is in the list. If a service is attached to a list you will be asked if you want to subscribe to that service - you can also do so later on if you are not sure yet. To unsubscribe from a service you need exactly three clicks:
- Go to your Dashboard
- On the right side under 'Subscriptions' all your services are listed. Click on the three points next to the service you want to unsubscribe from.
- Hit 'Unsubscribe'
The Virtual OSOCC is intended to help early responders to collaborate and share information. Teams can specify if they plan or actually deploy. It is not intended to manage contact lists or give you control over your details in the contact list. Therefore, if you are responding to a humanitarian crisis, we encourage you to check-in on Humanitarian ID and make use of the Virtual OSOCC to share and find relevant response information (e.g. UNDAC activities, links to key documents, etc.)
We verify HID users in order to make the platform as relevant, useful, and reliable as possible. The verification process consists of a combination of manual and automated measures to ensure that Humanitarian ID users are individuals that belong to the humanitarian community.
We aim at verifying all registered users. However, this process takes time as there are almost 50,000 profiles on Humanitarian ID. We are currently developing and implementing an automated verification system based on professional affiliation that will require users to validate an email address with their organization’s domain.
A checkmark next to a user’s name or profile picture indicates that they are verified.
Manual verification is determined based on country or organizational affiliation, reviewed by:
- UN-OCHA global Information Management Officers
- Emergency-level UN-OCHA Information Management Officers
- Humanitarian cluster Information Management and cluster Officers
Automated verification: If you add (and validate) an email address that belongs to a trusted domain (example @un.org) your profile will be automatically verified. HID automates the verification for organizations that have a minimum of 10 contacts in HID, and meet certain criteria, including participating in HPC processes, or being IASC members.
If you use a primary email (login email) that belongs to one of the trusted domains, your verification will not expire. Otherwise the verification expires after one year. A week before it expires, we send you a reminder with a link to validate your email and thus keep the verification. If you do not validate the email in that week the verification mark will be removed, along with the privileges. You can get in touch with us via email@example.com to be re-verified.
Yes! If you are not yet verified, please send an email to firstname.lastname@example.org. Make sure to update your location, job title and organization in your profile first.
Unverified users have access to basic features and services, while verified users can do more. See details below.
|Features/Services||Unverified Users||Verified Users|
|Create and manage your profile||✅||✅|
|Check in and out of lists (or ask to be checked in)||✅||✅|
|Create, manage, delete your own lists||✅||✅|
|Add and remove people to your lists||✅||✅|
|View open lists||✅||✅|
|Export lists in .pdf format||✅||✅|
|Search people by email address||✅|
|View restricted lists||✅|
|Export all lists in .csv format||✅|
|Synchronize contact lists with Google spreadsheets||✅|
|Access to Wider/Ericsson wifi services in the field during emergencies||✅|
- Pick a strong password and do not give your password to someone you don't know and trust.
- Never reply to emails asking for your password.
- Make sure your email account is secure..
- Log out of Humanitarian ID when you use a computer or phone you share with other people.
- Be careful when you authorize any third-party app.
- Make the new password significantly different from other previous passwords.
- Use a sentence or phrase converted into a string of initials, numbers and symbols.
- Use non-standard word uppercasing and spelling like “uPPercasing” and “spelllllllling”.
- Don’t use common passwords like “password” “iloveyou” or “12345678”.
- Add non-obvious numbers and symbols (note: using "$" for "s" or "0" for "o" is fairly common and likely not enough of a security measure).
To change your password, simply click on the following link: https://humanitarian.id/password Alternatively, go to your profile on Humanitarian ID, click on your name, then "Preference" and "Change Password".
Updating your password every six months is a security measure. This is one of the security measures Humanitarian ID implements to comply with the UN Office of Information Communication Technology (OICT) regulations. You can avoid a forced password reset by opting for an even safer option of password security - two-factor authentication, see: What is two-factor authentication?
Two-factor authentication (2FA) is an additional security feature that allows you to make your account even safer. Here’s how it works: After you enter your password to log into Humanitarian ID (the first step), you can generate a time-limited code on your mobile phone, which you will need to enter (the second step). Unless someone knows your password and also has physical access to your phone, your account is secure.
What you need to do to enable this feature:
Go to Humanitarian ID, click on your name on the top-right corner and hit Preferences, you can then select two-factor authentication under ‘Additional Security’
After you activate two-factor verification on this page you will see a QR-code that you need to scan with your authenticator app or you do the set-up manually.
You’ll then be sent a code to your mobile authenticator app.
After you successfully activated two-factor authentication Humanitarian ID provides you with a set of recovery codes that will allow you to access your account also if you lost your phone. Please download these codes to a safe place!
