Identity & Access Management

This document serves as a hub of information about UW-Madison Identity & Access Management, authentication, authorization, the NetID credential, and resources for application administrators.

What is Identity & Access Management?

Identity & Access Management ("IAM") is the process of enabling the right individuals to access the right resources at the right times and for the right reasons. UW-Madison IT resources often contain sensitive data, such as personal information or university research, making good IAM practices and decisions very important. At a high level, managing access to these resources is primarily accomplished via Authentication and Authorization.

Authentication is the process of asserting one's identity. This is done by leveraging one or more of the following three factors:

  • Something you Know - most commonly, a username and password (aka "credentials"). This could also refer to Security Questions, an account number, or a PIN number.
  • Something you Have - physical or digital possessions, including ID cards, security tokens, digital certificates, or a cell phone that can receive a security token via text message/software applications.
  • Something you Are - bio-metric identifiers, such as a fingerprint, retinal pattern, DNA sequence, or voice recognition. Currently, this is the least common authentication factor used at UW-Madison.

Authorization is the process of controlling the access rights (or "permissions") that individuals/groups have over IT resources. After an identity is proven via authentication, that individual's authorization over a particular resource determines how they can interact with it.

What do I need to know about Identity & Access Management?

Click on a section below to learn more about IAM for that population.

UW-Madison Students, Faculty, and Staff

UW-Madison Students, Faculty, and Staff

UW-Madison Students, Faculty and Staff are provided with authorization to access the resources each individual needs to study, work, research, etc. Access to these resources is determined by each individual's university affiliation, as well as university and departmental policy. If you believe you should have access to a University IT resource but you aren't sure how to access it or you receive an error message, Get Help from DoIT.

The UW-Madison NetID

All UW Students, Faculty and Staff members are provided with a NetID account. Your NetID is a unique credential that can be used to access many UW-Madison resources including Office 365 email and calendaring, MyUW, student records, payroll information, and many other systems. Some UW systems control access using methods other than NetID authentication (such as a different username/password, Active Directory, or by restricting access to a computer lab, network, or IP Address range).

Learn more about your UW-Madison NetID

Other important topics regarding Access Management



UW-Madison Application Administrators

UW-Madison Application Administrators

As administrator of UW-Madison IT resources, you are responsible for managing authentication and authorization to these resources. The following tools are available to you to facilitate this.


The UW-Madison NetID Login Service

The NetID Login Service can be used to manage application authentication via the Shibboleth Single Sign-On service.

Overview

Configuration

The Manifest NetID-Grouping Service

The Manifest NetID-grouping service can be used to assist with application authorization by using custom or data-driven NetID groups.


Identity Data Integration requests

Identity Data Integration ("IDI") is available for applications with a specific need for information about UW Madison students, faculty or staff.

More information about IDI requests is available here. If you are developing an application that will require UW affiliate identity data, begin by filling out the Identity Data Integration Request Form available on this page.



Keywordsiam ams netid login service authenticate authorize authentication authorization user name username password credential permission shibboleth shib webiso access denied cads active directory wiscfed wisconsin federation   Doc ID58733
OwnerMST SupportGroupIdentity and Access Management
Created2015-12-04 16:05:07Updated2022-06-09 11:36:19
SitesDoIT Help Desk, Identity and Access Management
Feedback  1   0