Identity and Access Management
Integration Roles
Similar to affiliations, integration roles are assigned to digital identities and often used to drive access to services.
What is an integration role?
A integration role is similar to any of the more formal Affiliations in that it specifies the relationship an individual person has with the university. However, while the affiliations are more rigidly defined and overarching for general use, an integration role can be configured for a very specific purpose in a single application.
Can a person have multiple integration roles?
Yes, it is very likely that an individual has numerous integration roles at one time.
How are integration roles used?
The primary use of an integration role is to automate access to technology resources. They are also used to customize user experience by prioritizing content based on an individual's primary affiliation.
What integration roles exist?
- INT_LDAP_IMAGENOW_ADVISOR
Role Name: INT_LDAP_IMAGENOW_ADVISOR
Friendly Name: ImageNow Advior
Definition: Populates the AD group that grants ImageNow advisor access
Owner: EMAS
LDAP Group(s): n/a
AD Group(s): ATapp_ImageNow_Advisors
- INT_LDAP_IMAGENOW_DEPTREVIEWER
Role Name: INT_LDAP_IMAGENOW_DEPTREVIEWER
Friendly Name: ImageNow Department Reviewer
Definition: Populates the AD group that grants ImageNow department reviewer access
Owner: EMAS
LDAP Group(s): n/a
AD Group(s): ATapp_ImageNow_Dept_Approvers
- INT_M365_EQU
Role Name: INT_M365_EQU
Friendly Name: M365 Education Qualified Users
Definition: All employees at ISU with a current HR status of ‘Active’ - which is inclusive of those on leaves/sabbaticals and layoffs, but not those who have terminated or left the university – who have a position with one of the following EEO descriptors:
- Administrative Support Workers
- Executive/Sr Level Officials
- First/Mid Level Officials
- No EEO-1 Reporting
- Professionals
- Technicians
Owner: Human Resources
LDAP Group(s): n/a
AD Group(s): int_m365_equ
- INT_M365_LIGHT
Role Name: INT_M365_LIGHT
Friendly Name: M365 Light
Definition: All employees at ISU with a current HR status of ‘Active’ - which is inclusive of those on leaves/sabbaticals and layoffs, but not those who have terminated or left the university – who have a position with one of the following EEO descriptors:
- Craft Workers
- Laborers and Helpers
- Operatives
- Service Workers
Owner: Human Resources
LDAP Group(s): n/a
AD Group(s): int_m365_light
- INT_MFA_STATUS
Role Name: INT_MFA_STATUS
Friendly Name: MFA Status
Definition: Users who have enabled MFA through account self service are placed in this role
Owner: OIAM
LDAP Group(s): n/a
AD Group(s): AT_O365MFAEnforced
- INT_MY_ADMIT_PROSPECT_TRNS
Role Name: INT_MY_ADMIT_PROSPECT_TRNS
Friendly Name: My Admit Prospect Transfer
Definition: Anyone who is in either the 'Admit' or 'Matriculation' Program Action and has the admit type of transfer in Campus Solutions in a current or future Term. Provides access to modules within MY tailored to Transfer Students.
Owner: Office of Admissions
LDAP Group(s): int_my_admit_prospect_trns
AD Group(s): n/a