A summary of the different types of accounts and their uses.
These NetIDs are Banner initiated; comes from an authoritative source, automated; netID claim process, midPoint password management; exists in AD and everywhere
Affiliate NetIDs (formerly "sponsored" NetIDs)
These identities have a UIN, are hosted in "ou=people" in the Active Directory and maintain an affiliate status. Their passwords are set in midPoint and they follow renewal rules. These should be used for guests who will be on campus for at least one month at the request of an academic department or unit, visiting scholars (e.g. fellows), researchers, people on approved leave of absence, vendors or other affiliates that work in some capacity with the University. These automatically expire one year from the date of creation and will have to be renewed to continue service.
More information: Identity and Access Management, Affiliate NetID Manager FAQ
Allied affiliate NetIDs are a type of sponsored NetID that are given specific permissions pertaining to the allied organization's affiliation with the university. The designated proxies are the contact person for allied affiliate related questions for their organization and handle creation, renewal, and deactivation of the affiliates.
More information: Identity Management, Allied-Affiliates, What services do allied-affiliates receive?
Active Directory Resource Accounts
Resource accounts are hosted in the departmental OU of the Active Directory and do not exist in any other IAM systems. They will not have a UIN. The OU administrator can create the object and credentials as needed. Central password policies and renewals do not apply; the IT Pro is responsible for managing the passwords on these objects.
If access to only a single service is needed, this might be the best route.
Can be used for things like Box, Skype, Exchange, or in some cases, federated services behind Shibboleth.
IllinoisNet Wireless Guest Accounts
For visitors/guests that only need access to IllinoisNet wireless, this is preferred. 3-day and month-long options are available. These accounts DO NOT exist in the Active Directory.
Can be provided for service owners for specific needs. They have a fake UIN, are hosted in the Active Directory "ou=people," can have any affiliation requested, and have a password in midPoint. They will have a uiucEduType value of "test". They must have an end date and be renewed yearly. IT Pros can contact email@example.com to make a request.
If you need a test NetID for a service that uses Shibboleth for authentication, you can create one in a departmentally controlled OU in Active Directory if it needs any or all of the following attributes:
- displayName givenName
If the service requires any other attributes, you will need to request a test person NetID.
Duo MFA (Multi-Factor Authentication)
If you need to use MFA with your resource or test account, please email Identity and Access Management (firstname.lastname@example.org).