Identity and Access Control

Service Owner: Andrew Johnson

NIU’s Division of Information Technology (DoIT) manages the university’s electronic identities and the related accounts, passwords, and permissions required to grant access privileges according to published policies and guidelines. DoIT ensures that all individuals and services are properly authenticated, authorized and audited.

Account Creation

  • Student Account IDs (Z-IDs) are created for every applicant and canceled if the student fails to enroll.  Student email accounts and other access are generated when a student is admitted. 
  • Employee Account IDs are created when an employee is formally hired. 
  • Sponsored Account IDs are available for NIU affiliates, vendors, and other members of NIU community who are not actively employed or enrolled. These accounts require an NIU employee sponsor and expire every year if not actively extended. Sponsors may request accounts for their sponsorees at -> Make a Request

Account Termination

  • Student Account IDs (Z-IDs) are disabled after a student separates or graduates from NIU.
    • Students have access to Office 365 for up to 400 days after graduation. It is recommended that before graduation,  all important emails and documents are saved to non-NIU resources.
    • Alumni who wish to retain a permanent NIU-branded email address may request an forwarding address by contacting the NIU Alumni Association at
  • Employee Account IDs are disabled immediately upon separation from NIU and all permissions and authorizations removed. Access to MyNIU HR Self Service System will remain for 60 days to allow a separated employee to view and download their final pay advice. After 60 days, the separated employee's O365 email account will enter Microsoft's deletion process.
    • Faculty with temporary terminations (e.g. those who return to teach on a part-time basis each year) will not be disabled as long as they are expected to return.
    • Extra Help employees who return to work after a 30-day hiatus, but before the 60-day access termination period, will have their accounts re-enabled.
    • Retirees who wish to retain a permanent NIU-branded email address may request a Retiree Account from the NIU Annuitants Association.
    • Volunteers who wish to donate their time to NIU may receive a sponsored account after completing a number of forms through NIU's Human Resource Services.


  • NIU uses LDAP authentication for most enterprise and web applications, allowing other IT units access to a shared library in order to use LDAP authentication for their own locally-developed and hosted web applications; 
  • Microsoft’s Active Directory is used to authenticate to NIU wireless as well as Windows workstations and servers; and
  • as a member of the InCommon Federation, NIU provides Shibboleth authentication to a number of research and scholarly sites.


The Division provides identity and directory services with eDirectory, a product of MicroFocus.  The Identity Vault is at the center of NIU’s identity and authentication services, taking information from authoritative sources and provisioning it to other services. is maintained by DoIT and uses the Identity Vault to present information about people and departments at NIU.

Back to top