General University Reference Utility
The collection and maintenance of information about the identity of persons related to the University, and the accurate and consistent electronically stored representation of that information, are critical to the functioning of the University. The purpose of this policy is to ensure accurate and consistent identity information within a centrally managed repository. Business units throughout the University shall rely upon a central person registry (CPR) as the University's sole authoritative source for identity information about persons.
This policy is effective at all University locations and applies to all units and individuals that make use of identity information in the conduct of University business..
Affiliation- the combination of one's relationship with Penn State (which may allow access to electronic services) and some form of trusted (may not be Penn State) identity. At Penn State, affiliations are not roles. One may have one or many active affiliations. For example, a person could have the affiliations of “Staff” and “Student."
Central Person Registry (CPR)- the authoritative source for the intelligent management, capture, and storage of identity information related to persons and their affiliations with Penn State. The creation of a person record in the CPR is the means by which authoritative personal identity information related to a person is established for use within Penn State information systems.
Proofing- the act of aligning a person's previously recorded data to the actual person at the time when credentials are issued. In-person proofing involves checking a photo ID, such as a driver's license, against the holder of the ID. For example: A Penn State student showing his or her driver's license or photo ID to obtain the ID+ card.
PSU Identification Number (PSU ID)- assigned to individuals and is to be used as the primary identifier in Penn State’s administrative and academic systems. The PSU ID is a nine-digit number, beginning with 9 in the following format: 9-XXXX-XXXX. The PSU ID is unique to the individual and is a lifetime assignment.
Identity Authorities (IA):
This policy establishes a central authoritative source for the creation, maintenance, and management of identity information and digital credentials at The Pennsylvania State University. All Penn State units shall use this central authoritative source for identity information and digital credentials.
Information Technology Services (ITS) Identity Services Unit
Under the authority of the Vice President for Information Technology, the ITS Identity Services Unit shall:
- Maintain the authoritative system for person identity information at Penn State, adhering to University policies, guidelines, procedures;
- Implement any standards, operational policies, processes, procedures, and agreements relating to identity and access management;
- Maintain federated identity relationships for the University;
- Implement programs for training and certification of IAs.
Vice President for Information Technology
The Vice President for Information Technology shall oversee identity and access management activities including but not limited to:
- Establishing and maintaining the authoritative system for person identity information at Penn State, adhering to university policies, guidelines, procedures;
- Establishing any standards, operational policies, processes, procedures, and agreements relating to identity and access management;
- Authorizing access and use of data within the authoritative source for person identity information;
- Managing and exercising oversight over federated identity relationships for the University;
- Authorizing and establishing all University identity federation relationships;
- Establishing the authoritative institutional provider of federated identity assertions;
- Establishing programs for training and certification of IAs.
Identity Authorities shall be responsible and accountable for:
- Creating and maintaining person information in accordance with standards set by the V.P. for Information Technology;
- Vetting, proofing, creating and maintaining person information, in accordance with standards and procedures specified in Penn State IAM operational policy and in IAM procedural documentation;
- Assigning and changing affiliations for person records.
Penn State identity and access management governance, as appointed by the VP of Information Technology, Senior Vice President for Finance & Business, and Vice President and Dean for Undergraduate Education, shall:
- Maintain a sustained awareness of requirements and challenges related to managing personal identities for the institution;
- Review and approve strategic direction for identity and access management for Penn State, in collaboration with the V.P. for Information Technology;
- Determine and grant authority required for Identity Authorities (IAs) to create modify, combine, or delete person records and/or associated affiliations;
- Resolve conflicts related to managing person identity information and digital credentials.
Violation of any portion of this Policy may result in initiation of legal action by the University and appropriate disciplinary action, which may include dismissal.
Exceptions to this policy must be approved by the Vice President for Information Technology.
For policy clarification and interpretation, contact the Office of the Vice President for Information Technology.
Other Policies should also be referenced, especially the following:
AD11 - University Policy on Confidentiality of Student Records,
AD20 - Computer and Network Security,
AD35 - University Archives and Records Management,
ADG01 - Glossary of Computer Data and System Terminology,
ADG02 - Computer Facility Security Guideline, and
HR60 - Access to Personnel Files.
Most recent changes:
Revision History (and effective dates):