You can remove the two-factor authentication feature at any point, by going to your Preferences - ‘Additional Security’ and clicking on ‘Deactivate’. However, we encourage our users to use two-factor authentication for additional account safety and to avoid resetting their password every six months!
Humanitarian ID will never ask for your password in emails, so never reply to any email asking for personal information, even if it claims to be from Humanitarian ID or UN OCHA. If you're not sure the email is from Humanitarian ID, check out How to recognize phishing email messages or links. It has tips to help you determine if an email is from a legitimate source.
Humanitarian ID is protected with multiple layers of security, including leading encryption technology like HTTPS and Transport Layer Security. We have ensured that Humanitarian ID cannot be scanned by search engines. So, your contact details will not show up in public searches. We have made it difficult for an individual user to copy a large number of emails from Humanitarian ID. Only Humanitarian ID managers and trusted partners (verified users) do have advanced abilities to export such information. All Humanitarian ID users have implicitly committed to abide by our Code of Conduct. And, finally, should you experience or suspect any abuse, kindly report it to email@example.com and we will investigate it promptly.
As an individual you can decide yourself how much information you put into your profile. No field is mandatory - though obviously to make the best use out of Humanitarian ID, you provide as much information as you feel comfortable with. In addition, you do have the option to share certain information (like your email address or your phone number) with specific people only - this feature is called “My Connections”. If you want to create lists yourself, you can do so, deciding yourself on who should be able to see and/or join your self-created contact list. (Link to YouTube Video) Lastly, some lists are ‘locked’ and only visible to users who have been verified by our administrators (i.e. OCHA’s and clusters’ information management officers). If you are not a verified user yet, contact your local information management officer or contact us at firstname.lastname@example.org .
More technical security measures we have taken:
- User authentication takes place via OpenID Connect, which provides a secure way for an authentication service to confirm a successful user sign in action to client applications.
- Client applications (e.g. HumanitarianResponse.info) sign all requests to the Node.js web services (using an API key and secret issued by service).
- User-to-service, user-to-client application, client application-to-service, and service-to-service connections are encrypted using SSL.
- API keys and secrets can be expired and reissued.
- Users are protected against CSRF attacks on the authentication service using the Node.js express-csurf middleware.
- Users are protected against CSRF attacks on the HumanitarianResponse.info site and Humanitarian ID app using Drupal’s form system and AngularJS’s XSRF-TOKEN approach.
This information is also downloadable in pdf.
We promise that we will:
- take all precautions and actions possible to ensure that your data forever remains safe and secure. In more dangerous crises, we will apply additional security and only allow users who are verified by an administrator to access contact information;
- never share your data with people who are not checked into your crisis. When authorized, all profile information (including name, group, phone number, email address, photo, and any location or additional information that you provide) is visible to other people who are checked into the same crisis;
- never share your password;
- never publish any data that you do not explicitly provide;
- never sell your data;
- encrypt all connections through the use of SSL. This security will apply to User-to-service, user-to-client application, client application-to-service, and service-to-service connections;
- require your authorization to third-party websites to access H.ID on your behalf to enable authentication on their website;
The Humanitarian ID solution has been created and is maintained by the United Nations Office for the Coordination of Humanitarian Affairs (OCHA). OCHA freely provides the solution to the humanitarian community.
The system currently has three levels of management:
- Global administration which is managed by UN-OCHA in Geneva, Switzerland and New York City, USA.
- Country-level administration which is managed by UN-OCHA in the respective country. If UN-OCHA is not present, trusted partners can take on this role.
- Country-level editors are key, trusted members within humanitarian clusters/sectors who have the ability to edit user profiles and check-out responders who have left (but not checked-out themselves).
We also provide an organization-level management role where focal points can modify any checked-in responders related to their respective organization.
We saw two major problems with using the major (privately-owned) authentication services: 1) they are privately owned and we had no control over the data you would provide them, and 2) not everyone uses one of these given platforms. We wanted to provide a completely independent, non-commercial solution that has you at the heart - not a private company. Plus, we are concerned about how your data is used.
The Humanitarian ID authentication mechanism is already the single authentication mechanism for the Online Project System (OPS), HumanitarianResponse.info, the IASC website, ReliefWeb, ACAPS, Grant Management System (GMS) and over 20 other platforms from cluster websites to other partners in the humanitarian community. We will be adding other websites on a constant basis. Also will you be able to access the Emergency Telecom Cluster (ETC) Wireless LAN in Disaster and Emergency Response (Wider) communication system which gives you free access to internet if you are a verified user in Humanitarian ID!
Send us an email and we will be in touch. email@example.com.
Yes! Humanitarian ID has been “open” from the very beginning. If you would like to contribute a feature (or extend) the solution, feel free to get in touch at firstname.lastname@example.org.