/
Basic User Standard

Basic User Standard

Purpose 

To define the standard for user accounts at University at Albany ensuring secure, consistent, and policy-aligned access to institutional resources for eligible individuals. 

Scope 

This standard applies to all individuals who are classified as students, employees, volunteers, external researchers, or emeriti. Guest accounts are excluded. 

User Affiliation 

User accounts are provisioned based on classification: 

  • Employee (including faculty, staff, and lecturers) 

  • Applicant  

  • Student (admitted, active, and University in the High School) 

  • Volunteer 

  • External Researcher 

  • Emeriti 

  • Alumni and Former Students (limited access via LDAP-Only) 

Eligibility Criteria 

Eligibility for account creation is determined by authoritative records: 

  • Employees: Must have a current or future effective job record in the System of Record (e.g., IAS). 

  • Applicants: Applied to the University of Albany. 

  • Students: Must have a record within our Student Information System (e.g., IAS). 

  • Admitted: Must have a program action of ‘ADMT’. 

  • Active: Must have paid a deposit or registered for classes. 

  • University in the High School: Must be actively registered in a qualifying course. 

  • Volunteers & External Researchers: Must have a valid job record with a future end date. 

  • Emeriti: Must complete the annual ITS access renewal process. 

  • Alumni and Former Students: May retain LDAP-Only access for limited services such as MyUAlbany Portal. 

Provisioning Standards 

Upon eligibility confirmation, users receive access based on classification: 

Birthright Access 

  • Office 365 (Email, OneDrive, Teams, Groups) 

  • Wireless network 

  • Workstation login 

  • VPN 

  • Central Identity Provider-authenticated resources (Active Directory, Entra, LDAP) 

  • InCommon Federation member resources (subject to restrictions) 

  • MyUAlbany 

Additional Access

  • Dependent on Affiliation type, additional access may be granted. 

Account Lifecycle 

Grace Period 

All accounts receive a 30-day grace period post-expiration. Data custodians may revoke access during this time. 

Expiration 

  • Employees: Access expires when job record end date is exceeded. 

  • Lecturers (as defined by Human Resources): Access expires six months after job record end date. 

  • Students: 

  • General Studies, Graduates, PhD: One year after last course or graduation. 

  • Master’s/Certificate: One year after last course or within the Statute of Limitations (whichever is later). 

  • Volunteers: Access expires when job record end date is exceeded or missing. 

  • Emeriti: Access expires if renewal is not completed within 30 days. 

  • Alumni and Former Students: LDAP-Only access may persist for MyUAlbany access, subject to institutional policy. 

Locking 

  • Employees: Accounts lock one year after departure; reactivated accounts lock after 3 months. 

  • Students: Accounts lock three years after departure; reactivated accounts lock after 3 months. 

Deletion 

Nine months after account expiration, user accounts and associated data will be permanently deleted. While this is not an exhaustive list, the following systems and services are included in the deletion process: 

  • Active Directory and Microsoft Entra ID: 

  • User accounts will be removed from both identity platforms. 

  • Storage Services: 

  • Data stored in U-Drive and S-Drive will be deleted. 

  • Microsoft 365 Services: 

  • Email, OneDrive, and any user-generated content within Microsoft services will be permanently removed. 

Logging and Auditing 

All authentications must be logged into central logging systems. Logs must be retained in accordance with university policy and reviewed for any anomalies. 

Student Exception 

Former students may request up to two, 2-week access extensions within 9 months of account expiration.