Identity Management refers to the services and processes that provide for authenitcation, authorization, and (in some cases) provisioning of computer users and groups. Identity Management is also called "account management". The College is increasingly using GT credentials to access CoC resources and is working to migrate entirely over time to centralize and simplify services. Here is the Institute's identity management policies:
The identity management systems and services at the CoC and Georgia Tech are described below.
Authentication
TSO provides identity management services for faculty, staff, graduate students, and other affiliates on an "as-needed" basis. This management manifests as a CoC account. A CoC account provides login access to many CoC systems and services.
Concurrently, OIT also provides identity management services for all GT persons in the form of a GT account, which also provides access to many systems and services. CoC is currently in the process of converting CoC authenticated systems to use GT credentials.
A general breakdown of which account provides which service is as follows:
GT Account:
- Access to CoC instructional computing resources
- Access to the CoC VPN
- Access to my.gatech.edu (Zimbra mail)
- Access to LAWN wireless networking, and many other GT online resources
CoC Account:
- Access to research computing resources
- Access to CoC home directories via smb://ccsamba.cc.gatech.edu/
- Access to Faculty/Staff Exchange e-mail
- Login access to CoC Windows and Macintosh desktops
- Access to smb://adminfs.cc.gatech.edu/
- Access to the CoC database server, ccdb.cc.gatech.edu
TSO operates a Kerberos service to provide authentication for CoC accounts. Windows, Linux, and Mac desktops located in the CoC make use of the Kerberos service to authenticate a user based on their password. At the same time, Linux systems within the CoC also provide for the use of SSH key-pair authentication. Systems which authenticate against the CoC Kerberos service must be registered with and under the purview of TSO.
OIT operates a Kerberos service and and LDAP service to provide authentication for GT accounts. CoC systems which authenticate against the GT Kerberos or LDAP service must be registered with and be under the purview of TSO.
Authorization
TSO provides an Active Directory service as well as NIS/LDAP services for authorization. In general, authorizations manifest themselves as Windows or Unix groups which are provided login access, file access, or other necessary accesses for systems and services. Memebership in these groups is handled via requests to the TSO Help Desk, who will authorize your access with the steward of the group.
Georgia Tech provides an Active Directory service as well as LDAP services for authorization. Authorizations manifest themselves as Windows or Unix groups. Membership in these groups is handled via requests to the TSO Help Desk, who will authorize your access with the steward of the groups.