ITS Binghamton University Account Policy
I. Purpose
To establish the requirements and expectations for provisioning and de-provisioning
Information Technology accounts for access to Binghamton University information technology
resources.
II. Scope
This policy applies to all members of the Binghamton University community and their
access to University information technology resources.
III. Policy Statements
3.1 Identity and Access Management
3.1.1 Establish an accounts management system using the primary Information Technology Services (ITS) identity and access management (IAM) tool.
3.1.2 The IAM system will be the authoritative repository for University account identities and corresponding service entitlements.
3.1.3 Create a digital IAM identity associated with a person and maintain service entitlements determined by their University affiliation.
3.2 Group Affiliations
3.2.1 Persons who are currently affiliated with Binghamton University are eligible for entitlements / accounts which are relevant to that particular group affiliation
3.2.2 Persons may have multiple group affiliations
3.2.3 Group affiliations with Binghamton University are verified against University records.
3.2.4 Group affiliations determine access to information technology resources
3.2.5 Group affiliations eligible for storage services, (including but not limited to file storage, email, etc) will be allocated a default storage quota, per service, for each account in those groups. For more details about common service access and quotas, please see this informational page.
3.2.6 Group affiliation types:
Applicants
Applicants are defined as anyone who has applied to become a Binghamton University
student.
-
- Start: When the Application is submitted.
- End: At the end of the term in which they applied.
Applicant accounts have limited access to specific systems for processing of application.
Students
Students are defined as anyone who has been admitted to Binghamton University as a
student and has paid their deposit within the Student Information System.
-
- Start: When the Applicant pays their deposit.
- End: When the student graduates, or after 3 major semesters of inactivity.
Student accounts have full access to student resources including email, file storage, VPN, VDI, wireless eduroam, and domain account.
Students on leave (medical, military, or otherwise) are subject to the same end dates as specified above (3 major semesters of inactivity), and will lose accounts / entitlements in accordance with that timeline, regardless of their leave arrangement or status.
If an individual loses their ITS "student" status (and any affiliated accounts) due to 3 major semesters of inactivity, they will need to contact Graduate / Undergraduate Admissions in order to re-apply / re-enroll:
- Undergraduate Students: Information for Returning Students
- Graduate Students: Contact Graduate Admissions
Individuals who have lost their ITS "student" status and wish to apply for a degree (but do not wish to re-apply / re-enroll as a student) should contact degree@binghamton.edu.
Recently Graduated Students
Recently Graduated Students are defined as students who were awarded a degree from
Binghamton University some time in the last 6 months.
-
- Start: When the student's degree is conferred.
- End: 6 months after a student's degree is conferred.
Recently Graduated Student accounts have access to student resources including email, file storage, VPN, VDI, wireless eduroam, and domain account.
Recently Graduated Students may request to retain their email account as an alumni.
Alumni
Alumni are defined as former students who were awarded a degree from Binghamton University
-
- Start: When the student's degree is conferred.
- End: As long as you maintain your status as a Binghamton University Alumni.
Alumni may request an alumni email account.
Faculty
Faculty are defined as anyone who has been hired by Binghamton University as a faculty
member, and for whom all of the HR paperwork has been completed and finalized within
the SUNY HR system.
-
- Start: 90 Days Before HR Start Date
- End: 90 Days After HR End Date
- Limited Access End: 365 Days After HR End Date
Faculty with “full access” are able to access faculty resources including email, file storage, VPN, VDI, wireless eduroam, and domain account.
Faculty with “limited access” are able to access a subset of faculty resources including email, file storage, wireless eduroam, and domain account.
Visiting Scholars are defined as anyone who has been hired by Binghamton University with the volunteer type of "Visiting Scholar", and for whom all of the HR paperwork has been completed and finalized within the SUNY HR system.
-
- Start: 14 Days Before HR Start Date
- End: 45 Days After HR End Date
Visiting Scholar accounts have full access to Visiting Scholar resources including email, file storage, VPN, VDI, wireless eduroam, and domain account.
Staff
Staff are defined as anyone who has been hired by Binghamton University as a staff
member, and for whom all of the HR paperwork has been completed and finalized within
the SUNY HR system.
- Start: 14 days before HR start date
- End: 45 days after HR end date
Staff accounts have full access to staff resources including email, file storage, VPN, VDI, wireless eduroam, and domain account.
RF Staff
RF Staff are defined as anyone who has been hired by the Binghamton University Research
Foundation, AND who have been correctly indicated as RF Staff within the SUNY HR system.
- Start: 14 days before specified HR start date
- End: 45 days after specified HR end date
RF Staff accounts have access to staff resources including email, file storage, VPN, VDI, wireless eduroam, and domain account.
Retirees
Retirees are defined as former faculty/staff who are indicated as having retired from
Binghamton University as per the official HR defined retirement rules within the Binghamton
University HR system.
