Project Type: Enhance Identity and Access Management

Microsoft is moving to a more secure method of authentication that changes “Push” notifications. The new process for logging into Microsoft 365 gives you an auto-generated number to type into your device. Microsoft doesn’t have an exact switchover date, but the purpose of this project is to get campus ready before Microsoft acts. Pilot groups are currently testing the system. (“Number matching” means that when users go through an MFA Authentication, they see a number… Read More about Microsoft M365 Number Matching for MFA.

This project will create a new user interface for managing email addresses and aliases. This interface will let campus users choose which UNC-based email address they want as their primary. When individuals create an email address or alias, the interface will prevent them from duplicating an existing Onyen-based email address or previously claimed alias. This change is a step toward having a single authoritative source for all email tenants and remediates the persistent confusion among… Read More about Central Email Registry with midPoint – Phase 1.

The project’s purpose is to determine the policy for deprovisioning WebAuthn registrations when people lose affiliation with the University, and then implement a technical solution to perform deprovisioning according to that policy. The policy will also identify how often WebAuthn registrations will expire. Project implementation will enable the Carolina Key project to roll out to the entire campus. If we do not complete this project, Carolina Key will remain in a pilot phase, and there… Read More about WebAuthn Deprovisioning with midPoint.

Enterprise Applications began an initiative in January 2022 to solicit feedback from campus users, central offices, Access Request Coordinators (ARCs) and others to understand the pain points experienced in the current Access Request Process and Tool. Analysis of the feedback informed our next steps to focus on two major areas of effort during 2022 and 2023: 1) Short-term adjustments to current environment – There are several items that will provide some immediate benefit for the… Read More about Access Request Re-Engineering.

The ITS Identity Management team receives frequent requests from groups around campus for centralized and automated provisioning and de-provisioning of user accounts. User provisioning and deprovisioning involve the process of creating, updating and deleting user accounts in multiple applications and systems. We currently use a home-grown utility known as IMPROV for this purpose, but it only provisions Onyens and Guest IDs. It does not provision for other forms of accounts. IMPROV also does not do… Read More about Onyen Deprovisioning in midPoint.