banner with title FAQs

Questions about HID Contacts Service decommissioning

Questions about contacts

Questions about verification

Questions about security and data privacy

Questions about the system (more technical)

Questions about HID Contacts Service decommissioning

What is being decommissioned? And what are the differences between the HID contacts and authentication services?

HID was built as a combination of two services, one semi-public database for contact management (the website) and a larger non-public database supporting the authentication (login) service. The login service is used across 18 OCHA and 12 partner platforms. The contact management aspect of HID will be decommissioned in Jan 2021.  The authentication service will continue to be supported and will be upgraded during 2020. If you are the manager of a platform using the HID Authentication service we will be in touch with you in the coming weeks.

How will partner organizations be affected by these changes?

Logins: Nothing will change for organizations who use a HID login to access HPC.tools, GMS and all other integrated platforms.

Contacts: Organizations and field offices  that use HID for contact or list management will no longer be able to do this after the platform is decommissioned in Jan 2021. We would recommend that between now and January 2021 partner organizations export all their required contact data from Humanitarian ID.

Can I continue using HID until the decommissioning date in Jan. 2021?

HID global managers and all users can continue using HID for contact management whilst the platform remains live, although there will no longer be updates or bug fixes during this time.  We would recommend that between now and January 2021 you export all your required contact data from Humanitarian ID. You can export this in either csv or pdf format.

What will happen to profiles on HID?

Profiles within the Humanitarian ID site will no longer be public from January 2021.  They will continue to exist in a private database that will store information necessary for the authentication (login) service. All users will be able to access their own account information within this private database, while the whole database will be accessible only to administrators. All users with an HID account will continue to be able to use their account to login to the integrated platforms.

Will profiles lose their verification?

As Humanitarian ID moves to a non-public database, profile verification will become an automatic process based on email domains.  Any profiles that have a trusted organization email address attached to them will automatically remain verified, profiles that use public emails such as HOTMAIL or GMAIL will no longer be verified.

What will happen to my Global Manager role?

Your role will remain active until the HID platform is decommissioned in Jan 2021 and you will be able to keep performing all tasks as usual. 

As Global Manager, should I continue to verify users?

You can continue verifying users manually until HID contacts service is decommissioned in Jan 2021, however in the future profile verification will become an automated function based on email domains only. This will reduce the time required from global managers and support staff to maintain the platform.

As Global Manager, should I continue to tell partner organizations to register on HID?

Only if they need an HID account to access one of the integrated platforms

What will happen to contact lists with Mailchimp attached to them?

Existing MailChimp lists and contacts within them will remain unaffected. After Jan 2021 users will not be able to subscribe to MailChimp lists via Humanitarian ID. From that point new subscriptions will have to be managed through the MailChimp provided subscription forms.

What will happen to contact lists with Google Groups attached to them?

Existing Google Groups and contacts within them will remain unaffected.  After Jan 2021 users will no longer be able to subscribe to Google Groups via  HID. New subscriptions will then have to be managed through the Google Group provided subscription methods. If you need assistance with managing your Google Groups, please reach out to us at info@humanitarian.id . We will keep providing G Suite accounts (which include email addresses and google groups) to OCHA field offices and clusters.

Will the HID team continue providing support to HID users?

Yes. Until the decommissioning of the platform we will continue to provide regular support to users. Users can continue to reach the support team at info@humanitarian.id . Support specific to the authentication service will continue beyond Jan 2021.

Questions about contacts

Can I invite people to join?

Yes, of course. Obviously we ask that they are involved in humanitarian response or would be during a humanitarian crises. Simply send them a message with a link to our website – https://humanitarian.id – and encourage them to register and check in.

Can anyone find my information?

Your profile is publicly discoverable, but you control what information you share. The availability of your crisis-specific details depends on the given situation. Some emergencies will have a public contact list. Others will be “secured” where only verified users can access the contact lists. Besides that, some contact lists may be curated by one of our Information Management Officers and be only visible to users that got accepted by the list owner or even need an invitation to be displayed. We take security seriously and will help you to stay on the cautious side. Also see: Questions about security and data privacy

Is there a way to create my own contact lists?

We recognize that you will want to create your own contact lists and not only filter a country list by for example an organization or location. Create a list, give it whatever name you want, and start adding contacts. You can then share the list (URL) or save or print it as a PDF.

What is verification and how do I get verified?

