IAM Procedure #1 – ePantherID Change Requests

Objective

The objective of this procedure is to define how to request an ePantherID
change. This procedure will provide background, relate the procedure to the
UW – Milwaukee Information Security Policy, and define the framework
needed to respond to an ePantherID change request. This procedure will go into
effect after approval and remain in effect until changed or revoked.

Background

A consistent process for issuing electronic identifiers to the UW – Milwaukee
community is fundamental for the operation of a secure and efficient identity
management system. Automated processes for issuing the electronic
identifier known as the ePantherID have been implemented based on campus
processes used to enroll students and hire staff. The automated processes
utilize portions of the legal name of the individual to derive a unique identifier
of between 2 and 8 characters. Frequently, numbers are incorporated to help
provide uniqueness in cases of common names.

The ePantherID is used to provide secure and auditable access to services
utilized by the UW – Milwaukee community. The ePantherACCOUNT
Provisioning Service automates processes to enable access to services
administered by UITS as well as other services administered by the greater
UWM community. The changing of an ePantherID for an individual affects
the automated provisioning processes as well as the overall security and
auditability of access to any services utilized by the individual.

The UW – Milwaukee Information Security Policy provides for the development
of procedures to support the secure operation of IT systems. Given that
changing the ePantherID has impacts on the security and auditability of
services, the procedure to do so falls under the umbrella of the UW –
Milwaukee Information Security Policy
http://www4.uwm.edu/secu/docs/other/S_59.pdf ) and such
procedures are authorized in section III-D of the policy.

Procedure

It is recommended that an individual retain the ePantherID issued for the
duration of an individual’s interaction with the UWM community. However,
there may be instances where an individual may want to request a change.
This procedure provides a framework to request and process ePantherID
change requests and attempts to balance the desires of community members
with the security needs, audit requirements, and resources available to
manage services provided to the UW – Milwaukee community. This procedure
provides a framework to request changes to the ePantherID in four specific
situations.

The following situations will be processed upon contact with the UWM Help
Desk and entry of a change request:

  1. After a legal name change has been registered with either the
    Department of Enrollment Services in the case of students eligible to
    enroll for instruction or the Human Resources Office in the case of staff
    under a current work contract, the individual may make a request to
    change their current ePantherID. A new ePantherID will be issued
    based on the new legal name.
  2. In the event of a data entry error leading to an incorrectly represented
    legal name, after the legal name has been corrected, the individual
    may make a request to change their current ePantherID. A new
    ePantherID will be issued based on the corrected legal name.

The following situations will be processed at the discretion of the UWM
Account Administration Office after contact with the UWM Help Desk and
entry of a change request:

  1. The issued ePantherID results in a word or phrase that is generally
    accepted to be offensive or inappropriate. The current ePantherID will
    be taken out of service and a new ePantherID will be issued.
  2. The issued ePantherID results in a word, phrase or number
    combination that is considered offensive or inappropriate from the
    ethnic or cultural perspective of the ePantherID holder. The current
    ePantherID will be taken out of service and a new ePantherID will be
    issued.

It is recognized that there may be many other valid situations to request the
change of the current ePantherID. The context of these varied situations is
often required to determine the validity of the request, especially in cases
where there is a security, legal, disciplinary, or audit related component to
the request. To accommodate the variety of possible situations, all other
requests to change an issued ePantherID may be appealed to the UITS IAM
Program Sponsors using the appeal procedure in the next section. Cases
where the UWM Account Administration Office uses its discretion to decline a
request also may be appealed using the same procedure.

Appeal Procedure

Note: It may not be possible to do ePantherID changes until the mail migration from PantherLINK to Office365 is complete and procedures are developed to perform this task. Feel free to make requests through the helpdesk but please be patient.

An individual may ask to appeal a change request that is not addressed by
one of the four specific situations or in the case where the UWM Account
Administration Office has declined a change request. The following
procedure should be used to request a change by appeal from the UITS IAM
Program Sponsors.

