Identity and Access Management Standards | Productivity and Collaboration Standards
Identity and Access Management (IAM) Technology Standards
The Identity and Access Management (IAM) Technology Standards at UBC are designed to ensure secure and efficient management of user identities and access to university resources. These standards establish best practices for identity verification, user authentication, and access control, supporting our commitment to data security and regulatory conformance.
Purpose
The purpose of these IAM standards is to:
- Protect sensitive information and university assets.
- Ensure that users have appropriate access based on their roles.
- Facilitate conformance with regulatory requirements, including data protection laws.
- Enhance user experience by streamlining access processes.
User Registration Standards
An emerging standard for user registration, focusing on developing identity verification capabilities.Destiny One Emerging
The matured standard for registering applicants, providing a robust identity verification process.WorkdayMatured
| Capability | Persona | Description | Standard | Maturity Level |
|---|---|---|---|---|
| User Registration | Undergraduate Prospect | The mature standard for registering undergraduate students provides a robust identity verification process. | Uni Salesforce | Matured |
| Undergraduate Applicant | An emerging standard for user registration, focusing on developing identity verification capabilities. | PersonsHub | Emerging | |
| Undergraduate Accepted applicant | ||||
| Undergraduate Student | ||||
| Former student | ||||
| Graduate Student | ||||
| Graduate Applicant | Standards are yet to be developed. | |||
| Graduate Prospect | ||||
| Non-Credit Learner | An emerging standard focuses on user registration for Non-Credit courses. | Destiny One | Emerging | |
| Staff/Faculty - Applicant | Focuses on user registration in the job portal for new applicants aspiring for a position at UBC. | Workday | Matured | |
| Staff/Faculty Worker | An emerging standard for user registration, focusing on developing identity verification capabilities. | PersonsHub | Emerging | |
| Staff/Faculty Contingent Worker | ||||
| Pensioner | ||||
| Pension beneficiary | ||||
| Volunteer | ||||
| Guest | ||||
| Library Community users | User registration for community users who use UBC library resources and don't have pre-existing UBC login credentials, like CWL. The present standard is on the verge of deprecation. New standards to be developed in the future | Integrated Library System -- Voyager | Deprecated | |
| Customer | Standards are yet to be developed. | |||
**Personas where certain technological capabilities is not applicable have been omitted from the table.
Credential issuance Standards
| Capability | Persona | Description | Standard | Maturity Level |
|---|---|---|---|---|
| Credential Issuance | Undergraduate Student (Prospect) | The mature standard for Credential issuance for undergraduate students provides a robust identity verification process. | Uni Salesforce | Matured |
| Undergraduate Applicant | Matured standard widely used within UBC IT Applications eco-system | CWL | Matured | |
| Undergraduate Accepted applicant | ||||
| Undergraduate Student | ||||
| Former student | ||||
| Graduate Student | ||||
| Graduate Applicant | ||||
| Graduate Prospect | ||||
| Non-Credit Learner | ||||
| Staff/Faculty - Applicant | Mature standards on credentials issuance in the job portal for new applicants aspiring for a position at UBC. | Workday | Matured | |
| Staff/Faculty Worker | Matured standard widely used within the UBC IT Applications eco-system | CWL | Matured | |
| Staff/Faculty Contingent Worker | ||||
| Pensioner | ||||
| Pension beneficiary | ||||
| Volunteer | ||||
| Guest | ||||
| Library Community users | Credentials for community users who use UBC library resources and don't have pre-existing UBC login credentials, like CWL. The present standard is on the verge of deprecation. New standards to be developed in the future | Integrated Library System -- Voyager | Deprecated | |
