Rationale for Identity Management and Background

Once the infrastructure program is fully implemented, a single account will provide staff and students with the correct access to core University on-line resources automatically.   An overview of how authentication to the various systems inter-relates can be found here.

For staff employed before 16 April 2007, access to a few online services continues to be via their previous username (eg fsmith01). 

Why are the changes necessary

The University of Adelaide currently relies upon several different electronic directories into which staff and student information is entered numerous times to provide access to a range of on-line services.  Every time a new member of staff is employed, or a student registers, similar information about that person has to be entered into multiple directories to give them access to a range of online systems. The reverse is true when staff and/or students leave, the same information has to be removed from multiple systems to revoke access

The current account management system does not cater for contractors or visitors.  Our current processes largely rely on a paper trail of requests, amendments or cancellation of services and unsurprisingly access, privileges and access revocation does not occur in a controlled and timely manner. In addition, every time an element of an identity changes—for example, name, location, job title - IT staff must update all systems.

This unnecessary administrative overhead not only incurs internal hidden costs but also exposes security risks where access to vital, and sometimes confidential, University information remains accessible to previous employees after they have left the University’s employment.

Once the Identity Management Project is fully implemented it will grant immediate access to core on-line services upon successful enrolment or employment and will provide the same username and password for accessing most online services.  It will also be able to revoke such access following well defined rules when staff and students cease their relationship with the University.

This project will bring staff access to online services into line with the processes already successfully implemented for students.

Staff who are also Students

Staff members, who are also students, now have a combined IT account and access to online services.

What is an Identity Management Solution

An Identity Management Solution (IMS) entails the implementation of a master authentication system (Metadirectory) that enables a once only creation of a system user and then, based on a series of business rules, creates that user with the same user identification (id) and password in a number of authentication systems or applications with inbuilt authentication.

The IMS then enables management of each user on an ongoing basis, ensuring changes made to that user via a single management source; continue to flow through to all other interconnected centrally provided authentication systems and application systems.

Users can change some of their details, for example their password, via a common password portal, which feeds the Metadirectory and flows through to other systems.

The CSC IT Architecture Review identified that an IMS would bring significant business and IT benefits to the University, and recommended that the implementation using Novell Nsure as the Metadirectory product would best meet the needs of the University.

The definitive source for people will be the University’s Peoplesoft system.

This implementation of IMS also requires the removal of duplicate staff and student authentication systems, combining these into ‘people’ authentication systems. Those people who exist currently as more than one entity i.e.; staff member and a student, will have their user id’s combined to form a single ‘person’ id.