Identity and Access Management (IAM) Initiative

On June 1, 2017, Information Resources launched a new system called Account Center. This new system is the latest effort in the IAM initiative. Account Center controls the way that campus users' accounts are created and managed, and it provides a number of improvements over previous systems. Please see the major changes listed below.

What changed when Account Center went live on June 1st?

Account Center manages the provisioning and de-provisioning of Active Directory, LDAP, Blackboard Learn, Google Apps and Office 365 accounts. Below are the services that are automatically provisioned for active students, faculty, staff and auxiliaries:

Active Directory LDAP Blackboard Learn Google Apps Office 365
Students x x x x
Staff x x x x x
Faculty x x x x x
Auxiliary x x x x x
Instructor x x x x x

New faculty will only get access to course shells and student data in Blackboard Learn after I9 processes are complete (policy requirement). Below are two diagrams which provides a high level overview the steps required to trigger Blackboard Learn account provisioning and the additional steps for the release of the course shell.

Faculty Onboarding Processes

Additional changes include:

  • All student employees automatically receive Office 365 accounts
  • New password management tools provide additional self-service options for account recovery
    • Pin reset via mobile number for password recovery
    • Pin reset via personal email address for password recovery
    • Answering security questions for password recovery
  • New password rules will be implemented for employees and students 

Identity & Access Management(IAM) FAQs

What is IAM?

IAM enables the right people to access the right resources at the right times for the right reasons.  IAM is a combination of:

  • Digital identities and processes related to identity lifecycle management
  • Identity management registry (Fischer Identity)
  • Password management tools
  • Directories (e.g. AD, OpenLDAP)
  • Access and authentication tools (e.g. CAS, Shibboleth, ADFS)
  • Support providers’ and service owners’ roles and responsibilities
  • Security
  • Governance and training

Why has CSU, Chico embarked on the IAM initiative?

Beginning in July, 2015 CSU, Chico selected Fischer International as the vendor of choice for a new identity & access management system.  Once implemented the new IAM system will:

  • Replace the current identity & access management system developed ten years ago called the Registry.  The Registry no longer provides the functionality necessary to keep pace with the needs of the University.  

  • Address information security audit findings from 2008 and 2014 that found deficiencies in campus password management policies. These deficiencies need to be addressed to comply with the CSU access control standard which reduces the risk for easily guessed passwords and unauthorized access to network resources and confidential information.

  • Automate the provisioning and deprovisioning of campus accounts and access for all employees, students and guests of the University. Currently employee and guest account provisioning is a manual, multi-step process that is slow and prone to errors.  In some cases it can take a new employee several weeks to get access to all of the services necessary to do their job.

For more information about the Identity & Access Management Initiative, please refer to the attached IAM Roadmap.

Announcements

Campus Entitlements Catalog

Campus users get accounts and access based on their relationship (AKA affiliation) with the University. This Entitlements Catalog outlines the specific accounts/access that are provided to each affiliation beginning on June, 2017. 

Account Center Knowledge Base Articles

Please click here to find more information about Account Center