The Information Technology Services (ITS) Identity and Access Management (IAM) group provides many important services to the University of California, San Francisco community.
These services are designed for the average person at UCSF to use.
What is 2-factor authentication? It's a way of adding an extra layer of security. How is this done? With typical single-factor authentication methods, security is enforced by requiring you to enter information that uniquely identifies you such as a username and password. Once entered, you're allowed to access the secure resource. But what if someone else gains access to your username and password? They'd then have access to information to which only you should have access, and you may never know someone else logged in as you. That's where 2-factor authentication comes in. It adds a second factor by also requiring you to prove you have something that only you would likely have, such as your smartphone. With this second factor in place, not only do you have to know something (your username and password), you also need to have something in your possession (your smartphone). Read more about Duo MFA Multi-Factor Authentication.
MyAccess Single Sign-On (SSO) allows customers to access many different web sites and applications without having to enter a password more than once. This service provides the web login page that most people at UCSF are familiar with. Once a user logs into MyAccess SSO, he or she will not have to log into participating applications again for 8 hours.
When someone just says "MyAccess," this is usually the service they're talking about.
For detailed technical information about MyAccess SSO, please see the MyAccess Single-Sign-On (SSO) section.
The MyAccess Landing Page (https://myaccess.ucsf.edu) provides a list of many popular applications and web sites at UCSF. Users can quickly search for applications, filter them by category, and mark frequently-used applications as favorites.
If you forget your username or password, IAM provides an easy way for you to reset it. You can also change your password or the security questions we use to verify your identity, all from the convenience of your web browser.
The UCSF Directory provides an easy way to look up information about community members. Search by name and/or department to find phone numbers, email addresses, and more.
The guest account system provides a way for UCSF community members to sponsor people without a formal affiliation with UCSF to receive guest accounts in our systems.
These services are intended for technical staff to use, but provide the foundation for many other customer-facing services.
IID acts as a clearing house for identities. It matches identity information to ensure that each community member has one and only one record, keyed to a unique UCSF identity number.
For detailed technical information about the service, please see the IID section.
EDS is a Lightweight Directory Access Protocol (LDAP) accessible directory that contains authoritative information about individuals affiliated with UCSF, such as name, phone number, email address, employee ID, etc. It provides this information to many systems around UCSF.
For detailed technical information about the service, please see the EDS section.
The Campus Locator System (CLS) is used to enter and maintain directory information at UCSF. It is also used to create mailing lists, populate automated listservs and supply data to many downstream systems.
The MyAccess Web Service exposes the information in EDS through a standard SOAP web service interface.
The Mail Enable service allows technical staff to set up email accounts for new employees.
The autoAccess tool is used by Access Administrators to grant access to applications such as Online Payroll/Personnel System (OLPPS), Individual Identity System (IID), Web Merit, and WebLinks.
IAM does a variety of data processing and migration to make sure that all systems at UCSF have complete and synchronized data about people's identities.