UITS Identity Management Systems

Overview

"Identity management is the set of business processes, and a supporting infrastructure, that provides identity-based access control to systems and resources in accordance with established policies."
-Burton Group

The Identity Management Systems team provides technical leadership and support for identity and access solutions at Indiana University, including account management, authentication, authorization, passphrase management, and directory services. The mission is to simplify the process of obtaining and managing access to electronic resources both inside and outside the university.

Principles

  • Business process: Identity Management solutions are deeply embedded within university business processes. When new people join the IU community or when roles change, staff react immediately to enable access to new resources. Tight integration with other enterprise systems ensures that these changes happen in a timely manner.
  • Policy: Working in conjunction with the Information Security Office, staff design and implement systems to ensure that the university maintains strict compliance with all applicable laws, regulations, and policies with regard to controlling access to electronic resources.

Infrastructure

  • IU Login: Allows web applications to delegate the process of authenticating users. IU Login can authenticate users using both passphrases and OTP (One Time Password) tokens, and also provides single sign-on functionality for web applications.
  • Shibboleth: Shibboleth is a single sign-on federated identity system. Federation refers to a collection of web applications that authenticate against the same identity provider. The primary advantage of this is that this authentication is valid across all applications in the federation, so once logged into a federated service, a user is logged into all services within the federation.
  • Duo: Two-Step Login (Duo), also known as two-factor authentication, adds a second layer of security when you log into secure systems. At Indiana University, Duo adds this second layer of security.
  • Access Management System: The Access Management System allows users to centrally manage access to most enterprise systems. Users can create initial accounts, change preferences regarding email delivery, manage their University account, and create and manage access for others (for example, conference attendees, affiliates, guests).
  • Directory Services: Identity Management uses a central metadirectory to facilitate lifecycle identity management. The metadirectory connects to all key enterprise systems and then aggregates and synchronizes identity information across all systems, including enterprise directories. This provides a consistent and accurate representation of each person within the entire organization. As data is changed in one system, it automatically updates in all other connected systems.

Future research

  • Role-based access management

Contact Identity Management Systems

If you are having problems with your IU accounts, contact your campus Support Center.

For emergencies with production systems at any time of day, call 812-855-9910. Provide a description of the problem and request a page.

For assistance with non-production issues, send mail to imsinfo@iu.edu.

This is document aptr in the Knowledge Base.
Last modified on 2023-07-17 14:53:20.