Profile

CommunityPlatform_1350x900.jpg

Simon Lundström

Edit My Profile

My Content

1 to 10 of 10 total

RE: Non-Credit Students

Posted By Simon Lundström 03-19-2024 01:35:01 AM
Found In Egroup: Identity and Access Management \ view thread
Morning Etan, EU reporting in here so might not apply but we have quite a lot of theses students here at Stockholm University. We are setting up identities like regular students but they don't get student affiliation automatically. So a course admin creates a ticket and we pre-create the account (we ...

RE: Shibboleth Timeout Settings

Posted By Simon Lundström 10-02-2023 11:43:08 PM
Found In Egroup: Identity and Access Management \ view thread
Hey Eddie! We have set them all to PT10H which is a long work day to hinder/annoy users the least. If a service needs "presence" check there's forceAuthn an/or MFA. Also, there's SPNEGO which makes makes logging in again a non issue (or a big issue depending on what problems you see ; ) BR, - Simon ...

RE: Student versus Alumni domain

Posted By Simon Lundström 06-28-2023 03:54:01 AM
Found In Egroup: Identity and Access Management \ view thread
Hey Eddie! > Those stats are interesting. This issue has been the topic of much discussion at our institution for some time now. Last time we looked (quite a few years ago), I think our stats were roughly similar. I've been using that as an argument to say that we should no longer be providing students ...

RE: Student versus Alumni domain

Posted By Simon Lundström 06-27-2023 01:12:08 AM
Found In Egroup: Identity and Access Management \ view thread
> [Mark Jones]

RE: Student versus Alumni domain

Posted By Simon Lundström 06-26-2023 05:36:15 AM
Found In Egroup: Identity and Access Management \ view thread
Europe, Sweden reporting in. We have @student.su.se for all students and yes they keep it when they become alumni. BR, - Simon On Mon, 2023-06-26 at 11:02:25 +0200, Suzanne Elhorr via EDUCAUSE Connect wrote: > Dear Community, I have a question related to students and alumni, when the student graduates ...

RE: Reusing usernames

Posted By Simon Lundström 10-07-2022 12:18:36 AM
Found In Egroup: Identity and Access Management \ view thread
> Are things like mailboxes and services that track the user activity (Bulletin boards, purchase history, Google Docs, etc) also migrated. Or does the new account start off fresh? > Same question here. most of users requesting a name change would want to keep their "down stream" apps active with histories ...

RE: Reusing usernames

Posted By Simon Lundström 10-06-2022 12:40:36 AM
Found In Egroup: Identity and Access Management \ view thread
Hey Armando! If someone wants to change account name (gender change, stalking e.g.) we create a new account for their new name and migrate rights (entitlements etc.) to that account and terminate/disable the old account (but keep it forever since we also never re-assign usernames). So for all downstream ...

RE: What to do with Adjunct Faculty Accounts?

Posted By Simon Lundström 08-15-2022 07:01:44 AM
Found In Egroup: Identity and Access Management \ view thread
To the .edus who use Sponsored Accounts: How do you deal with the problem when the sponsor quits but the sponsored account should remain? Who gets the renewal request next year? Is there a tree of sponsors/delegates or? BR, - Simon On Mon, 2022-08-01 at 23:50:14 +0200, Thatcher Wright via EDUCAUSE ...

RE: changing email addresses to something different than username@domain.edu

Posted By Simon Lundström 06-01-2022 09:34:19 PM
Found In Egroup: Identity and Access Management \ view thread
.eu/.se checking in here. We use a combination of Postfix + our IAM system + omprem Exchange. Been working at su.se for 15 years and within that time we migrated employees from first.last@institution.domain.tld to first.last@domain.tld as the primary/official email address (mail attribute in LDAP). ...

RE: Privileged Access Management Solutions / Experience

Posted By Simon Lundström 01-12-2022 01:35:41 AM
Found In Egroup: Identity and Access Management \ view thread
We are using Vault from HashiCorp as our PAM (I did not know that it was called that tbh ; ). We use Vault both for storing machine to machine and service to service credentials (DB credentials, API keys e.g.), SSL certificates and shared passwords for different internal and external services. We access ...