The account claim process can vary significantly across institutions, especially in higher education, where flexibility is key. It’s crucial to select an IAM tool that fully supports your university’s specific needs without customized code or outside processes/systems.
Generally, the claim process is closely tied to HR onboarding for employees and admissions workflows for students. It is imperative that the IAM team work closely with these business units to ensure seamless handoff of these users to ensure timely access to various IT systems.
Core Steps of the Account Claim Process in Higher Education:
1. Initial Communication
Typically, a welcome email invites the new staff, student, or faculty member to claim their identity. This email may be sent by your HR or SIS system, or by the IAM tool itself. The timing of this email should align with your defined business processes, such as after an acceptance letter is sent or an employment offer is confirmed.
2. Validation Requirements
The account claim page should require users to enter specific attributes to validate their identity. Examples include a unique code in the email, legal name, and date of birth. You can also implement expiration periods for the email or validation codes to enhance security.
3. Identity Proofing Requirements
Some institutions closely follow the NIST Identity Assurance Levels (1-3) and or KYC AML compliance. Ensure your IAM vendor has integrations or methods to support these requirements.
4. User Experience
The account claim process should be wizard-based, intuitive, and adaptable to different user roles (e.g., students vs. employees). It should include:
- Robust password setup, validated against known compromised passwords (e.g., via the HaveIBeenPwned API).
- MFA device enrollment, with immediate or delayed setup options.
- Additional steps, like preferred name, pronoun selection, and attribute updates.
- A final redirection to onboarding resources, such as system access instructions and links to email or learning platforms.
5. Account Creation Timing
The creation of accounts in target systems (e.g., AD, LDAP, email, etc.) depends on institutional policies. Some may choose to pre-provision accounts immediately, while others wait until the individual completes the claim process. Flexibility in timing is crucial to meet different operational needs.
Simplified Onboarding, No Custom Code Required
The onboarding process is critical to ensuring user satisfaction and immediate access to university systems. A robust IAM solution should provide all necessary features without requiring costly customizations or external development.
Feel free to reach out if you’d like to discuss this account claim process further and learn how Fischer Identity continues to lead in this space!