Versions Compared

Old Version 25

changes.mady.by.user James Eyrich

Saved on

compared with

New Version Current

changes.mady.by.user Jacob Gallion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

Document Name: NCSA Identity & Access Management Policy
Version: 1.3
Accountable: Alex Withers
Authors: Adam Slagell, Alex Withers

Reviewed: Sept 21, 20222023 Aug 22
Approved: IIB approval pendingapproved 2024 March 7

Table of Contents
outlinetrue

...

Authentication 

Passwords

NCSA passwords are case-sensitive with the following properties for passwords between 8 and 15 charactershave a minimum length of 12 characters.

Passwords less than 16 characters in length require:

  1. contains at least one uppercase and one lowercase letter
  2. contains at least one number or special character
  3. does NOT contain 4 sequential characters of your logon ID
  4. does NOT contain dictionary words longer than 3 characters
  5. is NOT the same as the previous password

...

Excerpt

Policy for Accepting Federated IdPs

Identities from external providers may be used for access to applications with baseline authentication needs, i.e., without requirements for higher level of assurance such as multi-factor authentication or face-to-face identity vetting. Only one account per IdP can be bound to a user's NCSA identity. NCSA resources may choose from the following valid supported identity providers; the default for a resource is to only access NCSA identities and approval is needed from the CISO to allow the use of linked identities:

  • identity providers in the InCommon (incommon.org) federation, including research and education providers in the United States and international providers from eduGAIN (edugain.org) member federations.
  • open access identity providers: Google (accounts.google.com), GitHub (github.com), and ORCID (orcid.org)
  • identity providers operated by NCSA industry partners

Using a Federated IdP does not exempt a system from the NCSA MFA requirements above.

Support for higher level of assurance from external identity providers requires custom configuration. Contact help+idp@ncsa.illinois.edu for assistance with higher level of assurance use cases.  Changes in the list of acceptable federated IdPs is approved by the CISO.

...