Identity Management Services provide these capabilities:
- Authentication - Quickly verify user identities (Who you are).
- Authorization - Control users access (What you can access).
- Administration - Manage users and the policies for controlling
user's access privileges.
Identity Management Services include:
- Person Registry - New University identity system implemented
for creation and maintenance of users' electronic identities at the university and the resources they are
permitted to access.
- Single Sign-On (CAS) - A centeral authentication service (CAS) that enables a user to
be prompted to log-in only once to access multiple web applications that are integrated with CAS.
- Enterprise Directory Service (LDAP) - University repository of users and attributes for use in authentication and providing directory information. Lightweight Directory Access Protocol (LDAP) is the application protocol for querying and modifying the directory services.
- Password Repository (Kerberos) - University's main password store. When a user attempts to log into a system, their password is validated against what is stored in the Kerberos password repository.
- Authentication Token (SafeWord) - A physical device (i.e. hardware token) provided to users for use is authenticating to some University systems. This SafeWord devise (key fob) provides one-time dynamic passwords for system log in's.
Related OIT Services:
- User Identifier (NetID) - A single University wide identifier that most online services ask a user to entered along with password during log in.