Latest revision as of 12:52, 17 February 2026

PIC — Quick user guide

This short guide explains how to register, confirm your account, request access to a group, and what to do after access is granted.

Follow these steps if you are a PIC user and need access to resources managed through the account Experiments page.

1) Create your PIC account

Open the PIC registration page.
Fill the registration form with your name, a PIC-acceptable username (we recommend first letter of the name + surname truncated at 8 chars), and your email.
Choose a password and submit the form.
You will receive an email with a confirmation link — click the link to activate your account.

Notes:

If you don’t receive the email, check your spam folder.
Password rules are enforced; if the site rejects your password, follow the guidance on the form.
If you have trouble with the registration form or email confirmation, contact the PIC administrators at user-support@pic.es.

2) Log in and open Account → Experiments

Log in to PIC with your new account.
Go to Account and open the Experiments page (if you used the registration link you should already be there, otherwise click here to open it).

From there, you may find a list of projects you can validate your membership in. If you are a member of any project, just click the Request Access button to start the process.

3) Request access flows

Depending on the project/experiment you have selected, one of the following flows will be triggered:

If that project has a configured IDP with us, you will be asked to log in. For example, if your are coming from a university, you may be asked to log in with your university credentials. After successful login, you will be linked to the project and granted access to the corresponding resources.
If your project does not have a configured Identity Provider (IDP), your access request must come from a sponsor. A sponsor is the person who directed you to register at PIC and request access to a specific project (e.g., a project lead, thesis advisor, or teacher). When you request access, you may be prompted to either select a sponsor from a pre-configured list or manually provide their full name and email address.

If your sponsor is in the pre-configured list, you can select them directly and submit the request.
If your sponsor is not in the list, you can enter their name and email.

4) After access is granted — try services

Disclaimer: Rigth after access is granted some services may still be unavailable for a few minutes while background scripts run and permissions are fully applied. If you encounter issues, wait a few minutes and retry before contacting support.

Once the contact or IDP approval is completed and you are a member of the group:

You should be able to access group-only web UIs and services.
You may be able to SSH to service UIs or jump hosts the PIC team provides (follow PIC-specific SSH instructions).
You can open Jupyter (or other service UIs) and run notebooks or jobs according to the permissions granted by your group.

5) Lost membership due to inactivity or offboarding

For IDP groups we periodically (or on login) verify your membership in the external IDP project.

If you are no longer a member (inactivity / removal) you will be offboarded and shown a message at login. You can then re-request access via the Experiments page.
If you encounter issues re-requesting, contact the administrators.

Grace period (only for IDPs that DO NOT grant offline access)

Some external IDPs do not allow us to request offline tokens. In that case your group may define a gracePeriodDays value.

What this means for you:

At the end of each grace period window your membership will be removed automatically and the IDP link will be cleared. You must log back into the external institution to regain membership.
During the grace period, if your institution grants you new privileges (e.g. access to new data) and you do not see them reflected in PIC, you can force a refresh by UNLINKING and re-linking the IDP account:
- Go to: Account → Account Security → Linked Accounts
- Click Unlink for the external IDP.
- Confirm (ask the contact if unsure), then link again via the Experiments page or the linking button.
- After re-linking, new privileges should appear (may take a short delay of a few minutes).

If in doubt before unlinking, ask the group’s contact person. Unlinking does not delete your PIC account but it can make you temporarily lose access to some services.

Troubleshooting & common issues

I didn’t get the confirmation email: check spam, then contact admins.
The Experiments page shows no groups: ask your admin if your account has correct attributes or if the group exists.
I requested access but nothing happened: contact the group’s contact person or the admin team; provide the request time and the group name.

