Identity management

Identity management is the targeted, secure management and maintenance of digital identities with their attributes within an organisation. Under digital identity, we mean the collection of personal attributes that uniquely identify a person in the environment of IT services. Identity management also includes a central service for the mostly automatic provision of access to protected IT services.

Where do the data in the identity management system come from?

The data required for the description of digital identities in the university's Identity Management system (IdM) are continuously collected from the various source systems in the University Administration Division by automated processes, processed and merged in the central meta-directory. The data are recorded in the systems of the Human Resources Division and the Buildings and Estates Division as well as in the student system and then merged in the IdM. The IdM comprises ca. 10.000 managed identities from all employees, student and registered guests of the university in the ZIM.

What do we need an IdM for?

Identity management is needed, above all, to be able to make personal data consistently reliably and continually available and up-to-date for different target systems and their users. Without these data, the automated management of users, IDs and user-related authorisations in the sense of an individualised and secure operation of IT services would not be possible. Identity management also has the following tasks:

The setting up of personally assigned ID s as well as the determination and allocation of the relevant authorisations using personal attributes (function performed by the person and membership of organisational units)
The safe provision of other IT systems and directories with reliable and current data about members and guests of the university

The advantage of the validity and unity of all shared personal data should be particularly emphasised. The IdM system does not make any data publicly available itself. Target systems also do not have any possibility of access to the central meta directory of the identities. In particular, it is not anticipated at the moment, that target systems will be able to make changes to data in the IdM system.

Service agreement for the processing of personal data

The service agreement for the introduction and application of identity management agreed with the Staff Council and valid for employees, is designed to make the processing of personal data transparent. Additional information on the IdM system, data fields and target systems are enclosed as an appendix (from page 6). The service agreement and also the data protection release of the IdM according to the Bavarian data protection regulations ensure the protection of the personality rights of employees and students.

Data sources and responsibilities

IdM.


Personal attribute	For employees	For students
Name	Human Resources Division	Student Registration Office
Title, additions, gender	Human Resources Division	Student Registration Office
Date of birth, place of birth	Human Resources Division	Student Registration Office
Email address	Human Resources Division/ZIM	ZIM
Post address	Human Resources Division	Student Registration Office
Organisational affiliation	Human Resources Division
Function(s) of the person	Section Buildings and Estates
Work telephone number	Section Buildings and Estates
Building/room	Section Buildings and Estates
Matriculation number		Student Registration Office
Degree programme, subject semester, qualification sought		Student Registration Office

Do you have any questions or are your data incorrect?

If you notice that personal attributes named in the table in the Stud.IP or other systems maintained by the IdM system, are incorrect or out-of-date, please get in touch with the relevant administration division or the Support Team of the ZIM.

You can apply informally for the data protection self-disclosure (according to § 19 BDSG) of the personal data about you saved in the IdM.