Identity and Access Management

Adopted Policy 5.1

Policy Purpose

To set forth the University’s principles for managing the identities of individuals of the university community in terms of the University’s IT resources and the commensurate access to these resources.

Responsible Office

Information Technology Services, Division for Finance and Administration

Responsible Executive

Chief Information Officer

Policy History

  • Date of Permanent Approval:

Policy Statement

Identity and access management is a comprehensive and unified approach to managing the identities of persons and processes issued by the University for the purpose of granting and controlling access to information resources. It is vital to have accurate and timely information regarding the roles and relationships of all constituents of the University in order to effectively manage access to information assets. It is equally important for data owners of employee and student information to understand their roles and responsibilities with regards to identity and access management.

Persons Affected

Students, Faculty, Staff

Definitions

Electronic Identifiers are PIN, Albany ID, and NetID

Employee is any faculty member of the University at Albany or staff employed by the University at Albany or a University-related Organization and its subcontractors who are issued University at Albany identification cards.

Student is a current Student registered for classes at the University at Albany.

University is the University at Albany, State University of New York.

University-related Organization or Organization(s) is one or all of the following entities associated with the University: University at Albany Foundation, Research Foundation for the State University of New York, University Auxiliary Services at Albany, Inc., University at Albany Bioscience Development Corporation, Alumni Association of the State University of New York at Albany, Empire Commons Student Housing, Inc., Student Association State University of New York at Albany, Inc., and University at Albany Graduate Student Association.

Policy

  1. Principles for the Issuance of Electronic Identifiers
    1. Identities, roles and statuses of individuals at the University are verified and accurate prior to the issuance of their electronic identifiers (PIN, Albany ID and NetID).
  2. Authorities for Verification of Identities, Roles and Statuses
    1. Information stored in the Integrated Administrative Services (IAS) system (Human Resources and Student Records) will be used as the System of Record for determining an individual’s identity, role and status. In turn, the role and status will be used for granting and removing an individual’s access to all online services.
    2. Students: The Registrar’s Office is the steward of student records as they are recorded in IAS. As such, they are accountable for ensuring that the information regarding the student’s identity, role, and status at the University are accurate.
    3. Employees: The University at Albany has two offices with Human Resources responsibilities: the Office of Human Resources Management and Research Foundation Human Resources. These offices are the stewards of employee records as recorded in the University’s System of Record, IAS. As such, they are accountable for ensuring that the information regarding employee’s identities, roles, and statuses at the University are accurate. Other hiring offices (University Auxiliary Services, UAlbany Foundation, and the employing University departments) are accountable for the timely reporting of changes to roles or statuses of their employees to their respective Human Resource department.
    4. Emeriti: Individuals are identified as emeriti within IAS upon retiring from the University as a member of United University Professions or Management Confidential. They are individually accountable for reporting to Information Technology Services whether they want to retain their electronic identifiers and access to applicable University online services.
    5. Externals: Individuals who are not employed by the University or affiliated corporations (e.g. vendors, contractors, and media) will not receive personal electronic identifiers. They will be granted temporary access to online services based on a written request from the department with which they are most closely associated.
  3. Privacy
    1. Identity and Access Management is based on the following principles
      1. Identity: Every person who is a student, employee or affiliate of the University is assigned a unique online identity (PIN, Albany ID and NetID).
        1. A password is established by the individual for the purpose of authenticating to their assigned identity.
        2. PINS and passwords are confidential and must not be shared with anyone.
      2. Role: An individual’s role (e.g. student, faculty, staff, etc.) at the University governs their access to online services.
      3. Status: The establishment, continuation and discontinuation of access will be based on an individual’s status at the University (e.g. employed, terminated, registered, alumni, etc.)
      4. Access: Access to online services is granted based on the ‘least privilege’ principle (see ‘Access Control Security Domain’ in the Information Security Domains, Supporting Protocols, Standards, and Procedures as dictated by the University’s Information Security Policy).
    2. Electronic Identifiers are assigned to an individual who is then responsible for their use. To ensure privacy and security of electronic information, PINs and passwords are confidential and must not be shared with anyone.
  4. This policy is effective immediately.