Frequently Asked Questions (FAQs)
What is Identity and Access Management?
Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.
Systems used for IAM include Single-Sign-On (SSO) systems, Multi Factor Authentication (MFA) and privileged access management. Access Management is the enterprise practice of limiting known identities in what they are permitted to access.
Access Management includes access control and authorization as related concepts. A fundamental goal of the IAM program will be the deployment of centralized access management to provide the broadest support for applications and services.
These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared.
What is “Cardinal Key” and will it be available to use at SLAC?
Cardinal Key is Stanford University’s passwordless single-sign-on service which uses digital client certificates in place of SUNetID and password to authenticate to most Stanford applications. While currently it is only available on Stanford managed computers to get to Stanford applications, there is an active project to allow SLAC managed devices (i.e. MS Windows, MacOS, and Apple iOS) held by SLAC staff to participate as well. General availability for SLAC staff should happen by mid-2022 for SLAC staff to use Cardinal Key for access to Stanford applications as well. Over time, more and more SLAC applications will also make use of Cardinal Key as they start using Stanford University Single-Sign-On authentication as well.
Will SLAC email accounts continue to work?
Yes. The “@slac.stanford.edu” email subdomain will continue to be used so if you are a SLAC employee, you will continue to use your current email address. There is currently no plan to discontinue the use of SLAC branded email addresses for SLAC staff.
Is SLAC transitioning away from the use of SLAC ID to SUNetID? If so, when will this happen?
Yes, over 2022 a few SLAC applications will begin to shift from the use of SLAC ID to SUNetID for user authentication. However, SLAC ID’s as a username will not suddenly go away. Over the next few years, SLAC IT will work with application and service owners to coordinate and communicate these changes.