Identity and Access Management

Identity and Access Management (IAM) is about linking persons and systems to campus services and data resources. IAM Services are about identifying persons, their relationship(s) to the university and campus, and facilitating their access to those resources their roles and relationships require. The key components in these services are authoritative person data, user (account) services that connect people to applications and resources, authentication (you are who you say you are) and authorization (you are permitted or entitled to do these things.)

IAM services rely on trustworthy university data (Campus Solutions and HRMS records) to identify faculty, staff, students, and other campus community members and to provide information and some level of assurance that these persons are who they say they are. IAM services are influenced heavily by the content of this university “source” data and are subject to data appropriate use and security policies and procedures.

ServiceWho May Get ItFeatures

IdentiKey

(Authentication Services)

Students, faculty, staff, graduates, retirees and POIs.

Other customers including sponsored affiliates and campus participants from groups and organizations doing work with or on behalf of CU Boulder

  • Your key to online campus resources like Portal systems, email services, UCB Wireless, and CU Boulder's learning management systems.
  • An IdentiKey represents a personally identified account. It authenticates you, granting access to University of Colorado and University of Colorado Boulder computing resources according to your relationships with the university.
IdentiKey ManagerAll University of Colorado Boulder community members and affiliates with a CU Boulder IdentiKey
  • Activate your IdentiKey accounts
  • Change your password and security questions
  • Choose your display name
  • Manage your email addresses 
  • Activate non-primary accounts
Enterprise Access Management (Grouper)Faculty, staff, and student employees who have been provided access to the tool.
  • Access to automated groups, such as departments, job codes, affiliation, and description to create composite groups that can be catered to your access needs.
  • Management of Exchange Distribution Lists
Microsoft Multi-Factor Authentication  
 		Faculty, Staff, Students and Affiliates using Microsoft 365  
  • Microsoft MFA is required to log in to Microsoft 365 apps. 
Duo Multi-factor Authentication 

Faculty, Staff and Students accessing MyCUInfo or Buff Portals 

System administrators, some staff with privileged access for additional services.

  • Duo MFA is required to log in to Buff Portal and MyCUInfo.
  • OIT also requires Duo MFA for system administrators and others privileged access connecting from off-campus to critical systems.
Single Sign On (SSO)System Administrators have access to request Single Sign On for their service. Identity and Access Management can enable Microsoft Entra or Federated Identity Service (Shibboleth) for users looking to simplify access to your software as a service (SaaS) apps.

Multi-factor authentication (MFA)

Multi-factor authentication (MFA) increases account security by using multiple forms of verification to prove your identity when signing into an application. CU Boulder uses two different products for MFA to access different services: Duo MFA for access to Buff Portal and MyCUInfo, and Microsoft MFA for Microsoft 365 applications. To learn more, enroll, or troubleshoot either product, please visit the pages below. 

Duo MFA for Buff Portal and MyCUInfo

MFA for Microsoft 365

Related Policies

University human resource and student policies and practices are related to this service area. As well as, administrative Policies and campus policies related to information technology, particularly security and appropriate use policies.