Description

Provides the basis for a campus-wide standard for login IDs (Hawk ID) for all systems, including non-Windows operating systems.

The initial enterprise login ID policy, adopted in April 2001, set the standard for IDs in the campus Active Directory forest. Herein, this login ID standard is extended enterprise-wide to all systems, including Windows and non-Windows operating systems. Use of this standard login ID positions providers of campus IT services – central and locally managed – to utilize enterprise authentication.

Statement

At the University of Iowa, the standard login ID is named the “Hawk ID.” Local services may refer to this login ID by alternate names, but in all cases, the institutionally defined Hawk ID is the one reserved in the Enterprise Directory Service for each individual in the UI community.
Hawk IDs have these characteristics:

1. One Hawk ID is reserved for each person in the Enterprise Directory Service (EDS) at the time the person becomes known to the EDS.
2. Creation and maintenance of Hawk IDs is the responsibility of EDS.
3. Hawk IDs are between 3 and 30 characters in length. Any additional limits on length of a service login ID are determined by the requirements of each service needed by the end user. For example, there are services that can support only a maximum of 8 characters.
4. All uses of a specific Hawk ID must be associated with the same person that is assigned that Hawk ID in the EDS. That is, the login ID “jdoe” in service A must be assigned to the same person that the login ID “jdoe” is assigned to in service B.
5. Hyphens and underscore characters are, in general, used to denote service accounts and other exceptions to the Hawk ID standard. Punctuation, are not allowed in the Hawk ID, except in IDs based on hyphenated surnames.
6. There may be resource accounts (e.g., accounts for testing, departmental, generic use) in Active Directory for which there is no corresponding Enterprise Directory entry.
7. A Hawk ID will be maintained for the life of services using it for authentication.
8. When a login ID for service is required prior to completion of the institutional processes that result in assignment of a Hawk ID, a system administrator may reserve a Hawk ID for subsequent assignment to the person upon completion of the institutional processes.
9. The intent is that there will be a single Hawk ID (account) for each individual in the campus Active Directory forest. That is, a person’s Hawk ID will appear in one and only one domain in the forest. This guarantees the uniqueness of the enterprise Hawk ID and Hawk ID password pair. Requests for exceptions to the single ID per individual rule may be based on role-based reasons. Exceptions must be approved by the appropriate domain administrators.
10. With the exception of temporary IDs provided by contractual services (e.g., applicants for professional colleges), there will be no individual user account established in the Active Directory for which there is not a validating, unique entry in the Enterprise Directory.

Hawk ID Changes

It is expected that a Hawk ID will be changed only under a limited set of circumstances.

1. User and/or administrators may request a different Hawk ID for purposes of consolidation of services under another existing ID.
2. User and/or administrators may request a different Hawk ID in the event of a name change or if the auto-generated Hawk ID is inappropriate in some way.
3. Users and/or administrators may request a longer than 8 character Hawk ID so long as the current Hawk ID is not in use in a service and the requested Hawk ID is unique.
4. An end-user may request that his longer Hawk ID (greater than 8 characters) be changed or renamed to match his login ID on a system that limits login IDs to a maximum 8-characters.

Campus service providers who adopt the Hawk ID standard may subscribe to the Enterprise Directory Change Log notification process.