NETID Users

This document describes NETID users–their uses and the various resources for learning more about them.

Introduction

NETID users is a term which refers to the Active Directory based user accounts in the NETID domain (netid.washington.edu) at the UW. All NETID user accounts are provisioned from the UW NetID service with passwords.

Additional directory information is synchronized to NETID users on what are called NETID user managed attributes.

Not all NETID user attributes are visible to all other NETID users. With business justification, additional visibility can be granted.

IT personnel can gain the ability to view and manage Active Directory specific user attributes on specific NETID users.

Many applications integrate with UW NetIDs using LDAP authentication via NETID leveraging NETID users and groups.

There is lifecycle management separate from the UW NetID lifecycle. In brief, if a user isn’t in active use for a year, it is disabled. Users that have been disabled for a year are deleted. To find out more, read about NETID User Inactivity.

Many of the details underlying NETID users are described in the MI Architecture Guide.

Use Cases

There are many use cases for NETID users, but the most common are:

• Authentication and authorization to computers in a Delegated OU
• Authentication and authorization to computers outside NETID via a trust
• Authentication and authorization to a service based in a Windows domain that trusts NETID, e.g. the Enterprise Data Warehouse
• Applications seeking to integrate with UW NetIDs using LDAP authentication via the NETID domain
• Applications seeking to integrate with enterprise user data via NETID user attributes (because NETID users already have visibility rules applied)
• Applications seeking a low cost method to verify UW NetID existence or affiliation via affiliation group membership

Resources for Learning About NETID Users

•  NETID User Limitations
•  NETID User Workarounds
•  NETID User Support (viewing and managing attributes)
• NETID User Inactivity
• MI Policy Sections:
  • User Accounts
  • Personal Data and Visibility
  • Passwords
  • Kerberos Delegation
• Managed NETID User Attributes
• PDS to NETID User Data Mapping
• NETID User Attributes with Self Write Permission
• NETID User Attribute Visibility
• All NETID User Attributes