Identity & Access Management at UCLA (IAMUCLA) Overview
Who Should Read: This document is written for anyone looking to understand what the IAMUCLA project is all about.
IAMUCLA is a set of tools helping campus applications manage the process of establishing who you are and what access you have in a way that is simplified, structured, and streamlined.
The Identity Management aspect of the framework focuses on establishing a unique identity for anyone who may be part of the UCLA community, and then proving that the person is who they say they are. The Access Management aspect addresses the policies, processes, and groups that enable us to grant the appropriate type and level of access based on the proven identity. In addition to streamlining the process of granting access based on the roles a person has at UCLA, it also allows us to instantly revoke all access when that access is no longer appropriate, ie: at the end of a staff member's employment.
Components of IAMUCLA
UCLA Logon ID
The UCLA Logon ID is UCLA's campus online identifier. It is used to sign into most UCLA services, including over 200 web applications, the campus wireless network, Bruin Online email, VPN services, and many computer lab workstations on campus. Find out more about the UCLA Logon ID here.
Web Single Sign-on
IAMUCLA provides web single sign-on service for UCLA web applications. With single sign-on, a person logs in once and has seamless access to all participating resource she has access to.
UCLA is transitioning from a home-grown system named ISIS to a platform based on Internet2's Shibboleth.
Click here to find out how to integrate your application with IAMUCLA's web single sign-on service.
By adopting Shibboleth, UCLA's web single sign-on also works in a federated scenario, where a UCLA person may access resources outside UCLA using their UCLA Logon ID, thus eliminating the need to create multiple logon ID's. Examples of federated access include the UC Learning Management System and the UC At-Your-Service.
Access Management is IAMUCLA's newest venture. We are looking to bring enterprise scale group and permission management to UCLA.
What this means to the user is that the correct people will have access to the appropriate resources and vice versa on a campus-wide scale.
The Enterprise Directory is the core of IAMUCLA services. It is where user identity and role data is collected, organized, and stored. In addition to serving the web single sign-on and access management data needs, the Enterprise Directory also feeds a variety of purpose-specific directories such as the UCLA Online Directory and the UC UDir system.