We verify Humanitarian ID users in order to make the platform as relevant, useful, and reliable as possible. Verified users can access the whole range of possibilities Humanitarian ID offers. If you want to know more see our section on: Questions about verification

What measures has HID put in place for insecure environments?

You can find security related questions in the section: Questions about security and data privacy

My organization is missing. How can it be added?

Humanitarian ID works closely with the HumanitarianResponse.info project including leveraging their list of organizations. In order to get a new organization added, submit a simple form on their website. Additions will be available within 24-48 hours. Click here to enter your organization's details.

Can the system check me out automatically?

We will send you unobtrusive notifications of when we think that you may have left the emergency. You can also add your departure date upon check-in to a list. This way you will receive a notification reminding you to check out. We have conducted an early investigation of the use of automatic geolocation, but found that up to 30% of UNOCHA offices appear in the wrong geographic location given their use of satellite connectivity for Internet. Therefore, we want to make sure we get our approach right and do not make you ever feel that we are pestering you.

How are my contact details on Humanitarian ID if I did not register?

Since Humanitarian ID is used to manage contact lists, managers and editors are able to manually add unregistered users to a specific contact list. This action sends an email (if provided) to you suggesting you register for Humanitarian ID and thereby manage your own contact details on lists.

How do I remove my information from Humanitarian ID?

There are different scenarios which we expect that you may want to remove information from Humanitarian ID.

  1. You want to be removed from a contact list and have a registered Humanitarian ID account. In this scenario, log into Humanitarian ID and 'Check out' of the respective contact list. This action removes your details from that contact list.
  2. You were added to a contact list, but do not have a Humanitarian ID account. In this scenario, you were added to the contact list by a trusted administrator as they believed that it was imperative you be part of the list. The best approach here is to accept the invitation that you received by email, claim your general Humanitarian ID account, setup your profile and then modify your details on the respective contact list (or check-out to remove yourself). By claiming your account, you will be able to control your details on humanitarian contact lists.
  3. You have a registered Humanitarian ID account that you would like completely removed from the system. In that case, we ask that you send us an email at info@humanitarian.id . We will take action and confirm when the removal is complete. You can also delete your account by clicking on your name and hit 'Preferences', under the section 'Settings' you'll find an option to delete your account.

Will this mean even more email?

During a crisis, we know that you already receive what feels like too many emails. Although you will continue to receive emails, we expect that when people use Humanitarian ID, they will be able to find the right people to contact thereby reducing the times you receive unnecessary emails. We implemented features that allow you to subscribe and unsubscribe from crises-related email groups. This will give you more power over what emails you subscribed to and are of value to you.

What are services in Humanitarian ID?

Humanitarian ID lists can be linked to a Google Group or a Mailchimp that provide access to quick and valuable information to everyone who is in the list. If a service is attached to a list you will be asked if you want to subscribe to that service - you can also do so later on if you are not sure yet. To unsubscribe from a service you need exactly three clicks:

  1. Go to your Dashboard
  2. On the right side under 'Subscriptions' all your services are listed. Click on the three points next to the service you want to unsubscribe from.
  3. Hit 'Unsubscribe'

Do I still use Virtual OSOCC?

The Virtual OSOCC is intended to help early responders to collaborate and share information. Teams can specify if they plan or actually deploy. It is not intended to manage contact lists or give you control over your details in the contact list. Therefore, if you are responding to a humanitarian crisis, we encourage you to check-in on Humanitarian ID and make use of the Virtual OSOCC to share and find relevant response information (e.g. UNDAC activities, links to key documents, etc.)

Questions about verification

How can I tell if a user is verified?

A checkmark next to a user’s name or profile picture indicates that they are verified.

Why does Humanitarian ID verify users?

We verify HID users in order to make the platform as relevant, useful, and reliable as possible. The verification process consists of a combination of manual and automated measures to ensure that Humanitarian ID users are individuals that belong to the humanitarian community.

How does Humanitarian ID verify users?

Verification is determined based on organizational affiliation. If you add (and validate) an email address that belongs to domain already trusted (example @un.org) your profile will be automatically verified. HID automates the verification for organizations that meet certain criteria, including participating in HPC processes, or being IASC members.

Can I request to get verified?

If you are not yet verified, please send an email to info@humanitarian.id. Make sure to add (and validate) an official email address that belongs to your organization (example @your-organization.org) first.

How to remain verified?

If you use a primary email (login email) that belongs to one of the trusted domains, your verification will not expire. Otherwise the verification expires after one year. A week before it expires, we send you a reminder email, simply update your profile information and answer back to us and thus keep the verification. If you do not reply to the email in one week the verification mark will be removed, along with the privileges. You can get in touch with us via info@humanitarian.id to be re-verified.

