Identity
The AlumnIQ Platform is split into two portions, each with its own approach to identity management.
The Public-facing ("public") portion contains things that the average user would interact with:
Their personal profile
The online directory
Event registration
etc
The Administrative ("admin") portion contains things that are useful to school staff and approved volunteers:
Email marketing
Event setup and customer service
Profile administration
etc
Public Identity Management
In general, the vast majority of public users will be present or future constituents of your school: alumni, students, faculty, staff, parents, friends, and community members. You already have some data for these people in your system of record (Banner, Advance, Raisers Edge, etc), and we will need to keep some of our own internal data for them as well. For that reason, we have a separate identity record, called their Profile.
In order to cleanly map each Profile to a system of record ("warehouse") entity, we dub the primary identifier in your warehouse table the Xid --short for external id-- and we store the xid value on the Profile record for any matched record.
At present there are two ways to create a profile:
Sign up for a one at
/signup
Sign in using school-provided Single Sign On ("SSO")
Matching
When signing in using SSO, we are provided with the xid of the authenticating user. If they don't already have a profile, we'll create one for them and match it to their xid. If they already have a matched profile (even if it uses a different email address), since we know that the authenticating user has the same xid as the profile, they are signed into that profile.
For most self-service signups matching must occur separately. In simple and well-defined cases we can automatically match profiles that meet certain criteria; for example, if the last name, email address, and xid value from the sign up form all match a warehouse record. These are just example criteria, the actual criteria used at your school may vary.
Anyone that fails to automatically match will require manual intervention by school staff to be matched. We provide a matching interface in admin where you can see unmatched profiles and search for an appropriate warehouse row with which to match them. Someone on your staff should be responsible for matching new profiles on an ongoing basis.
Merging
The only constraint on profile creation is that a unique email address must be provided. People tend to have several email accounts at their disposal these days, often having personal, work, and school-provided accounts; sometimes more. As long as a unique email address is provided we put up no futher roadblocks to profile creation. This can and will lead to some duplication of profiles.
Sometimes people forget which email address they signed up with previously and sign up again using a different one. Sometimes they sign in with SSO after previously creating a yet-to-be-matched profile from a personal email address. Merging, then, is necessary.
Merging is largely self-service by the constituent. All that need be done by staff is to match profile records to the appropriate xid values. The AlumnIQ software and the constituent can take it from there in most cases.
When a constituent signs in to their profile on AlumnIQ, we check to see if they have more than one matched profile record. If so, we prompt them to merge them into one. When a merge target is chosen, the other record is deactivated and hidden. From that point forward, only one matched active profile exists for the person and all is well.
Inevitably, special cases arise and may necessitate intervention by your staff or ours. We will soon be releasing more tools in admin to allow your staff to perform merges as appropriate.
Public identity as it relates to the Online Directory
A common misconception is that multiple matched profiles will result in multiple entries in the online directory. What actually happens is that we massage together the warehouse data and the profile data to identify one identity to display in the directory. Our profiles provide fine-grain support for hiding individual fields or sections of the profile, as well as total opt-out for those that don't want to be listed at all.
The list of profiles that you see in the admin profiles dashboard is not representative of what is available in the online directory. It only represents the profile data we maintain. There will almost always be far less profiles than there are warehouse identities, and this is expected and normal.
We will work with your school to define the fields visible by default for someone who has not yet created a profile, but a typical starting point is name, class year, and degree information. By creating a profile the constituent can add to and update this information with employer data, interests, location, and more. Or as previously mentioned, hide any or all of this information.
Admin Identity Management
AlumnIQ Admin supports mulitple SSO providers, and we can fall back to traditional username and password if you don't have an SSO integration available.
When using our username/password authentication, passwords expire on a regular schedule, requiring a self-service password reset before you can log in again. Additionally, accounts can be configured to become inactive after a certain period of inactivity, requiring staff intervention to re-activate.
Admin users are assigned a set of roles which determine which modules and features within those modules to which that user has access. One important role is the security
role, which allows users to view and modify user accounts and their associated roles. You'll want to designate at least one or two trusted administrators to have access to this role.
Last updated