Identity and Access Management | Office of Information Technology

Identity and Access Management

Last Updated: 10/14/2015


Identity and Access Management (IAM) is about linking persons and systems to campus services and data resources. IAM Services are about identifying persons, their relationship(s) to the university and campus, and facilitating their access to those resources their roles and relationships require. The key components in these services are authoritative person data, user (account) services that connect people to applications and resources, authentication (you are who you say you are) and authorization (you are permitted or entitled to do these things.)

IAM services rely on trustworthy university data (Campus Solutions and HRMS records) to identify faculty, staff, students, and other campus community members and to provide information and some level of assurance that these persons are who they say they are. IAM services are influenced heavily by the content of this university “source” data and are subject to data appropriate use and security policies and procedures.

Service Who May Get It Features


(Authentication Services)

Students, faculty, staff, graduates, retirees and POIs.

Other customers including sponsored affiliates and campus participants from groups and organizations doing work with or on behalf of CU-Boulder

  • Your key to online campus resources like Portal systems, email services, UCB Wireless, and CU-Boulder's learning management systems.
  • An IdentiKey represents a personally identified account.  It authenticates you, granting access to University of Colorado and University of Colorado Boulder computing resources according to your relationships with the university.
Identity Manager All University of Colorado Boulder community members  and affiliates with a CU-Boulder IdentiKey
  • Activate your IdentiKey accounts
  • Change your password and security questions
  • Choose your display name
  • Manage your email addresses 
  • Activate non-primary accounts
CUAccess New sites are no longer accepted for this service
  • Provides authentication and authorization support for web sites and web applications.
One-Time Password Authentication Research staff and faculty with permission to access the CU Research Computing resources.
  • Authenticator displaying a new password every 30 seconds and a Web-interface for login using user name, PIN and one-time password.
Federated Identity Service Access to federated sites is defined by the service providers.
  • Provides a single sign-on session for all services that are using Federated Identity Service.
Conference Access & Services CU-Boulder faculty and staff can request additional access beyond UCB Guest Wireless for conference attendees.
  • Access to additional services (such as lab use, printing services, etc.) are available upon request.