- #User authentication security policy verification
- #User authentication security policy password
- #User authentication security policy windows
The domain administrators of each domain in the forest are responsible for maintaining accounts for the persons for whom they have responsibility, in support of the enterprise authentication requirements identified by campus IT service providers.
Account IDs in all domains of the Campus Forest will be maintained in sync with the Enterprise Directory HawkID assignment.
#User authentication security policy password
This guarantees the uniqueness of the enterprise HawkID and HawkID password pair. That is, a person’s HawkID will appear in one and only one domain in the forest.
#User authentication security policy verification
Verification shall be based on one of more of the following (depending on security requirements):Ģ) possession (e.g.
Part 1: Authentication IntroductionĪuthentication is the mechanism that verifies that an individual is who they claim to be. If there are security issues in the local service, such as use of clear-text passwords, the local service password should not be synchronized with the HawkID password. Local Service Password is the service-specific password for a locally-authenticated service. Service providers are encouraged to use the HawkID as this local service ID. Local Service ID is the service-specific login ID for a service not yet enabled to use enterprise authentication. HawkID Password is the password associated with the HawkID in the enterprise authentication service. This HawkID, therefore, is the account ID used in the enterprise authentication service. HawkID is the campus-wide standard for a unique login identifier (ID) for each person in the University of Iowa community. Active Directory is the current campus production authentication engine.
#User authentication security policy windows
AD is Microsoft’s implementation of an LDAP directory with a number of enhancements for Kerberos support and workstation management.Ĭampus Active Directory Forest is the shared services forest, sponsored by a partnership of ITS and HCIS, that provides the infrastructure for campus Windows servers and workstations connected to the campus network. Microsoft Active Directory (AD) is a directory that supports Windows services. EDS consolidates identity information for support of enterprise authentication. Local Service is a service, supported by any campus IT provider that authenticates its user base to a subset of domains in the forest, or to a local accounts database.Įnterprise Directory Service (EDS) is an authoritative source for institutional data such as IDs, e-mail, service eligibility indicators, and other derived attributes.
These credentials may not be reused for services not using the Enterprise Authentication Service. Audit requirements may limit the use of generic access.Įnterprise Authentication is the service defined herein.Įnterprise Service is a service, such as e-mail or calendar, supported by any campus IT provider that trusts the entire multi-domain enterprise authentication infrastructure as authentication for the service.Įnterprise Credentials are the combination of HawkID and HawkID password. Generic access refers to access using a service account rather than individual (e.g., HawkID) account. The Enterprise Authentication, Authorization and Access policy describes a fully integrated method for verifying the identity of all persons in the university community, granting access to Institutional Data and securing physical devices allowed to access that data.