Identity and Access Management

ITS Identity and Access Management (IAM) services provide members of the U-M community with an online identity and appropriate access to U-M computing resources and data, which can vary based on the individual's role or status.

This service is currently: 

For questions or assistance related to this service

Please contact the ITS Service Center
Enter a Ticket Online | Call 734-764-HELP (764-4357) | 4help@umich.edu | Chat

Tabs

Overview

Identity and Access Management (IAM) Services include directory services, authentication services, and user-management capabilities, such as password management and account provisioning and de-provisioning. These services ensure appropriate access to systems, applications, and data. The services enable a single login ID and password (for the most part) to U-M computing services, resources, and tools.

IAM Services also provide the foundation for university units to provision and de-provision access to the systems which they support and to streamline access to externally provided services.

Features: 

IAM services are foundational to information technology services at the University of Michigan. They support
multiple processes, resources, services, and tools.

Some features of IAM include:

Features and Capabilities Description
Directory Services

MCommunity is an enterprise directory and identity management system which enables the university to identify who is currently a member of the U-M community so that central offices—as well as departments, schools, colleges, and campuses—can grant and revoke access to their computing resources as needed and appropriate.

The MCommunity Directory contains a profile for each person with a current affiliation with the university. People can use the directory to find contact information for members of the university community, facilitating collaboration and streamlining administrative and academic processes. Members of the university community can use the directory to create and manage groups that can be used for sending email and/ or for authorization.

Access and Account Management

IAM uses MCommunity to manage automated creation of a user ID—a uniqname—and associated accounts for new members of the university community. ITS and unit sponsorship administrators use the MCommunity Sponsor System to sponsor university affiliates for account creation and management. Affiliates are individuals who are not university employees, such as external contractors, who are given limited access to university computing resources.

Uniqnames enable individuals to access a variety of university services and systems. The associated accounts created by MCommunity include:

  • Kerberos for access to university web sites
  • Active Directory for login to MWireless and more
  • M+Google to log in to Google collaboration tools.
Password Management MCommunity includes a password hub which stores UMICH passwords centrally and synchronizes transparently with the associated accounts (Kerberos, UMROOT, M+Google). This provides seamless integration with NextGen services provided in the cloud as well as with services hosted at the university.
Single Sign On Members of the university community logged in through the U-M Weblogin page are logged into all U-M web-accessible services through the use of Cosign software.

 

Who can use the service?: 

Every member of the U-M community across all four campuses --- Ann Arbor, Dearborn, Flint and Health System --- needs appropriate access to U-M computing services, resources, and tools. This includes current faculty, staff, and students; retirees and emeritus professors; sponsored affiliates; and alumni. It also includes parents and guardians who use U-M Friend accounts to log in and pay student bills. Often, it includes people outside the university who collaborate with members of the U-M community on research and other university work.

University units may partner with ITS IAM to provide access, including provisioning and de-provisioning, to services that they provide. They may also work with ITS IAM to set up access to services that use access methods managed by groups of institutions of which the university is a member, such as the InCommon Federation.

Related Categories: 
User Groups: 
Students
Alumni
Faculty
Staff
IT Professionals