What can unverified and verified users do?

Verification is not required to access most of the HID partner platforms.

On Humanitarian ID, while unverified users have access to most features and services, verified users can do more. See details below.

Features/Services Unverified Users Verified Users
Create and manage your profile
Check in and out of lists (or ask to be checked in)
Find people
Create, manage, delete your own lists
Add and remove people to your lists
View open lists
Export lists in .pdf format
Search people by email address  
View restricted lists  
Export all lists in .csv format  
Synchronize contact lists with Google spreadsheets  
Access to Wider/Ericsson wifi services in the field during emergencies  

Questions about security and data privacy

How can I keep my account safe?

  1. Pick a strong password and do not give your password to someone you don't know and trust.
  2. Never reply to emails asking for your password.
  3. Make sure your email account is secure.
  4. Log out of Humanitarian ID when you use a computer or phone you share with other people.
  5. Be careful when you authorize any third-party app.

How to choose a secure password?

  1. Make the new password significantly different from other previous passwords.
  2. Use a sentence or phrase converted into a string of initials, numbers and symbols.
  3. Use non-standard word uppercasing and spelling like “uPPercasing” and “spelllllllling”.
  4. Don’t use common passwords like “password” “iloveyou” or “12345678”.
  5. Add non-obvious numbers and symbols (note: using "$" for "s" or "0" for "o" is fairly common and likely not enough of a security measure).

How can I change my password?

To change your password, simply click on the following link: https://humanitarian.id/password Alternatively, go to your profile on Humanitarian ID, click on your name, then "Preference" and "Change Password".

Why do I need to update my password every six months?

Updating your password every six months is a security measure. This is one of the security measures Humanitarian ID implements to comply with the UN Office of Information Communication Technology (OICT) regulations. You can avoid a forced password reset by opting for an even safer option of password security - two-factor authentication, see: What is two-factor authentication?

What is two-factor authentication?

Two-factor authentication (2FA) is an additional security feature that allows you to make your account even safer. Here’s how it works: After you enter your password to log into Humanitarian ID (the first step), you can generate a time-limited code on your mobile phone, which you will need to enter (the second step). Unless someone knows your password and also has physical access to your phone, your account is secure.

How do I activate two-factor authentication?

What you need to do to enable this feature:

  • First you will need to download an authenticator app (e.g. the Google Authenticator – Play Store, App Store).

  • Go to Humanitarian ID, click on your name on the top-right corner and hit Preferences, you can then select two-factor authentication under ‘Additional Security’

  • After you activate two-factor verification on this page you will see a QR-code that you need to scan with your authenticator app or you do the set-up manually.

  • You’ll then be sent a code to your mobile authenticator app.

After you successfully activated two-factor authentication Humanitarian ID provides you with a set of recovery codes that will allow you to access your account also if you lost your phone. Please download these codes to a safe place!

Can I switch off the two-factor authentication?

You can remove the two-factor authentication feature at any point, by going to your Preferences - ‘Additional Security’ and clicking on ‘Deactivate’. However, we encourage our users to use two-factor authentication for additional account safety and to avoid resetting their password every six months!

Should I reply to emails asking for my personal information?

Humanitarian ID will never ask for your password in emails, so never reply to any email asking for personal information, even if it claims to be from Humanitarian ID or UNOCHA. If you're not sure the email is from Humanitarian ID, check out How to recognize phishing email messages or links. It has tips to help you determine if an email is from a legitimate source.

How does Humanitarian ID keep my data secure?

Humanitarian ID is protected with multiple layers of security, including leading encryption technology like HTTPS and Transport Layer Security. We have ensured that Humanitarian ID cannot be scanned by search engines. So, your contact details will not show up in public searches. We have made it difficult for an individual user to copy a large number of emails from Humanitarian ID. Only Humanitarian ID managers and trusted partners (verified users) do have advanced abilities to export such information. All Humanitarian ID users have implicitly committed to abide by our Code of Conduct. And, finally, should you experience or suspect any abuse, kindly report it to info@humanitarian.id and we will investigate it promptly.

What features does Humanitarian ID have that help me control my information?

