Identity and Access Management

Integration Roles

Similar to affiliations, integration roles are assigned to digital identities and often used to drive access to services.

What is an integration role?

A integration role is similar to any of the more formal Affiliations in that it specifies the relationship an individual person has with the university. However, while the affiliations are more rigidly defined and overarching for general use, an integration role can be configured for a very specific purpose in a single application.

Can a person have multiple integration roles?

Yes, it is very likely that an individual has numerous integration roles at one time.

How are integration roles used?

The primary use of an integration role is to automate access to technology resources. They are also used to customize user experience by prioritizing content based on an individual's primary affiliation.

What integration roles exist?

  • INT_LDAP_IMAGENOW_ADVISOR

Role Name: INT_LDAP_IMAGENOW_ADVISOR

Friendly Name: ImageNow Advior

Definition: Populates the AD group that grants ImageNow advisor access

Owner: EMAS

LDAP Group(s): n/a

AD Group(s): ATapp_ImageNow_Advisors

  • INT_LDAP_IMAGENOW_DEPTREVIEWER

Role Name: INT_LDAP_IMAGENOW_DEPTREVIEWER

Friendly Name: ImageNow Department Reviewer

Definition: Populates the AD group that grants ImageNow department reviewer access

Owner: EMAS

LDAP Group(s): n/a

AD Group(s): ATapp_ImageNow_Dept_Approvers

  • INT_M365_EQU

Role Name: INT_M365_EQU

Friendly Name: M365 Education Qualified Users

Definition: All employees at ISU with a current HR status of ‘Active’ - which is inclusive of those on leaves/sabbaticals and layoffs, but not those who have terminated or left the university – who have a position with one of the following EEO descriptors:

  1. Administrative Support Workers
  2. Executive/Sr Level Officials
  3. First/Mid Level Officials
  4. No EEO-1 Reporting
  5. Professionals
  6. Technicians

Owner: Human Resources

LDAP Group(s): n/a

AD Group(s): int_m365_equ

  • INT_M365_LIGHT

Role Name: INT_M365_LIGHT

Friendly Name: M365 Light

Definition: All employees at ISU with a current HR status of ‘Active’ - which is inclusive of those on leaves/sabbaticals and layoffs, but not those who have terminated or left the university – who have a position with one of the following EEO descriptors:

  1. Craft Workers
  2. Laborers and Helpers
  3. Operatives
  4. Service Workers

Owner: Human Resources

LDAP Group(s): n/a

AD Group(s): int_m365_light

  • INT_MFA_STATUS

Role Name: INT_MFA_STATUS

Friendly Name: MFA Status

Definition: Users who have enabled MFA through account self service are placed in this role

Owner: OIAM

LDAP Group(s): n/a

AD Group(s): AT_O365MFAEnforced

  • INT_MY_ADMIT_PROSPECT_TRNS

Role Name: INT_MY_ADMIT_PROSPECT_TRNS

Friendly Name: My Admit Prospect Transfer

Definition: Anyone who is in either the 'Admit' or 'Matriculation' Program Action and has the admit type of transfer in Campus Solutions in a current or future Term. Provides access to modules within MY tailored to Transfer Students.

Owner: Office of Admissions

LDAP Group(s): int_my_admit_prospect_trns

AD Group(s): n/a