-
- Start: HR system indicates that a person is a retiree
- End: As long as you maintain your status as a Binghamton University Retiree.
Retiree accounts have access to retiree resources including email, file storage, and domain account.
Emeritus Faculty
Emeritus Faculty are defined as former faculty who are indicated as having retired
from Binghamton University with Emeritus status, as per the official HR defined retirement
rules within the Binghamton University HR system.
-
- Start: HR system indicates that a person is a retiree with Emeritus status
- End: As long as you maintain your status as a Binghamton University Faculty Emeritus
Emeritus Faculty are able to access faculty resources including email, file storage, VPN, VDI, wireless eduroam, and domain account.
Basic Volunteers
Basic Volunteers are defined as anyone who Binghamton University designates as a basic
volunteer for whom all of the HR paperwork has been completed and finalized within
the SUNY HR system by campus Human Resources.
-
- Start: 14 days before HR start date.
- End: 45 days after HR end date.
Volunteer accounts have access to volunteer resources including email, wireless eduroam, and domain account.
Sponsored
Sponsored affiliations are defined as those where an individual, group, or device
has no existing, or otherwise appropriate affiliation as listed above, with Binghamton
University, but still needs a level of access to systems or services that fulfills
a valid Binghamton University business need. Sponsored affiliation requests must adhere
to all of the same requirements listed in section 3.3, Sponsored Entitlements, of
this policy document.
- Start: Within three business days from ITS’ approval of a sponsored affiliation request
- End: The sponsored end date as directed by the requirements of section 3.3.5 of this policy document
Sponsored affiliations are eligible only for the access(es) the sponsor requests, and are only provided with access(es) that ITS approves per request.
3.3 Sponsored Entitlements
3.3.1 In situations where an individual requires accounts or entitlements which exceed those granted to them via their Group Affiliations, sponsored entitlements may be provisioned.
3.3.2 Sponsored entitlement requests require approval by Information Security.
3.3.3 Sponsored entitlements must meet an approved university business need.
3.3.4 Sponsored entitlements must be "sponsored" by an active member of Binghamton University's faculty / staff.
3.3.5 Sponsored entitlements must not exceed 1-year, after which they need to be reviewed and renewed.
3.3.6 Sponsored entitlements may be terminated at any time at the discretion of Information Security.
3.4 Provisioning /deprovisioning
3.4.1 Automated Provisioning
3.4.1.1 The IAM tool shall automatically provision an account with the entitlements associated with each affiliation.
3.4.2 Exception Provisioning
3.4.2.1 Exception entitlements may be added by request of an individual or sponsor and require the approval of the Information Security Office.
3.4.3 Deprovisioning
3.4.3.1 The ITS IAM tool shall automatically de-provision entitlements as affiliation changes.
3.4.3.2 Account entitlements may be de-provisioned if an account is determined inactive.
3.4.3.3 Accounts may be deactivated and may be subsequently de-provisioned for violations
of Binghamton University Computer and Network Policy (Acceptable Use).
3.4.3.4 Binghamton University reserves the right to modify accounts to meet university needs.
3.4.3.5 Files and data associated with the de-provisioned account entitlement will be deleted.
IV. Definitions
- Identity and Access Management (IAM) Tool
- IAM refers to technologies and practices that determine a digital identity’s, account’s, and/or individual’s access to technological resources within an organization or network.
- IAM is also referred to as identity management (IDM) or identity governance and administration (IGA) along with various other alternatives.
- An IAM tool is the software application or platform that an organization utilizes to manage IAM.
- Binghamton University currently uses the “IAMBing” IAM tool.
- IAM Identity
- The digital entity within the current Binghamton University IAM tool – IAMBing – on which entitlements are provisioned and deprovisioned.
- The IAM identity is not an “account” that an end user can access, though one of several end user accounts may be generated based on various entitlements provisioned on the IAM identity.
- Essentially, an IAM identity is an empty bucket in IAMBing that can hold entitlements based on the IAM group(s) the IAM identity is part of.
- Entitlements
- Information technology resources that ITS provides to the campus community.
- Service entitlements are based on campus affiliation.
- Sponsor
- A Binghamton University employee.
- A sponsor is responsible for any actions a sponsored individual takes using any account or entitlement provisioned as a result of the associated Exception Request.
- Sponsored Entitlement
- A manually-provisioned entitlement applied to an IAM identity that grants an individual with access to a service or technology that isn’t already accessible based on that person’s status with Binghamton University.
- Inactive
- An account or entitlement that is not utilized for a period of 6 months.
IV. Contact Information
For assistance: ITS Help Desk
Policy questions: Information Security security@binghamton.edu
Policy Title | ITS University Account Policy |
Responsible Office | ITS Information Security |
Policy Type | Identity and Access Management (IAM) |
Policy Number | ITS - 304 - Public |
Last Revision Date | 05/14/2024 |