  1. The individual prepares a written justification explaining the context of
    the change request. The justification should speak directly to why the
    currently issued ePantherID hinders the individual’s ability to complete
    academic activities or conduct university business
    effectively.
  2. The individual contacts the UWM Help Desk asking for an ePantherID
    change by appeal.
  3. The UWM Account Administration Office will contact the individual,
    review the justification for completeness and verify the individual
    understands the appeal process. If the justification is complete, the
    UWM Account Administration Office will provide information for
    submission of the justification to the IAM Program Manager.
  4. After submission of the justification, the IAM Program Manager will
    contact the individual via email to the current pantherLINK or
    alternate email account and provide initial feedback on the written
    justification before submission to the IAM Program Sponsors. Part of
    this feedback will be an initial assessment of the merit of the request
    based on past appeal history. The individual may choose to continue
    with the appeal process or withdraw the appeal based on this initial
    feedback.
  5. If the individual chooses to continue with the appeal, the IAM Program
    Manager will forward the justification to the IAM Program Sponsors for
    adjudication and be responsible for communicating the outcome to the
    individual and the UWM Account Administration Office.
  6. The outcome based on a submitted justification to the IAM Program
    Sponsors is final.

Terms and Conditions

For ePantherID Change Requests

  • The UWM Account Administration Office has 5 university business days
    to acknowledge a change request via email.
  • The UWM Account Administration Office has 10 university business
    days from the time the change request was acknowledged to complete
    approved changes unless the individual’s schedule does not permit
    completion of the request in the allotted time.
  • The UWM Account Administration Office will contact the individual to
    schedule the ePantherID change with at least 2 university business
    days of advanced notice.
  • The UWM Account Administration Office has 1 university business day
    to execute the ePantherID rename process during which time the
    individual will not have access to services accessed using the
    ePantherID.
  • The UWM Account Administration Office will facilitate the transfer of
    individual data to the new ePantherID for the following services:

    • pantherLINK
    • pantherFILE
    • PAWS
    • pantherLIST – Only lists owned by the individual
    • D2L
  • Other than the services listed above, UITS cannot guarantee the
    transfer of any other data to the new ePantherID and it will be the
    responsibility of the individual to take steps to retain any desired data
    before the change is processed.
  • Once the change is processed, the old ePantherID and any services accessible by the old ePantherID will be permanently disabled and subject to remediation during the next account deprovisioning cycle.

For ePantherID Change Appeal Requests

  • The UWM Account Administration Office has 5 university business days
    to acknowledge an appeal request via email.
  • The IAM Program Manager or a designate has 10 university business
    days from receipt of the justification from the individual to provide
    feedback to the individual via email.
  • The IAM Program Manager or a designate has 5 university business
    days from providing feedback to submit the appeal to the IAM Program
    Sponsors.
  • The IAM Program Sponsors have 10 university business days to
    adjudicate the appeal and respond to the IAM Program Manager or a
    designate from the time of submission by the IAM Program Manager or
    a designate.
  • The IAM Program Manager or a designate has 2 university business days from receipt of an outcome to communicate by email theoutcome to the individual and the UWM Account Administration Office.

Vetting and Approval

The procedure will be vetted with the following operational teams:

  • Account and Access Management Team
  • UITS Operations Team
  • IAAM Steering Committee
  • Division of Enrollment Services Leadership
  • UWM Human Resources Leadership

The Procedure will be approved by the following individuals:

  • UW – Milwaukee Information Security Officer

The Procedure will be implemented by the UWM Account Administration
Office in collaboration with the IAM Program Manager. Implementation to
include:

  • Publication of the procedure on a public web site
  • Publication of a “Just the Facts”
  • Revision of operational procedures and documentation used by UWM
    Account Administration Office
  • Development of an operational procedure that coordinates the efforts
    of service operational teams to facilitate the timely changing of
    ePantherIDs.

History

  • Draft – RANKM – 20100831
  • Edits based on feedback from MZWOO, SAB2 and BETHS – RANKM –
    20100907
  • General edits and revisions – RANKM – 20100908
  • Edits based on feedback from SAB2, DAVIDC, UITS Operations Team
    and Account and Access Management Team – RANKM – 20100924
  • Edits based on feedback from DES, HR and IAAM Steering Committee
    to clarify that all other situations, including those related to security,
    legal or audit issues should be addressed via the appeal process –
    RANKM 20101022
  • Edits for grammar and spelling – RANKM – 20101022
  • Edit to specify that the IAM program manager will provide feedback via
    email for appeal requests – RANKM – 20101022
  • Final draft approved by IAAM Steering Committee and ready for
    approval – RANKM – 20101028
  • Approved under UWM Information Security Policy as per SAB2 – RANKM
    – 20101108