== [[/| UA IAM]] / Index == {{{#!td style="vertical-align: top; width: 250px" Authentication Authorization & SSO: : [[IamUaArp|UA Attribute Release Policy]][[BR]] : [[UAInCPOP.html|UA InCommon Operational Practices]][[BR]] : [[ResourceAccountForm|Service Account Request Form]] : [[attachment:overview.pdf|Overview Presentation]][[BR]] : [[http://shibboleth.internet2.edu/demo/shib_demo.html|Shibboleth User Demo]][[BR]] ---- UA Enterprise Online Directory ("EDIR"): [[br]] [[http://www.alaska.edu/oit/services/enterprise-directory/edir-help/#aboutEdir|About EDIR Online Directory]] [[br]] [[https://people.alaska.edu|People: Web interface to EDIR]] [[http://www.alaska.edu/files/oit/services/UpdateYourRecordsAug2011.pdf|Update your EDIR directory record]] [[br]] [[https://edir.alaska.edu/cgi-bin/ldap_update_help#origin|Data elements in EDIR]] [[br]] [[https://edir.alaska.edu/cgi-bin/ldap_update_help|Access Control to EDIR Data]] [[br]] [[https://edir.alaska.edu/cgi-bin/ldap_filter_help|Searching EDIR (technical help)]] [[br]] ---- Security & Privacy:[[br]] : [[SPLogout|About Log out: SP vs. SSO]] [[br]] : [[Web Login/Logout Security]] [[br]] : [[MFA|2-factor authentication]] [[br]] : [[wiki:IAMwikiSPLogout]] ---- IAM Projects:[[BR]] : [[https://iam.alaska.edu/projects|Projects - Full Listing]] [[br]] : [[https://iam.alaska.edu/beis|Banner BEIS & ID Management]][[br]] : [[https://iam.alaska.edu/casshib|CAS-Shibb integration]][[br]] : [[https://iam.alaska.edu/sunldap|Enterprise LDAP]][[br]] : [[https://iam.alaska.edu/grouper|Grouper (RBAC)]][[br]] : [[https://iam.alaska.edu/people|People (Directory search)]][[br]] : [[https://iam.alaska.edu/radius|Radius & EDUROAM]][[br]] : [[https://iam.alaska.edu/shib|Shibboleth (SAML-2.0)]][[br]] : K20 Federation [[attachment:BTOP presentation.ppt|ppt]] or [[attachment:BTOP presentation.pdf|pdf]][[br]] }}} {{{#!td Identity and Access Management Services (IAM) exists to enhance and simplify users' secure access to information resources to which their roles authorize them. IAM consolidates responsibility for the University of Alaska's * system-wide digital identities (identifiers, passwords or other tokens used to gain access to resources) and central password store * enterprise directory and registry (authoritative repository of identities, affiliations, and other attributes pertinent to accessing resources) * authentication (login and identity assertion at appropriate levels of assurance) * secure single-sign-on (i.e., single log-in event enables access to multiple resources without exposing users' credentials via Shibboleth and other tools) * policy-based attribute release (assertions of institutional affiliation, roles, and other appropriate attributes) * role-based authorization (establishing, maintaining, and releasing to services appropriate institutional roles and attributes) * support for internal information service providers to protect their services with appropriate central authentication service and role-based authorization * inter-institutional federation (enabling access to services external to UA via mutual trust of members of [[http://www.incommon.org|InCommon]] or other federations) IAM has responsibility for developing and integrating these technologies with a wide range of information service providers; will deploy and promote processes that protect individual privacy and data security and that meet emerging best practices and standards; and will collaborate with other departments to enhance and simplify users' secure access to information resources to which their roles authorize them. Depictions of some key concepts for IAM and UA infrastructure for IAM: * [[attachment:overview1.gif|Secure Privacy-Preserving Single Sign-on]] * [[attachment:overview2.gif|Coordination: IdM, Banner, Microsoft Active Directory]] * [[attachment:overview3.gif|Benefits of Trust Federation]] * [[attachment:authNauthZfed.pdf|authN methods in UA infrastructure (1 page summary table)]] * [[attachment:authNauthZfeddescrip.pdf|Description of multiple methods of authentication in UA infrastructure]] While a central point of coordination of these activities, IAM of course relies upon other units for essential services; specifically, it relies on Technical Services for hosting servers and database administration, on Network Operations for data communications within UA and to external services, on Enterprise Application Services for authoritative timely data on students and employees, on Core Applications for end user web interfaces and the integation of core applications with IAM, on the Support Center for supporting users' interaction with IAM services and the management and resolution of incidents, on Training & Documentation for creating and delivering materials that make all this technology intelligible and useful to people, on the OIT Business Office to manage budget, procurement, the copy machine and a hundred details, and on the Executive Directors and Chief Technology Officer to keep us on the straight and narrow. }}}