Identity & Access Management Principles
UC Santa Cruz Identity and Access Management
Strategic Business Needs and Guiding Principles
Business Need: Authentication
Description
- Provide reliable, secure, centrally managed Identity and Access Management (IAM) system(s) that confirm user identity before granting access to systems and services.
Guiding principles
- All users should have a single CruzID in IAM.
- Support solutions that reduce the number of username/password combinations.
- Support solutions that reduce risk of intrusion when an account is compromised.
- Support solutions that remove access promptly when no longer needed.
- Campus applications should use CruzID Gold for user authentication.
- Web applications (home-grown and vendor apps) should use Shibboleth (or SAML assertions) rather than directly handling passwords for user authentication.
- In all cases
- Authentication credentials must be encrypted in transit
- Applications shall never store CruzID Gold passwords.
- The Design Review Board reviews authentication service requests based on the impact or risk to the IAM system and the IAM managed passwords.
UC Santa Cruz, 1156 High Street, Santa Cruz, Ca 95064
©2024 Regents of the University of California. All Rights Reserved.