Identity and Access Management

Identity and Access Management (IAM) is about linking persons and systems to campus services and data resources. IAM Services are about identifying persons, their relationship(s) to the university and campus, and facilitating their access to those resources their roles and relationships require. The key components in these services are authoritative person data, user (account) services that connect people to applications and resources, authentication (you are who you say you are) and authorization (you are permitted or entitled to do these things.)

IAM services rely on trustworthy university data (Campus Solutions and HRMS records) to identify faculty, staff, students, and other campus community members and to provide information and some level of assurance that these persons are who they say they are. IAM services are influenced heavily by the content of this university “source” data and are subject to data appropriate use and security policies and procedures.

Service Who May Get It Features

IdentiKey

(Authentication Services)

Students, faculty, staff, graduates, retirees and POIs.

Other customers including sponsored affiliates and campus participants from groups and organizations doing work with or on behalf of CU Boulder
  • Your key to online campus resources like Portal systems, email services, UCB Wireless, and CU Boulder's learning management systems.
  • An IdentiKey represents a personally identified account. It authenticates you, granting access to University of Colorado and University of Colorado Boulder computing resources according to your relationships with the university.
IdentiKey Manager All University of Colorado Boulder community members and affiliates with a CU Boulder IdentiKey
  • Activate your IdentiKey accounts
  • Change your password and security questions
  • Choose your display name
  • Manage your email addresses 
  • Activate non-primary accounts
Federated Identity Service Access to federated sites is defined by the service providers.
  • Provides a single sign-on session for all services that are using Federated Identity Service.
Enterprise Access Management (Grouper) Faculty, staff, and student employees who have been provided access to the tool.
  • Access to automated groups, such as departments, job codes, affiliation, and description to create composite groups that can be catered to your access needs.
  • Management of Exchange Distribution Lists
Multi-Factor Authentication  
 		 Faculty, Staff, Students and Affiliates using Office 365  
  • Multi-factor authentication (MFA) is required to log in to Office 365.
  • MFA increases account security by using multiple forms of verification to prove your identity when signing into an application.
Duo Multi-Factor Remote Authentication  System administrators, some staff with privileged access.
  • For systems OIT manages, we require multi-factor authentication when OIT system administrators and those who have other privileged access are connecting from off-campus to critical systems (including office desktops).

Related Policies

University human resource and student policies and practices are related to this service area. As well as, administrative Policies and campus policies related to information technology, particularly security and appropriate use policies.