IT - STANDARD: 02
DATE POSTED for Review: 11/20/02
REVISION DATE: 02/27/04 (Enterprise Login ID Standard V2.7)
BRIEF DESCRIPTION: Provides the basis for a campus-wide standard for login IDs (Hawk ID) for all systems, including non-Windows operating systems.
There is a widespread need for a login ID standard that can be applied throughout the enterprise. The initial enterprise login ID policy, adopted in April 2001, set the standard for IDs in the campus Active Directory forest. Herein, this login ID standard is extended enterprise-wide to all systems, including Windows and non-Windows operating systems.
Use of this standard login ID positions providers of campus IT services – central and locally managed – to utilize enterprise authentication. As campus IT providers adopt the Hawk ID standard, and the enterprise authentication service for the services they provide, the campus will benefit from the simplified sign-on environment.
At the University of Iowa, the standard login ID is named the “Hawk ID.” Local services may refer to this login ID by alternate names, but in all cases, the institutionally defined Hawk ID is the one reserved in the Enterprise Directory Service for each individual in the UI community.
Hawk IDs have these characteristics:
- Because the initial assignment of Hawk IDs was based on existing IDs, there is diversity in the Hawk ID formats reflected in the UI community.
- One Hawk ID is reserved for each person in the Enterprise Directory Service (EDS) at the time the person becomes known to the EDS.
- Hawk IDs are between 3 and 30 characters in length. Any additional limits on length of a service login ID are determined by the requirements of each service needed by the end user. For example, there are services that can support only a maximum of 8 characters.
- All uses of a specific Hawk ID must be associated with the same person that is assigned that Hawk ID in the EDS. That is, the login ID “jdoe” in service A must be assigned to the same person that the login ID “jdoe” is assigned to in service B.
- The current default Hawk ID is a maximum 8-character alphanumeric string based on an individual’s name.
- Hyphens and underscore characters are, in general, used to denote service accounts and other exceptions to the Hawk ID standard. Therefore, punctuation, such as hyphens and underscores, are not allowed in the Hawk ID, except in IDs based on hyphenated surnames.
- There may be resource accounts (e.g., accounts for testing, departmental, generic use) in Active Directory for which there is no corresponding Enterprise Directory entry.
- Creation and maintenance of Hawk IDs is an administrator responsibility. An end-user may request that his longer Hawk ID (greater than 8 characters) be changed or renamed to match his login ID on a system that limits login IDs to a maximum 8-characters.
- A Hawk ID will be maintained for the life of services using it for authentication.
- When a login ID for service is required prior to completion of the institutional processes that result in assignment of a Hawk ID, a system administrator may reserve a Hawk ID for subsequent assignment to the person upon completion of the institutional processes.
- As campus services adopt the Hawk ID standard, efforts to maintain existing login IDs will be balanced with active uses of the institutionally assigned Hawk ID.
- The intent is that there will be a single Hawk ID (account) for each individual in the campus Active Directory forest. That is, a person’s Hawk ID will appear in one and only one domain in the forest. This guarantees the uniqueness of the enterprise Hawk ID and Hawk ID password pair. Requests for exceptions to the single ID per individual rule may be based on role-based reasons. Exceptions must be approved by the appropriate domain administrators.
- With the exception of temporary IDs provided by contractual services (e.g., applicants for professional colleges), there will be no individual user account established in the Active Directory for which there is not a validating, unique entry in the Enterprise Directory.
- User and/or administrators may request a different Hawk ID for purposes of consolidation of services under another existing ID.
- User and/or administrators may request a different Hawk ID in the event of a name change or if the auto-generated Hawk ID is inappropriate in some way.
- Users and/or administrators may request a longer than 8 character Hawk ID so long as the current Hawk ID is not in use in a service and the requested Hawk ID is unique.
Related Policies, References and Attachments: This collection of University of Iowa Information Technology policies and procedures contain acceptable use, security, networking, administrative, and academic policies that have been developed to supplement and clarify University of Iowa policy.
They are incorporated into the University of Operations Manual (http://www.uiowa.edu/~our/opmanual/index.html) by reference, per the Policy on Acceptable Use of Information Technology Resources (http://www.uiowa.edu/~our/opmanual/ii/19.htm)