IAM Services and Related Resources
Our mission statement:
Provide, support and advocate authentication, authorization and related middleware solutions for securing UH on-line services.
Our IT community forum: <App Developers Forum>
Introduction
The University of Hawai'i Identity Management system (UHIMS) collects, consolidates and makes available information concerning people associated with the University. This allows UH to establish and manage a single centralized repository of person information and to provide a single, unique identity for each person even as their relationship with UH changes over time. Additionally, UHIMS provides UH the ability to automatically enable and disable access to online resources, such as email, Laulima, eCafe, and lab computers.
One of the early accomplishments of UHIMS was to establish the UH Number as a replacement for the Social Security Number (SSN) in order to better protect our community from identity theft. The UH Number is sometimes referenced as the "employee ID number" and the "student ID number." Whether a person is a student, faculty, staff, affiliate, ohana, retiree, or some combination of these, a person has but one UH Number appropriately known as the "UH Number." Closely associated with the UH Number is a UH Username. The UH Username, along with a unique password of your choice, will be your key to using the University's online resources.
As a member of the UH community, one sometimes traverses many roles and may even be in multiple roles at once. UHIMS tracks a person's roles to help ensure that each person has access to the appropriate online resources and services. Additionally, UHIMS sends email notifications to each person when a role change is detected. These notifications explain how the role change impacts one's access to services, one's listing in the UH Online Directory, etc.
Identity and Access Management (IAM) services are supported by the IAM group. Please email the IAM team if there are any questions.
Identity Functions
Identity Management
User Lifecycle Management: Creation, updating, and deletion of user identities across systems, ensuring each individual has the correct access for their role.
Authentication Services: Mechanisms to verify user identities, such as passwords, multi-factor authentication (MFA), and biometrics.
Directory Services: Centralized repositories (e.g., LDAP or Active Directory) for storing and managing identity data.
Access Management: Assigning and enforcing permissions and roles to users for systems and resources.
Self-Service Features: Tools for users to reset passwords, update personal information, or request access.
Identity Governance
Access Control Policies: Establishing rules for who can access what, and under what circumstances.
Role Management: Defining roles and mapping them to access rights to enforce least-privilege principles. Higher id institutions have very complex requirements for this.
Compliance and Auditability: Ensuring adherence to regulatory requirements (e.g., FERPA, HIPAA, GLBA) through access reviews, logging, and reporting.
Identity Analytics: Identifying anomalies or risks in user access, such as excessive permissions or orphaned accounts.
Certifications and Approvals: Managing workflows for periodic review and re-certification of user access rights.
Identity Federation
Single Sign-On (SSO) Across Organizations: Enabling users to authenticate once and access resources across multiple organizations or domains.
Federated protocols: Use of standards such as SAML, OAuth, and OpenID Connect to facilitate secure sharing of authentication data.
Trust relationships: Establishing agreements between entities to securely exchange identity data for authentication. UH is a member of the InCommon Federation and eduGAIN, an International academic federation of federations.
Cross-domain access: Supporting access to services or applications hosted in different administrative domains without duplicating user accounts.
User attribute exchange: Sharing relevant user attributes (e.g., roles, affiliations) across systems to facilitate access control decisions.
Table of Contents
For Individuals - UH Username Services, Managing Your Identity Information
For Campus Technology Administrators - ID Management and Authentication Solutions
For UH Developers - Developer Resources
General Info - UH Identity and Access Management Overview
Terminology - Terminology, Standard Codes and Definitions
For Individuals - UH Username Services, Identity Information Resources
Identity Info: About your UH Username and UH Number
Identity Info: ACER - Online Acknowledgements and Certifications
Identity Info: UH Secure Passwords Practices (password selection requirements)
Identity Info: UH Username Services (password changes and resets, email lists requests, UH Number lookup, ...)
Directory Info: UH Online Directory: UH Faculty/Staff Directory
Assistance: Assistance with your UH Username
Security: Guidelines for Protecting your Personal Identity Information
Security: UH Executive Policy on Security and Protection of Sensitive Information
Information: UH Online Resources Access by Role
For Campus Identity Representatives - UH Identity Management Services
Information: UHIMC and WPMS Frequently Asked Questions
For Campus Technology Administrators - ID Management and Authentication Solutions
How To: Implement Authentication on Lab Computers:
How To: Implement Passthrough Authentication from a Departmental LDAP Server to UH LDAP Servers
How To: Request Federated Access to 3rd-Party Service Providers
Information: Business Critical Applications Registration registration
Information: UH OID Assignments
Information: InCommon Participation
Overview: IAM Services Overview
For Developers - Developer Resources
How To: Implement the UH Login service - includes the URL Registration form
How To: Implement UH LDAP Authentication
How To: Implement UHIMS Events
How To: Utilize the UH Message Broker
Information: Duo Security Integration implementation requests
Information: IAM Blog
Information: IAM Data Element Dictionary
Information: UH Role Assignments and Transitions
Information: The UhEduPerson LDAP Recipe
Technical Forum: UH applications developers and IT managers F2F; agendas and discussions
Email Discussion List: UH forum for applications developers and IT managers.
General Info - UH Identity and Access Management Overview
UH Form: Data Access Agreement Forms for authorized access to sensitive data
Information: UH Online Resources Access by Role
Information: UH Role Assignments and Transitions
Terminology - Terminology, Standard Codes and Definitions