Service Category: Account & Access

The identity management system (IDM) forms the basic infrastructure for managing the authorisations that people need to access generally IT-based resources of the university. The IDM obtains its information mainly automatically from the administrative systems for students and employees of the University of Ulm and the employees of the University Hospital Ulm (source systems) and creates accounts and groups in target systems on the basis of predefined authorisation schemes, which enable access to services.

The IDM thus implements a largely automated, legally secure administration of the university's identities that operates according to the principle of data economy. In addition, a delegated administration of groups is realised. Only authorised persons are granted access to licensed content/software and identities, and data that is no longer required is deleted promptly.

Via a web frontend, numerous self-service functions can be used depending on the individual role or official activity (e.g. changing passwords, booking services for use). The administration of groups is delegated to responsible persons in the institutions with the help of the Grouper subsystem.

Login: IDM Self Services

Login: Grouper Self Services

Performance features

Backend & Architecture

• Provision of a consistent database of people in the form of digital identities. Depending on their roles (e.g. student, employee),
  persons are allowed to use resources of the University of Ulm (e.g. access to licensed content, software, e-mail, etc.).
• Technical implementation and enforcement of the rules laid down by the University of Ulm, according to which persons may have access to the resources depending on their relationship with the university.
• Automated reconciliation of identity data from authorised source systems.
• Identities that are not listed in the source systems, but which are entitled to use resources, can be entered via contact points responsible for the respective user group. The contact points are responsible for verifying eligibility and must be renewed at regular intervals.
• Assignment of different roles to the identities. Prominent roles are: students, university staff, clinic staff, guests, alumni
• Provisioning-Area: Automatic, role-dependent provisioning of accounts in target systems including their updating and deletion. Target systems are for example e-mail, Active Directory, LDAP and printing in the network.

Web-Frontend (Self Services)

The web frontend allows all persons who have a kiz account to access the administration of their accounts and service subscriptions. Persons can be assigned additional authorisations (e.g. cost centre manager, contact point) which enable them to perform advanced self service functions.

• Standard („Mein IDM“):
  • Display data mirror
  • Overview of upcoming administrative tasks within the IDM
  • Show subscribed services (mandatory and optional)
  • Add and cancel optional services
  • Change the password in one or more of the systems connected to the IDM
• Cost centre managers can use the following self services for their own cost centres:
  • Accept or reject applications by other persons for the billing of services subject to charges via the responsible cost centres (subscriptions)
  • Edit subscriptions
  • Delegate rights to one or more deputies
• Employees of the contact points have the possibility to create identities of persons who are not available in the source systems but who are authorised to use certain resources (e.g. alumni, lecturers) and to extend them if necessary.
• Staff of the kiz helpdesk:
  • Resetting user passwords
  • Various research options for support purposes (e.g. cost centres and persons responsible, roles and assigned authorisations, study programmes etc.) 

Grouper (Self-Services)

The Grouper offers owners of organisational units the possibility to create and manage groups independently. These groups are available in various target systems in order to simplify the assignment of rights there with their help. Owners can delegate their rights in Grouper to other persons, who then define and maintain authorisations in the target systems together with them as IT managers of the respective organisational unit via group memberships.

User groups

Members and affiliates of the University of Ulm

Service hours

24 x 7 x 365

Application modalities

N/A

Fee / charge

No fees or charges will be charged for the service. If services are added via the self-service function of the IDM portal, costs may arise for the use of these services.