This document serves as a hub of information about UW-Madison Identity & Access Management, authentication, authorization, the NetID credential, and resources for application administrators.
Identity & Access Management ("IAM") is the process of enabling the right individuals to access the right resources at the right times and for the right reasons. UW-Madison IT resources often contain sensitive data, such as personal information or university research, making good IAM practices and decisions very important. At a high level, managing access to these resources is primarily accomplished via Authentication and Authorization.
Authentication is the process of asserting one's identity. This is done by leveraging one or more of the following three factors:
Authorization is the process of controlling the access rights (or "permissions") that individuals/groups have over IT resources. After an identity is proven via authentication, that individual's authorization over a particular resource determines how they can interact with it.
Click on a section below to learn more about IAM for that population.
UW-Madison Students, Faculty and Staff are provided with authorization to access the resources each individual needs to study, work, research, etc. Access to these resources is determined by each individual's university affiliation, as well as university and departmental policy. If you believe you should have access to a University IT resource but you aren't sure how to access it or you receive an error message, Get Help from DoIT.
All UW Students, Faculty and Staff members are provided with a NetID account. Your NetID is a unique credential that can be used to access many UW-Madison resources including Office 365 email and calendaring, MyUW, student records, payroll information, and many other systems. Some UW systems control access using methods other than NetID authentication (such as a different username/password, Active Directory, or by restricting access to a computer lab, network, or IP Address range).
As administrator of UW-Madison IT resources, you are responsible for managing authentication and authorization to these resources. The following tools are available to you to facilitate this.
The NetID Login Service can be used to manage application authentication via the Shibboleth Single Sign-On service.
The Manifest NetID-grouping service can be used to assist with application authorization by using custom or data-driven NetID groups.
Identity Data Integration ("IDI") is available for applications with a specific need for information about UW Madison students, faculty or staff.
More information about IDI requests is available here. If you are developing an application that will require UW affiliate identity data, begin by filling out the Identity Data Integration Request Form available on this page.