What is an identity?
An identity represents a person. There are many types of identities but to illustrate their purpose the following describes a “Staff” identity. Staff identities start from an employee Alesco record. This is the first and last record of an employee at CDU so is ideal for this purpose.
An identity is important because it identifies a person and their rights. For example, a combination of a person's job status, the position they hold and the business unit they work for all combine to define the rights and responsibilities of the person. If automated systems are built to read and act on this information, then it is possible to automate provisioning and removing of just about anything, including:
- computer and email accounts
- systems access
- security door access
- library borrowing access
- after hours air conditioning access
- a phone
- a mobile phone
- access to job specific resources.
Because this is automated, when someone leaves CDU all this information can be automatically removed. If a person changes role within the university all this information will automatically change too.
Once identities are managed correctly, it is also possible to build other information systems that have a knowledge of who works at CDU and what they are entitled to see and do.
Comprehensive and automatic mailing groups can be built allowing better information distribution.
All of this combines to provide:
- better productivity
- better security
- simpler employee management
- better reporting
An identity defines what a person can have. If the identity satisfies the rules then a computer account is automatically provided for the owner of that identity.
In short, an identity MUST exist for a computer account to exist.
Sometimes staff start working at CDU BEFORE they exist in the Alesco Human Resource Information System.
Because they have no “identity”, they cannot have a computer account and are non-productive.
A temporary identity is a strictly short term identity created as an interim measure to provide these people a computer account.
The computer account can then be re-linked to the actual Alesco identity when it is ready to minimise inconvenience for the account user.
CDU manages the following types of identities:
- Employee - based on Alesco Human Resource Information System records
- Student - based on the Callista Student Information System records
- External - based on manually created records, these are for visitors, consultants and the like.
- Temporary - provides a very short term place holder so that a computer account can be provided to someone waiting for their "proper" identity to be created..
Sometimes staff start working at CDU who have worked here before, but their new job has not yet been entered into Alesco yet. Because they have worked here before, an inactive identity exists for them.
Since they identity is inactive, they are not provided a computer account.
An override allows a short period of exemption from the rules, effectively causing the Identity Management System to provide a computer account to this identity until Alesco can be brought up to date.
This is a process that needs to be completed by all new staff at CDU. It involves:proving your identity
- answering Security Questions
- selecting a password
- accepting the CDU IT usage policy
Once you have activated, the IDM will create and control your computer accounts.
If you are a new staff member since 2011 then yes you do.
If you are a continuing staff member and you already have an account then you do not have to activate.
When the IDM determines you are no longer current the following will happen:
You will receive an email advising you that in two weeks your account will be suspended.
This allows you two weeks to;
- retrieve any personal files or emails you have stored
- resolve any issues that may be causing your account to be incorrectly suspended
- two weeks later you account will be suspended and you will not be able to log in to CDU computers
- six months later your account will be deleted.
If you return at any time before your account is deleted, it will be enabled and you will be able to continue with the same log in details and email address.
Refer the question above about what happens when you leave. In short, if you return within 6 months, your computer account will be re-activated automatically for you.
The IDM will email you in various circumstances.
These emails are real and provide warnings or advise on occurrences within IDM.
There are plans to integrate a number of extra functions and tools in the IDM applications for you to use.
You will be notified as extra tools become available.