Summary
Bethel has implemented Identity and Access Management (IAM) to manage computer resource accounts. IAM identifies members of a community and controls access to community resources.
How the Identity and Access Management System Works
Members of the Bethel Community have assigned roles through Banner, our institutional database. Many community members have multiple roles assigned, and IAM analyzes an individual's roles to allow access to resources such as email and department folders based on those roles. When someone creates an account, IAM checks their banner roles and allows access to the recourses associated with it. IAM automatically sends emails to notify community members of changes affecting computer resource access involving data storage.
IAM Email Notication Types
- Role Changes
- Alumni Account Closure
- Exceptions
Role Changes
These emails are sent when a community member's role changes. For example, when a student graduates and becomes an alumni, he or she would recieve this email. Due to the role labeling, some recipients will likely be confused. These emails will have the following subject line:
Possible lost resources listed in a role based email include the following:
- Exchange Mailbox (their Bethel email account)
- Windows Home Directory (access to their file server/home folder)
- Active Directory (everything Bethel related)
ITS Intervention Response: When working with constituents involving role based emails, ask whether or not their role changed recently (as this is the likely cause of the email). Functional offices will be listed in the email and the recipient will need to contact the appropriate office if they believe they have a need to maintain access to the listed resources. ITS can only facilitate with these emails, the functional office has to make role changes and we do not get involved aside from directing to the functional office.
Alumni can only maintain access to their email after graduation if they have the Alumni Role on their account. If they don't, they would need to contact the Office of Alumni and Parent Services. Alumni will have access to their email as long as they log into the Bethel System at least once per year. Note that opening a sync'd email account on a mobile app does not satisfy this requirement; they must actually log in to a Bethel electronic resource via a web browser.
Alumni Account Closure
These emails are sent when an alumni does not sign into his or her Bethel account for a year. The email clearly states this and will have the following subject line:
Pending lost resources listen in the email are:
Exchange Mailbox (their Bethel email account)
Active Directory (everything related to Bethel)
ITS Intervention response: We confirm email can be maintained and indicate alumni are required to log in to their Bethel account every 12 months to maintain access to the account.
Many alumni who use their Bethel email after graduating rely on forwarding or an app (e.g., iOS Mail app) to check their mail. Doing so is not enough to keep an account active - an alumnus must log into a Bethel resource (e.g., MyBethel or mail.bethel.edu) with his/her username and password at least once a year in order for our system to see his/her activity and preserve his/her account
Exceptions
Exception emails are associated with temporary access to resources such as departmental folders and calendars where an exception was made. This type of access is needed when an individual requires access to something unassociated with their role. When the access expires, the email is sent indicating access will expire in two weeks unless renewed. In the near future, these emails will include a link to a form where renewal can be requested. These emails are identified by the following subject line.
Exception emails are unique in that they will not include resources common to the other IDM emails. You will not see the following resources listed:
- Active Directory (everything related to Bethel)
- Exchange Mailbox (their Bethel email account)
- Windows Home Directory (access to their file server/home folder)
A subcategory of the exception emails will be going out as a one time event as part of a needed account house keeping. This group of 5,000 emails mainly targets alumni and others who no longer have a Bethel role associated to them, but still have resource access. Expect recipients of this email to be concerned with keeping email.
For most alumni, the email will list a pending loss of Home Folder access, but nothing else. In this case their email will be maintained; however, if Email or Active Directory are listed for loss, Parent & Alumni Services needs to be notified so they can check alumni status eligibility. Forward the alumni to the office.
Non-alumni will need to be handled by the Parent & Alumni Services to receive an Alumni Role. Once they have a role, ITS can then help them if they are having issues logging in. Student manager and full time staff can check Argos to see if an alumni already has the appropriate role(s) in Banner.