We are Implementing Perun - Identity Management System for MUNI

On Sunday, November 1, we planned changes related to identity and access management. We are leaving the current complex and technically obsolete solution and replacing it with the Perun system. We also introduce a new IT service explicitly designed to manage groups and accesses in connection with it.

31 Oct 2020

The current Guest Manager (guest.ucn.muni.cz), which we had been using at Masaryk University together with the Account Manager, is canceled and shut down due to its complex administration, limited development, and technically outdated solution. The associated change is also the transition of the original guest accounts to the so-called sponsored accounts that can be created by any active MUNI employee and that offer a wide range of uses.

This is possible thanks to the new Perun system's deployment, which is designed for comprehensive identity and access management and has a user-friendly GUI (graphical user interface) for more comfortable work. Unlike the old solution, Perun also allows you to delegate access management to the responsible person. It provides him with greater independence in managing his users without contacting the system administrator for every change.

What is a Perun?

Developed by a team of experts from the Institute of Computer Science and the CESNET association, Perun, is a system for managing identities and user and group access to various services.

Its main advantage is providing uniform access to services with one user account (so you do not have to log in to each service separately). In the system, it is also possible to delegate the management of these accesses to other people, which means that you do not have to ask the system administrator about every little thing.

New IT Service for Group and Access Management

Hand in hand with these changes goes the preparation of a group and access management service, which is based on the Perun system. It offers MUNI employees the ability to independently and effectively manage access for their team or workplace to the necessary services and other IT resources, such as setting up room entrances, connecting to Wi-Fi, accessing the database and administrator roles in specific applications, and more.

Service access management is implemented using groups, whose members can be managed manually or automatically according to set rules. It is possible for external collaborators to establish a so-called sponsored account that offers access to MUNI's IT resources as if they were a university employee or student. The account must only be "covered" by an active MUNI employee, the so-called sponsor. These sponsored accounts are useful, for example, when holding conferences or collaborating with colleagues outside the university.

In the system, users see only those groups and resources they have rights to view or edit. This is in MUNI's basic settings creating sponsored accounts and groups (screen 1 - basic approach). Additional rights to IT resources and groups can user obtain upon his request and approval (screen 2 - example of extended rights).

IT Services and Resources at MUNI

There are hundreds of (not only IT) services and thousands of different resources at Masaryk University. Currently, the group and access management solution is deployed in a pilot operation, in which we have selected the services and resources that we know are most often used. Of course, we have not forgotten the remaining ones, and we are continually adding more to the system. We also continuously improve the solution for group and access management, both in terms of available functionality and user interface. All this is based on the requirements of administrators and suggestions from regular users.

In case of any questions, please contact us at it@muni.cz. At the same time, we welcome any feedback to improve our unified group and access management solution.

If you would like to learn more, take a look directly at the service page, where you will also find detailed information on the identity and access management at MUNI.

* The image of the Slavic god Perun used on the IT MUNI homepage is the work of Russian artist Igor Ozhiganov.

More articles

All articles