Identity and access management, including accounts, authentication, access, and role-based provisioning at the enterprise level.
Azure AD Management Services
- Maintain Active Directory Group Membership
- Register and Manage AD Resource Groups
- Manage Permissions on App Registration
An Active Directory Organizational Unit (OU) allows you to manage security groups for access to resources, organize workstations, and apply group policies to workstations and other devices.
Request to create a departmental OU
IT Services will contact you for the necessary information to complete your request. If your department has an OU, the existing OU admin can create a new OU within the departmental OU and grant access to it.
Once your OU is created, install the Remote Server Administration Tools (RSAT) for Windows.
Activate RSAT
To create and manage security groups, ensure you are logged into a computer that is joined to the uark.edu domain and that you have permissions to create groups. Please see your OU administrator for details
Secondary/non-primary UARK accounts are created by request and assigned to a primary owner to provide alternative access to university resources.
See instructions for setting up a secondary UARK account.
Request
Faculty and staff can request non-primary UARK accounts and shared email mailboxes as additional accounts for departments, testing, vendors, guests, automated services, and system admins. Secondary accounts can be requested by clicking the Request Secondary Account button on the right. Email may be requested on the request form for some secondary accounts.
Available secondary account requests:
- New Secondary Account
Types of new accounts
- Expire a Secondary Account
- Transfer a Secondary Account
To provide uninterrupted functionality, all secondary accounts should be transferred before the primary account expires when the primary account owner leaves the university. The account can be transferred to the appropriate university employee by clicking the "Request Secondary Account" button on the right and selecting "Transfer Secondary Account" as the Type of Secondary Account Service.
- Multiple Secondary Account Requests
The request form has a spreadsheet to accommodate multiple secondary account requests. Follow the instructions on the form for this type of request.
Types of Secondary/Non-Primary UARK Accounts
A shared mailbox account allows your office, team, or group to send and receive email and share a calendar. Shared mailbox accounts are used when access to a group email and calendar may need to be shared among multiple people to maintain a group presence. University departments can request a shared mailbox UARK account to provide a point of contact with an email inbox that can be accessed by multiple account holders to send and receive email, for example, admissions@uark.edu or help@uark.edu.
A request for a shared mailbox should include the list of email addresses which should have read and/or send access to the shared mailbox.
See Microsoft's How to Use a Shared Mailbox and Calendar article for more information.
Guest accounts are assigned to university personnel to be used by someone other than the account owner who is not employed by the university or enrolled as a students, but has a legitimate need for short term access to university resources. The owner will share the password with the non-owner, but the owner is responsible for maintaining the password and is responsible for the use of the account.
Administrative accounts have elevated, administrative privileges to manage or configure systems or software.
Test accounts are used for software or systems testing. For example, a test account may be given higher (or lower) temporary access to evaluate a process or security account. We recommend the username be the four character department code of the requester with the three characters of their initials, for example: uitsabc.
Third party accounts are assigned to vendors or other third party entities who manage or require access to university systems for projects or contractual agreements.
An alternative option to a third-party account for vendors is to define the vendor as an affiliate. Find more information on vendors as affiliates in our Affiliate UARK Accounts for Non-Employees article.
The owner will share the password of a third-party account with the non-owner, but the owner is responsible for maintaining the password and is responsible for the use of the account.
Service accounts are for servers and workstations and used to provide automated, unattended service between platforms or automated processes. Service accounts may not be used for interactive login by an individual, and interactive login is denied by policy. A service account password should not be considered permanently “non-expiring” since the password should be changed regularly.