On Sunday, November 1, we planned changes related to identity and access management. We are leaving the current complex and technically obsolete solution and replacing it with the Perun system. We also introduce a new IT service explicitly designed to manage groups and accesses in connection with it.
The current Guest Manager (guest.ucn.muni.cz), which we had been using at Masaryk University together with the Account Manager, is canceled and shut down due to its complex administration, limited development, and technically outdated solution. The associated change is also the transition of the original guest accounts to the so-called sponsored accounts that can be created by any active MUNI employee and that offer a wide range of uses.
This is possible thanks to the new Perun system's deployment, which is designed for comprehensive identity and access management and has a user-friendly GUI (graphical user interface) for more comfortable work. Unlike the old solution, Perun also allows you to delegate access management to the responsible person. It provides him with greater independence in managing his users without contacting the system administrator for every change.
Developed by a team of experts from the Institute of Computer Science and the CESNET association, Perun, is a system for managing identities and user and group access to various services.
Its main advantage is providing uniform access to services with one user account (so you do not have to log in to each service separately). In the system, it is also possible to delegate the management of these accesses to other people, which means that you do not have to ask the system administrator about every little thing.
Hand in hand with these changes goes the preparation of a group and access management service, which is based on the Perun system. It offers MUNI employees the ability to independently and effectively manage access for their team or workplace to the necessary services and other IT resources, such as setting up room entrances, connecting to Wi-Fi, accessing the database and administrator roles in specific applications, and more.
Service access management is implemented using groups, whose members can be managed manually or automatically according to set rules. It is possible for external collaborators to establish a so-called sponsored account that offers access to MUNI's IT resources as if they were a university employee or student. The account must only be "covered" by an active MUNI employee, the so-called sponsor. These sponsored accounts are useful, for example, when holding conferences or collaborating with colleagues outside the university.
In the system, users see only those groups and resources they have rights to view or edit. This is in MUNI's basic settings creating sponsored accounts and groups (screen 1 - basic approach). Additional rights to IT resources and groups can user obtain upon his request and approval (screen 2 - example of extended rights).
There are hundreds of (not only IT) services and thousands of different resources at Masaryk University. Currently, the group and access management solution is deployed in a pilot operation, in which we have selected the services and resources that we know are most often used. Of course, we have not forgotten the remaining ones, and we are continually adding more to the system. We also continuously improve the solution for group and access management, both in terms of available functionality and user interface. All this is based on the requirements of administrators and suggestions from regular users.
In case of any questions, please contact us at it@muni.cz. At the same time, we welcome any feedback to improve our unified group and access management solution.
If you would like to learn more, take a look directly at the service page, where you will also find detailed information on the identity and access management at MUNI.
* The image of the Slavic god Perun used on the IT MUNI homepage is the work of Russian artist Igor Ozhiganov.
As of 1 August 2024, the ESRI ArcGIS Desktop licence, which was previously available to all MU employees and students, will no longer be available at Masaryk University. As an alternative, we recommend switching to the more modern ArcGIS Pro, which offers a modern user interface, greater stability, more advanced features and better user support.
Do you want to know the news about Microsoft 365 tools used at the university? What changes and improvements await us in 2024? We have prepared a webinar for you, where we will not only summarize all the current information, but also look at tips on how to work (together) more securely and efficiently in Microsoft 365.