– End of guide –

@@ Line 9: / Line 9: @@
 == 1) Create your PIC account ==
-# Open the PIC registration page (the site registration link provided by PIC) https://idp-test.pic.es/realms/PIC/protocol/openid-connect/auth?client_id=register&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fidp-test.pic.es%2Frealms%2FPIC%2Faccount%2Fexperiments&prompt=create
+# Open the [https://idp.pic.es/realms/PIC/protocol/openid-connect/auth?client_id=register&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fidp.pic.es%2Frealms%2FPIC%2Faccount%2Fexperiments&prompt=create PIC registration page].
-# Fill the registration form with your name, a PIC-acceptable username (we recommend first letter of the name + surname, truncate at 8 chars) and your email.
+# Fill the registration form with your name, a PIC-acceptable username (we recommend first letter of the name + surname truncated at 8 chars), and your email.
 # Choose a password and submit the form.
 # You will receive an email with a confirmation link — click the link to activate your account.
@@ Line 16: / Line 16: @@
 Notes:
-* If you don’t receive the email, check your spam folder and then contact the administrators.
+* If you don’t receive the email, check your spam folder.
-* Password rules are enforced by the realm; if the site rejects your password, follow the guidance on the form.
+* Password rules are enforced; if the site rejects your password, follow the guidance on the form.
+* If you have trouble with the registration form or email confirmation, contact the PIC administrators at [mailto:user-support@pic.es user-support@pic.es].
+[[File:Registration_form.png|500px|left]]
+<div style="clear: both"></div>
 <span id="log-in-and-open-account-experiments"></span>
 == 2) Log in and open Account → Experiments ==
 # Log in to PIC with your new account.
-# Go to <code>Account</code> and open the <code>Experiments</code> page (if you used the registration link you should already be there, else navigate to it).
+# Go to <code>Account</code> and open the <code>Experiments</code> page (if you used the registration link you should already be there, otherwise [https://idp.pic.es/realms/PIC/account/experiments click here to open it]).
+From there, you may find a list of projects you can validate your membership in. If you are a member of any project, just click the <code>Request Access</code> button to start the process.
+[[File:Experiments_page.png|500px|left]]
-What you can do here:
+<div style="clear: both"></div>
-* Link external IDPs (if offered) for automatic group membership.
+<span id="request-access-flows"></span>
-* Request access to groups that are managed manually (non-IDP groups).
+== 3) Request access flows ==
-<span id="request-access-to-a-group-manual-approval-flow"></span>
+Depending on the project/experiment you have selected, one of the following flows will be triggered:
-== 3) Request access to a group (manual approval flow) ==
-# On the Experiments page, find the group you need and click <code>Request Access</code>.
+<ol style="list-style-type: upper-alpha;">
-# Either:
+<li><p>If that project has a configured IDP with us, you will be asked to log in. For example, if your are coming from a university, you may be asked to log in with your university credentials. After successful login, you will be linked to the project and granted access to the corresponding resources.</p></li>
-#* Select a configured sponsor for the group (if available), or
+<li><p>If your project does not have a configured Identity Provider (IDP), your access request must come from a sponsor. A sponsor is the person who directed you to register at PIC and request access to a specific project (e.g., a project lead, thesis advisor, or teacher). When you request access, you may be prompted to either select a sponsor from a pre-configured list or manually provide their full name and email address.</p></li></ol>
-#* Enter sponsor name and email in the provided fields.
-# Submit the request.
-What happens next:
+* If your sponsor is in the pre-configured list, you can select them directly and submit the request.
+* If your sponsor is not in the list, you can enter their name and email.
-* If the group is backed by an external intitution, you may be asked to log in to thir page (e.g., a university login) to complete linking.
+[[File:Sponsor_input.png|500px|left]]
-* If the group uses manual approval, a signed approval email will be sent to the group’s contact person(s) or the chosen sponsor.
-* Until the request is approved, you can only use your account and public parts of services. Please do not send multiple requests for the same group while waiting for approval.
+<div style="clear: both"></div>
+[[File:Sponsor_modal.png|500px|left]]
+<div style="clear: both"></div>
 <span id="after-access-is-granted-try-services"></span>
+== 4) After access is granted — try services ==
-== 4) After access is granted — try services ==
+Disclaimer: Rigth after access is granted some services may still be unavailable for a few minutes while background scripts run and permissions are fully applied. If you encounter issues, wait a few minutes and retry before contacting support.
 Once the contact or IDP approval is completed and you are a member of the group:
@@ Line 56: / Line 68: @@
 * You can open Jupyter (or other service UIs) and run notebooks or jobs according to the permissions granted by your group.
-If a resource still seems unavailable after membership is granted, wait a few minutes (background scripts may run) and retry. If the problem persists, contact the administrators with:
+<span id="lost-membership-due-to-inactivity-or-offboarding"></span>
+== 5) Lost membership due to inactivity or offboarding ==
+[[File:Lost Membership.png|500px|left]]
+<div style="clear: both"></div>
-* Your username
+For IDP groups we periodically (or on login) verify your membership in the external IDP project.
-* The group name
-* A short description of the problem
-<span id="lost-membership-due-to-inactivity-or-offboarding"></span>
+* If you are no longer a member (inactivity / removal) you will be offboarded and shown a message at login. You can then re-request access via the Experiments page.
-== 5) Lost membership due to inactivity or offboarding ==
+* If you encounter issues re-requesting, contact the administrators.
+<span id="grace-period-only-for-idps-that-do-not-grant-offline-access"></span>
+=== Grace period (only for IDPs that DO NOT grant offline access) ===
+Some external IDPs do not allow us to request offline tokens. In that case your group may define a <code>gracePeriodDays</code> value.
+What this means for you:
-For the IDP groups, we make periodic checks to see if users are still active in the external IDP. If you lose membership due to inactivity, you can re-request access via the Experiments page. In this case you will be shown a message on login explaining the situation. In most cases, re-requesting access will restore your membership. But, if you have any issues, contact the administrators for help.
+# At the end of each grace period window your membership will be removed automatically and the IDP link will be cleared. You must log back into the external institution to regain membership.
+# During the grace period, if your institution grants you new privileges (e.g. access to new data) and you do not see them reflected in PIC, you can force a refresh by UNLINKING and re-linking the IDP account:
+#* Go to: Account → Account Security → [https://idp.pic.es/realms/PIC/account/account-security/linked-accounts Linked Accounts]
+#* Click <code>Unlink</code> for the external IDP.
+#* Confirm (ask the contact if unsure), then link again via the Experiments page or the linking button.
+#* After re-linking, new privileges should appear (may take a short delay of a few minutes).
-[[Lost Membership.png]]
+If in doubt before unlinking, ask the group’s contact person. Unlinking does not delete your PIC account but it can make you temporarily lose access to some services.
 <span id="troubleshooting-common-issues"></span>
 == Troubleshooting &amp; common issues ==

Difference between revisions of "PIC account"