| Customer | Standards are yet to be developed. | |||
**Personas where certain technological capabilities is not applicable have been omitted from the table.
Authentication Technology Standards
| Capability | Persona | Description | Standard | Maturity Level |
|---|---|---|---|---|
| Authentication- Authentication Client** | Undergraduate Prospect | The mature standard for registering undergraduate students provides a robust identity verification process. | Uni Salesforce | Matured |
| Undergraduate Applicant | Education Planner BC is a mature standard | EPBC | Emerging | |
| Undergraduate Accepted applicant | The Enterprise LDAP (ELDAP) service is a private LDAP containing all UBC Campus-Wide Login (CWL) accounts and access management groups. ELDAP offers authentication and access control to UBC applications and services for active users. *EAD – RedHat 389 directory server contains all historical and active user information. |
ELDAP EAD* |
Matured | |
| Undergraduate Student | ||||
| Former student | ||||
| Graduate Student | ||||
| Graduate Applicant | Standards are yet to be developed. | |||
| Graduate Prospect | ||||
| Non-Credit Learner | An emerging standard focuses on authentication for Non-Credit courses. | Destiny One | Emerging | |
| Staff/Faculty - Applicant | Matured authentication in the job portal for new applicants aspiring for a position at UBC. | Workday | Matured | |
| Staff/Faculty Worker | The Enterprise LDAP (ELDAP) service is a private LDAP containing all UBC Campus-Wide Login (CWL) accounts and access management groups. ELDAP offers authentication and access control to UBC applications and services for active users. *EAD – RedHat 389 directory server contains all historical and active user information. |
ELDAP EAD* |
Matured | |
| Staff/Faculty Contingent Worker | ||||
| Volunteer | ||||
| Guest | ||||
| Library Community users | Community users who use UBC library resources and don’t have pre-existing UBC login credentials, like CWL. The present standard is on the verge of deprecation. New standards to be developed in the future | Integrated Library System -- Voyager | Deprecated | |
| Single Sign-on | Undergraduate Student (Prospect) | Emerging standards KeyCloak | KeyCloak | Emerging |
| Undergraduate Applicant | ||||
| Graduate Applicant | ||||
| Undergraduate Student | Mature standards are Shibboleth. Azure AD is used as a secondary standard for Worker., credit students. |
Shibboleth | Matured | |
| Former student | ||||
| Graduate Student | ||||
| Graduate Prospect | ||||
| Non-Credit Learner | ||||
| Staff/Faculty - Applicant | ||||
| Staff/Faculty Worker | ||||
| Staff/Faculty Contingent Worker | ||||
| Pensioner | ||||
| Pension beneficiary | ||||
| Volunteer | ||||
| Guest | ||||
| Library Community users | ||||
Productivity & Collaboration Tools Technology Standards
The Productivity & Collaboration Tools Technology Standards at UBC are designed to guide the effective use of tools that enhance teamwork, communication, and individual productivity across the university. These standards ensure that faculty, staff, and students have access to reliable, secure, and compliant technologies that support their academic and administrative tasks.
Purpose
The purpose of these standards is to:
- Streamline collaboration among university stakeholders.
- Ensure data security and conformance with institutional policies.
- Promote the adoption of approved tools that meet the university's operational requirements.
- Enhance user experience through clear guidelines for technology use.
Standards
| Capability L1 | Capability L2 | Description | Standard | Maturity Level |
|---|---|---|---|---|
| Visual Collaboration | Core Visual Collaboration | Cloud-based platforms that enable teams to communicate and creatively collaborate during both asynchronous and real-time work activities. | Microsoft Whiteboard | Matured |
| Zoom Whiteboard | Matured | |||
| Canva | Emerging | |||
| Miro | Emerging | |||
| Note Taking | Note-taking applications allow users to: Store all notes and important information digitally, usually in a cloud-based storage system. Type, write, and draw notes on the device of choice just as one would using pen and paper. | Microsoft OneNote | Matured | |
| EverNotes | Emerging | |||
| Meeting Solutions | Event Management | Technology platforms that enable marketers to execute virtual and/or in-person events for external audiences. This does not include pure-play, single webinar or meeting solutions. Event technology platforms provide capabilities to engage and communicate with prospective attendees, registrants and sponsors, manage event logistics, deliver content and enable attendees to engage with all event participants. | Events Air | Matured |
| Fourwaves | ||||
| vFairs LLC | ||||
| Survey, Poll and Q&A | Online tools can be used to electronically collect answers or responses to questions from a target audience. They feature a variety of question types, including multiple-choice, ranking, open-ended, and many others. | Qualtrics | Matured | |
| Slido | ||||
| Remote Access | A remote access tool enables a local user to connect to and access a remote computer, server or network. It allows connectivity of two or more computers/network nodes that are on separate networks and/or in different geographical locations. Remote access tools are typically installed on local computer or can be deployed over the network/Internet on a remote access server. They work by creating a connection between a local and remote host over a network or Internet connection. | Beyond Trust | Matured | |
| Collaborative Work Management | Task Management | Task management tools support individuals and teams in planning, assigning, tracking, and completing work. They provide visibility into responsibilities, progress, and deadlines, enabling efficient collaboration and prioritization of activities. | TBD – Work In Progress | TBD – Work In Progress |
| Collaborative Content Workspaces | Collaborative Content Workspaces | Platforms that provide a shared digital environment for storing, organizing, and co-authoring documents, files, and other content. These workspaces enable real-time collaboration, version control, and secure access across teams and departments. | TBD – Work In Progress | TBD – Work In Progress |