This introduction to ITS Identity Management (IdM) launches a Getting to Know series. IdM provides and maintains services that are foundational to operations at UNC-Chapel Hill.
What does Identity Management do?
Identity Management gathers information about a person that is a coherent picture of the various roles that he or she may have within the UNC-Chapel Hill data-source systems, such as student and biodemographical information from Campus Solutions and employment information from the Human Capital Management (HCM) and UNC Health Care systems.
These attributes are combined into a unified view of a person, and presented in the form of directory information in both the Online Directory and the campus Lightweight Directory Access Protocol (LDAP) system. This data can then be used by various applications around campus to provide access to websites and data repositories.
“Say you know you need to call someone, but you don’t know the person’s phone number,” said Celeste Copeland, Identity Management Manager. “LDAP is the system behind the University’s directory, dir.unc.edu. LDAP enables you to look up that phone number in the directory. Also, when you type a name in your email client and the person’s email address pops up, LDAP is what enabled you to perform that search. It’s a way to access data that is rapid to look up.”
Other Identity Management responsibilities include providing secure authentication systems for use by these applications and authorization information for applications to use to decide what kind of access to give to each user.
If your application is only accessible to staff and not faculty or students, for example, the system can provide information that determines whether someone get access.
“Your app can make a decision who to let in,” Copeland said.
Identity Management also is responsible for providing provisioning and deprovisioning solutions to ensure that users are able to access what they need as soon as they join the campus community, and that it is securely removed upon leaving.
“The ideal is when someone arrives on campus, they would automatically be given access to do their job or take classes,” Copeland said. “But soon after they left, those things would be removed that they should no longer have access to.”
What are the main services that Identity Management provides?
- Onyen and Guest ID authentication, registration, password management and administration
- Online Directory and Online Directory Update
- Lightweight Directory Access Protocol (LDAP) with identity data
- Grouper groups management for authorization
- Web Single Sign-On with Shibboleth (SAML 2 based)
- Duo 2-Step Verification registration, and since March 17, also part of Single Sign-On
- Subscribe to Services for Research Computing access
- Kerberos authentication for qualified systems
- Person Services for access to Campus Solutions data