Identity & Access Management at UCLA (
Who Should Read: This document is written for anyone looking to understand what the
project is all about.
The Identity Management aspect of the framework focuses on establishing a unique identity for anyone who may be part of the UCLA community, and then proving that the person is who they say they are. The Access Management aspect addresses the policies, processes, and groups that enable us to grant the appropriate type and level of access based on the proven identity. In addition to streamlining the process of granting access based on the roles a person has at UCLA, it also allows us to instantly revoke all access when that access is no longer appropriate, ie: at the end of a staff member's employment.
UCLA Logon ID
The UCLA Logon ID is UCLA's campus online identifier. It is used to sign into most UCLA services, including over 200 web applications, the campus wireless network, Bruin Online email, VPN services, and many computer lab workstations on campus. Find out more about the UCLA Logon ID here.
Web Single Sign-on
UCLA is transitioning from a home-grown system named ISIS to a platform based on Internet2's Shibboleth.
Click here to find out how to integrate your application with
By adopting Shibboleth, UCLA's web single sign-on also works in a federated scenario, where a UCLA person may access resources outside UCLA using their UCLA Logon ID, thus eliminating the need to create multiple logon ID's. Examples of federated access include the UC Learning Management System and the UC At-Your-Service.
Access Management is
What this means to the user is that the correct people will have access to the appropriate resources and vice versa on a campus-wide scale.
The Enterprise Directory is the core of