Identity & Access Management
This document serves as a hub of information about UW-Madison Identity & Access Management, authentication, authorization, the NetID credential, and resources for application administrators.
What is Identity & Access Management?
Identity & Access Management ("IAM") is the process of enabling the right individuals to access the right resources at the right times and for the right reasons. UW-Madison IT resources often contain sensitive data, such as personal information or university research, making good IAM practices and decisions very important. At a high level, managing access to these resources is primarily accomplished via Authentication and Authorization.
Authentication is the process of asserting one's identity. This is done by leveraging one or more of the following three factors:
- Something you Know - most commonly, a username and password (aka "credentials"). This could also refer to Security Questions, an account number, or a PIN number.
- Something you Have - physical or digital possessions, including ID cards, security tokens, digital certificates, or a cell phone that can receive a security token via text message/software applications.
- Something you Are - bio-metric identifiers, such as a fingerprint, retinal pattern, DNA sequence, or voice recognition. Currently, this is the least common authentication factor used at UW-Madison.
Authorization is the process of controlling the access rights (or "permissions") that individuals/groups have over IT resources. After an identity is proven via authentication, that individual's authorization over a particular resource determines how they can interact with it.
What do I need to know about Identity & Access Management?
Click on a section below to learn more about IAM for that population.
UW-Madison Students, Faculty, and Staff
UW-Madison Students, Faculty and Staff are provided with authorization to access the resources each individual needs to study, work, research, etc. Access to these resources is determined by each individual's university affiliation, as well as university and departmental policy. If you believe you should have access to a University IT resource but you aren't sure how to access it or you receive an error message, Get Help from DoIT.
The UW-Madison NetID
All UW Students, Faculty and Staff members are provided with a NetID account. Your NetID is a unique credential that can be used to access many UW-Madison resources including Office 365 email and calendaring, MyUW, student records, payroll information, and many other systems. Some UW systems control access using methods other than NetID authentication (such as a different username/password, Active Directory, or by restricting access to a computer lab, network, or IP Address range).
Learn more about your UW-Madison NetID
- NetID - What is a NetID?
- NetID - Activating Your Account
- NetID - Password Criteria and Requirements
- NetID - Why should I change my NetID password?
- NetID - Eligibility Policy
- NetID - Modifying your Account
- NetID - Activating Missing Services
- NetID - Changing a Password
- NetID - Adding or Changing a Recovery Email Address
- NetID - Changing Account Recovery Questions
- NetID - Login Problems
- NetID - Changing Your NetID
Other important topics regarding Access Management
- Important tech suggestions for departing students, faculty, and staff
- NetID - Validating Login Page
- NetID - Recommended Browsers
- UW-Madison IT Policies
UW-Madison Application Administrators
As administrator of UW-Madison IT resources, you are responsible for managing authentication and authorization to these resources. The following tools are available to you to facilitate this.
The UW-Madison NetID Login Service
The NetID Login Service can be used to manage application authentication via the Shibboleth Single Sign-On service.
- NetID Login Service - Apache Installation (Red Hat / CentOS)
- NetID Login Service - Apache Installation (Windows)
- NetID Login Service - IIS7/8 Installation
- NetID Login Service - Requiring Shibboleth Authentication
- NetID Login Service - Enable multiple web applications on the same host
- NetID Login Service - Manual Configuration (General)
- NetID Login Service - Manual Configuration (Advanced)
- NetID Login Service - Configuring Logout
- NetID Login Service - Logout Procedure
The Manifest NetID-Grouping Service
The Manifest NetID-grouping service can be used to assist with application authorization by using custom or data-driven NetID groups.
- NetID Login Service - Authorization and Access Control
- Manifest - Integrating with NetID Login Service
- Manifest - Data Driven Groups
- Manifest - Getting Started
Identity Data Integration requests
Identity Data Integration ("IDI") is available for applications with a specific need for information about UW Madison students, faculty or staff.
More information about IDI requests is available here. If you are developing an application that will require UW affiliate identity data, begin by filling out the Identity Data Integration Request Form available on this page.