Types of Accounts and there Uses
Person Accounts
Personal and non-personal user All accounts in Active Directory and 389 can only be created by ITS automatic provisioning infrastructure or by the Identity and Access Management Group.
...
Person Accounts
NetID Account
Personal NetID accounts (accounts assigned to individuals who qualify for one of the roles defined by the University) are systematically created by ITS and stored in the Organizational Unit (OU) called People in both Active Directory and 389. These accounts are not allowed to be moved out of their assigned OU by any person or service other than ITS' Identity and Access Management System. Nor does ITS allow departments to apply policies to these objects.
...
The password for this account must follow the Network Password Requirements and cannot be the same as your personal account. If available, the account and password must may be stored in the University Controlled Password Manager.
...
A vendor account can be requested for a vendor only after a contract is in place. The account will follow the naming convention as established in the Privileged Access Standard and is limited to non-privileged user activities such as using the University VPN. These accounts will be created and maintained in the OU Generic in Active Directory, and in People for 389.
If the vendor will be doing work that requires privileged access, they will be required to use a vendor administrative account using the established Privileged Access Standard. The account may only be used for the purpose it was created for and will be stored in the OU Admin and can only be acted on by Domain Admins.
Vendor Privileged Account
A vendor account can be requested for a vendor only after a contract is in place. The account will follow the naming convention as established in the Privileged Access Standard and is limited to non-privileged user activities such as using the University VPN. These accounts will be created and maintained in the OU Generic in Active Directory, and in People for 389.
If the vendor will be doing work that requires privileged access, they will be required to use a vendor administrative account using the established Privileged Access Standard. The account may only be used for the purpose it was created for and will be stored in the OU Admin and can only be acted on by Domain Admins.
Non-personal Accounts
A non-personal account is created for a service, application or a group to gain access to a resource. The manager and or owner of the account is responsible for the use of the account and administrative responsibilities such as responding to renewals when necessary.
...
Service accounts will be created and follow the naming conventions as established in the Privileged Access Standard.
Password When possible, password must be unique with a minimum length must be 20 characters.
...
| Type of Account | Used to gain Privileged Access | Password Storage | Password | Used to authenticate a service or application for Directory Services |
|---|---|---|---|---|
| Netid Account | No | User's discretion to keep the password private and secure | Personal | No |
| Administrative Account | Yes | Enterprise Password Management solution | Personal | No |
| Vendor Account | No | User's discretion to keep the password private and secure | Personal | No |
| Privileged Vendor Account | Yes | Enterprise Password Management solution | Personal | No |
| Service Account | Yes | Enterprise Password Management solution | non-Personal | Yes |
| Departmental Account | No | User's discretion to keep the password private and secure | non-Personal | No |
| Generic Account | No | User's discretion to keep the password private and secure | Personal | No |
| Event Access Account | No | User's discretion to keep the password private and secure | non-Personal | No |
...