Identity and Access Management Standard
The purpose of this standard is to outline the rules and procedures around the establishment of user identities and access policies for West Virginia University applications and other digital / online resources.
This standard applies to all employees, students, and third parties who store, use, transfer, transport, produce, or dispose of technology and data resources owned or managed by West Virginia University.
April 17, 2012
1.1. The Office of Information Technology is responsible for operation, management, and oversight of the WVU Identity and Access Management (IAM) Program (referred to as Login)
- The Identity Access Management (IAM) Governance Committees will provide guidance and recommendations on procedures and priorities relating to Identity and Access Management.
1.2. Identity information on all individuals needing ongoing access to restricted WVU resources must be entered into the Login system.
1.3. The Login system assigns and manages the official identities for WVU. This includes the assignment of the individuals’ WVUID and username (referred to as Login).
1.4. If an individual’s access requirement is solely for the Mountaineer Card system or a single authoritative source for a limited period of time (15 days or less), the person will be granted a guest account and will not need to be entered in the Login system.
1.5. Refer to the Electronic Account Standard for additional classification of types of account access allowed.
1.6. Data errors must be corrected and changes must be made in the authoritative sources. The response time for addressing data error corrections will follow the Office of Information Technology (ITS) response times as defined in the Service Desk Policy under response goals.
1.7. Refer to Information Security Service’s standards for system / application integration with Login. Applications and systems must pass the application security assessment conducted by Information Security Services prior to becoming integrated with Login.
1.8. Authoritative sources for identities
- MAP, which is for the administration of financial and human resources data related
to employees, vendors and affiliates, and runs on Oracle E-Business Suite.
- STAR, which is used to maintain student, instructor/advisor information as it relates to admissions, courses, grades, fees, and financial aid data, and runs on SunGard Banner Student Solutions.
- The IAM Administrator Web Console for manual entry by the IAM Support team of individuals approved according to the standard for identification of Non-Authoritative Source users access to specific restricted WVU resources. These requests must come from a WVU affiliated Chair, Director, Dean (or Designee) or higher level that assumes responsibility for sponsorship of the requested access.
1.9. Required information to establish identity
- Information required for establishing an authoritative source identity is defined by those sources. For MAP, reference http://payroll.wvu.edu and http://taxservices.wvu.edu and for STAR, reference http://registrar.wvu.edu and https://admissions.wvu.edu/.
- Information required for establishing a non-authoritatve source identity is defined in the Identity and Access Management Non-Authoritative Source Accounts Standard.
1.10. Every user must complete the account claiming process to confirm identity and establish security requirements for self-service password management.
1.11. Claiming / activating of an account requires the individual to enter his or her legal first name, legal last name, birth date, and one of three identifiers: WVUID, employee number, or last four digits of SSN.
1.12. All password changes for an individual’s Login must be completed using the Identity Access Management user web interface at login.wvu.edu
1.13. Password change requirements are defined in the Account Management Standard.
1.14. Access management to included Integrated systems will be according to business rules approved by the IAM Governance Committees.
1.15. Start and End Access dates for user access to Integrated systems will be according to the business rules established by the Authoritative Sources for each user role maintained in the Identity Repository and associated Access Policies as defined by the IAM Governance Committees.
1.16. System authorization will be controlled locally by each system.
1.17. Login username format will be first initial of First Name concatenated with first initial of Middle Name concatenated with an individual’s full Last Name (FMLast). Where the generated username already exists, an algorithm will be followed to work through the letters of the first and middle name in place of the middle initial until a unique username is defined.
1.18. When an account holder’s official name changes, if the person wishes to change his or her Login, he or she will need to submit a request through the ITS HelpDesk. A determination will be made on the feasibility of the Login change requested based on resources accessed.
1.19. If an individual needs to have his or her WVUID changed, the change will need to be coordinated through IAM Support following a request to the ITS HelpDesk.
IAM User Management
1.20. The majority of user identities in Login are established by the approved authoritative sources and associated business specifications.
1.21. Identities not established through the Authoritative Sources are entered and updated through the IAM Administrator Web Console following the Non-Authoritative Source Accounts Standard.
- For access not granted through one of the authoritative sources, the individual or WVU unit sponsoring the request will contact ITS Service Desk for the form and information needed to request user access.
- All requests will be processed by the ITS IAM Support team following guidelines established in the Non-Authoritative Source Accounts Standard or by approval of the IAM Governance Committees.
Violation or non-compliance of this standard may lead to disciplinary action up to and including termination.
Exceptions to IT Standards will be considered using the IT Standard Exception Procedure.
Questions, concerns or additional information about this and any ITS policy should
be directed to the CIO office at
Sept 28, 2011 – Draft Standard, used for the implementation of systems
April 17, 2012 – Initial version approved by IT Oversight Committee