UF Identity Management (IdM) Policy

Purpose

The university requires a secure and reliable method of identifying members of its community for access to electronic data resources. This requires collecting and maintaining identifying attributes, ensuring that electronic identities match the appropriate persons, and mechanisms to authenticate and authorize use of those identities.

Scope:

This policy applies to everyone with an identity included in the university’s central identity registry, as well as individuals authorized to perform identity management (IdM) functions on behalf of the university.

Policy:

  1. The university will maintain a central identity registry that will serve as a central store for identity and account information.
  2. All identities within the central identity registry will be assigned a unique UFID number. UFID numbers will never be re-issued to a different identity.
  3. All identities within the central user account directory will be assigned an Identity Assurance Profile as defined in the related Identity Assurance Profile Standard document.
  4. Required attributes for each identity, depending on the Identity Assurance Profile, must be complete, accurate and current.
  5. The university may participate in identity federation, whereby holders of UF identities can be granted access to resources hosted outside the university, and holders of Identities from federated entities can be granted access to resources hosted by the university.

Responsibilities:

  1. University of Florida students, employees and other enterprise workforce members must maintain accurate contact and demographic data in the UF central identity registry.
  2. IdM Coordinators must actively maintain complete and accurate data in the central identity registry in collaboration with, and on behalf of people within their scope of authority. An IdM Coordinator is a UF workforce member who maintains data related to a person’s identification contained in the UF Directory for a specific unit of the UF enterprise. Individuals are delegated authority from the dean, director (or DDD) of the unit.
  3. Primary IdM Coordinators are responsible for assuring complete and accurate identity information is in place for identity credentialed personnel within their scope of authority, and according to Identity Assurance Profile standards. A primary IdM coordinator is a UF workforce member who serves as the primary contact for questions related to a person’s identification data for a unit. They are appointed by the dean or director of the unit.
  4. UF IdM Coordinators serving as a Registration Authority (RA) must adhere to Identity Assurance Profile standards for the applicable level of access when provisioning credentials for UF workers. A registration authority is an Idm Coordinator or Primary IdM Coordinator who has had additional special training to perform the credential verification functions to certify a user to meets Identity Assurance Profiles the require in person review.

References:

  • NIST 800-63 Electronic Authentication Guideline
  • InCommon Identity Assurance Profiles (Bronze & Silver) 1.1
  • Federal Identity, Credentialing and Access Management Trust Framework Provider for Adoption Process (TFPAP) For Levels of Assurance 1, 2, and Non-PKI 3 Version 1.0.1
  • Identity Assurance Profile Standard