As an individual you can decide yourself how much information you put into your profile. No field is mandatory - though obviously to make the best use out of Humanitarian ID, you provide as much information as you feel comfortable with. In addition, you do have the option to share certain information (like your email address or your phone number) with specific people only - this feature is called “My Connections”. If you want to create lists yourself, you can do so, deciding yourself on who should be able to see and/or join your self-created contact list (Youtube Tutorial). Lastly, some lists are ‘locked’ and only visible to users who have been verified by our administrators (i.e. OCHA’s and clusters’ information management officers). If you are not a verified user yet, contact your local information management officer or contact us at info@humanitarian.id.

Is my information secure?

More technical security measures we have taken:

  • User authentication takes place via OpenID Connect, which provides a secure way for an authentication service to confirm a successful user sign in action to client applications.
  • Client applications (e.g. HumanitarianResponse.info) sign all requests to the Node.js web services (using client IDs and secrets issued by service).
  • User-to-service, user-to-client application, client application-to-service, and service-to-service connections are encrypted using SSL.
  • API keys and secrets can be expired and reissued.
  • Users are protected against CSRF attacks on the authentication service using the Node.js package hapi/crumb.
  • Users are protected against CSRF attacks on the HumanitarianResponse.info site and Humanitarian ID app using Drupal’s form system and AngularJS’s XSRF-TOKEN approach.
  • Users can enable Multi-Factor-Authentication as an additional layer of security.

This information is also downloadable in pdf.

What will you do with my data?

We promise that we will:

  1. take all precautions and actions possible to ensure that your data forever remains safe and secure. In more dangerous crises, we will apply additional security and only allow users who are verified by an administrator to access contact information;
  2. never share your data with people outside Humanitarian ID if you not explicitly consent (e.g. partner websites using our authentication service, see point 7). When authorized, all profile information (including name, group, phone number, email address, photo, and any location or additional information that you provide) is visible to other people on Humanitarian ID;
  3. never share your password;
  4. never publish any data that you do not explicitly provide;
  5. never sell your data;
  6. encrypt all connections through the use of SSL. This security will apply to User-to-service, user-to-client application, client application-to-service, and service-to-service connections;
  7. require your authorization to third-party websites to access HID on your behalf to enable authentication on their website;

Questions about the system (more technical)

Who owns and runs Humanitarian ID?

The Humanitarian ID solution has been created and is maintained by the United Nations Office for the Coordination of Humanitarian Affairs (UNOCHA). OCHA freely provides the solution to the humanitarian community. The full Terms of Service for Humanitarian ID users can be found here.

Who manages Humanitarian ID everywhere?

The system currently has three levels of management:

  1. Global administration which is managed by UNOCHA in Geneva, Switzerland and New York City, USA.
  2. Country-level administration which is managed by UNOCHA in the respective country. If UNOCHA is not present, trusted partners can take on this role.
  3. Country-level editors are key, trusted members within humanitarian clusters/sectors who have the ability to edit user profiles and check-out responders who have left (but not checked-out themselves).

We also provide an organization-level management role where focal points can modify any checked-in responders related to their respective organization.

Is there an app in the Apple App store or Google Play store?

Yes, please download our app in Google Play or the Apple App Store. Enjoy!

Why not just use Google, Facebook or Twitter for central authentication?

We saw two major problems with using the dominant (privately-owned) authentication services: 1) they are privately owned and we had no control over the data you would provide them, and 2) not everyone uses one of these given platforms. We wanted to provide a completely independent, non-commercial solution that has you at the heart - not a private company. Plus, we are concerned about how your data is used.

Can I sign into other sites with my Humanitarian ID?

The Humanitarian ID authentication mechanism is already the authentication mechanism for the Grant Management System (GMS), ReliefWeb, HumanitarianResponse.info, HPC Projects Module, Humanitarian InSight, the IASC website and over 20 other platforms from cluster websites to further partners in the humanitarian community. We will be adding more websites on a constant basis, you can find our partners here. Also you're able to access the Emergency Telecom Cluster (ETC) Wireless LAN in Disaster and Emergency Response (Wider) communication system which gives you free access to internet if you are a verified user in Humanitarian ID!

How do I integrate Humanitarian ID into my website?

In our Developers section you'll find the latest Documentation on authentication and our API as well as our Github wiki. Once you had a first look, send us an email and we will be in touch: info@humanitarian.id.

Can I build a feature for Humanitarian ID?

Yes! Humanitarian ID has been “open” from the very beginning. If you would like to contribute a feature (or extend) the solution, feel free to get in touch at info@humanitarian.id.

On which websites can I use my Humanitarian ID to login?

Humanitarian ID Partners