Last modified 3 years ago Last modified on 03/23/21 16:37:18

UA IAM / Index

Authentication Authorization & SSO:
: Links to Services using UA IdP Login

: UA Attribute Release Policy
: UA InCommon Operational Practices
: Service Account Request Form

: Overview Presentation
: Shibboleth User Demo

UA Enterprise Online Directory ("People"):
About Online Directory
People: Web interface to UA AD

Security & Privacy:
: About Log out: SP vs. SSO
: Web Login/Logout Security
: 2-factor authentication
: Duo device enrollment for UA
: YubiKey for 2-factor authentication
: IAMwikiSPLogout
: Manage InCommon certificates

Configuration and Version Management
:Chef System Configuration & Build
:GitHub Version Control

IAM Projects:
: Services using UA IdP Login
: Projects - Full Listing
: Banner BEIS & ID Management
: ZUAUSR Management
: Enterprise LDAP
: Grouper (RBAC)
: People (Directory search)
: Radius & EDUROAM
: Shibboleth (SAML-2.0)
: K20 Federation ppt or pdf

Info for OIT (authN required):
: Services using UA IdP Login
: IamServiceListing|Service Listing
: IAM Project Hosts

Identity and Access Management Services (IAM) exists to enhance and simplify users' secure access to information resources to which their roles authorize them.

IAM consolidates responsibility for the University of Alaska's

  • system-wide digital identities (identifiers, passwords or other tokens used to gain access to resources) and central password store
  • enterprise directory and registry (authoritative repository of identities, affiliations, and other attributes pertinent to accessing resources)
  • authentication (login and identity assertion at appropriate levels of assurance)
  • secure single-sign-on (i.e., single log-in event enables access to multiple resources without exposing users' credentials via Shibboleth and other tools)
  • policy-based attribute release (assertions of institutional affiliation, roles, and other appropriate attributes)
  • role-based authorization (establishing, maintaining, and releasing to services appropriate institutional roles and attributes)
  • support for internal information service providers to protect their services with appropriate central authentication service and role-based authorization
  • inter-institutional federation (enabling access to services external to UA via mutual trust of members of InCommon or other federations)

IAM has responsibility for developing and integrating these technologies with a wide range of information service providers; will deploy and promote processes that protect individual privacy and data security and that meet emerging best practices and standards; and will collaborate with other departments to enhance and simplify users' secure access to information resources to which their roles authorize them.

Depictions of some key concepts for IAM and UA infrastructure for IAM:

While a central point of coordination of these activities, IAM of course relies upon other units for essential services; specifically, it relies on Technical Services for hosting servers and database administration, on Network Operations for data communications within UA and to external services, on Enterprise Application Services for authoritative timely data on students and employees, on Core Applications for end user web interfaces and the integation of core applications with IAM, on the Support Center for supporting users' interaction with IAM services and the management and resolution of incidents, on Training & Documentation for creating and delivering materials that make all this technology intelligible and useful to people, on the OIT Business Office to manage budget, procurement, the copy machine and a hundred details, and on the Executive Directors and Chief Technology Officer to keep us on the straight and narrow.