Identity and Access Management Services (IAM) exists to enhance and simplify users' secure access to information resources to which their roles authorize them.
IAM consolidates responsibility for the University of Alaska's
- System-wide digital identities (identifiers, passwords or other tokens used to gain access to resources) and central password store
- Enterprise directory and registry (authoritative repository of identities, affiliations, and other attributes pertinent to accessing resources)
- Authentication (login and identity assertion at appropriate levels of assurance)
- Secure single-sign-on (i.e., single log-in event enables access to multiple resources without exposing users' credentials via Shibboleth and other tools)
- Policy-based attribute release (assertions of institutional affiliation, roles, and other appropriate attributes)
- Role-based authorization (establishing, maintaining, and releasing to services appropriate institutional roles and attributes)
- Support for internal information service providers to protect their services with appropriate central authentication service and role-based authorization
- Inter-institutional federation (enabling access to services external to UA via mutual trust of members of InCommon or other federations)