Identity Management, Types of Accounts

A summary of the different types of accounts and their uses.

Staff/Faculty/Student NetIDs

These NetIDs are Banner initiated; comes from an authoritative source, automated; netID claim process, midPoint password management; exists in AD and everywhere

Long-term sponsored NetIDs

These identities have a UIN, are hosted in "ou=people" in the Active Directory and maintain an affiliate status. Their passwords are set in midPoint and they follow renewal rules. These should be used for guests who will be on campus for at least one month (at the request of an academic department or unit) visiting scholars, people on approved leave of absence, vendors, or other affiliates that work in some capacity with the University. These automatically expire one year from the date of creation and will have to be renewed to continue service.

Affiliate NetIDs

Affiliate NetIDs are a type of sponsored NetID that are managed through the Affiliate NetID Manager and are given specific permissions pertaining to the affiliation with the university. The designated proxies are the contact person for affiliate related questions for their department and handle creation, renewal, and deactivation of the affiliates.

More information: Identity Management, Affiliates, What services do affiliates receive?

Active Directory Resource Accounts

Resource accounts are hosted in the departmental OU of the Active Directory and do not exist in any other IAM systems. They will not have a UIN. The OU administrator can create the object and credentials as needed. Central password policies and renewals do not apply; the IT Pro is responsible for managing the passwords on these objects.
If access to only a single service is needed, this might be the best route.
Can be used for things like Box, Skype, Exchange, or in some cases, federated services behind Shibboleth.

IllinoisNet Wireless Guest Accounts

For visitors/guests that only need access to IllinoisNet wireless, this is preferred. 3-day and month-long options are available. These accounts DO NOT exist in the Active Directory.

Test NetIDs

Can be provided for service owners for specific needs. They have a fake UIN, are hosted in the Active Directory "ou=people," can have any affiliation requested, and have a password in midPoint. They will have a uiucEduType value of "test". They must have an end date and be renewed yearly. IT Pros can contact techservices-iamu@illinois.edu to make a request.
If you need a test NetID for a service that uses Shibboleth for authentication, you can create one in a departmentally controlled OU in Active Directory if it needs any or all of the following attributes:
  • eduPersonPrincipalName
  • eduPersonTargetedID
  • displayName givenName
  • sn
  • mail
  • uid
If the service requires any other attributes, you will need to request a test person NetID.




Keywords:wireless wifi internet illinoisnet sponsor sponsored test fake netid uin visitor resource   Doc ID:101602
Owner:ID M.Group:University of Illinois Technology Services
Created:2020-04-30 14:09 CDTUpdated:2022-03-01 11:43 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0