IAM in Service Catalog
Due to the sensitive nature of the information in the Identity Registry, IRWS has several layers of access control.
Before requesting access to IRWS you will need a DNS name and static IP address, and a certificate issued by the UW Services CA
These are available from UW Network Operations by emailing email@example.com. See Information on DNS Names and Information on Static IP Addresses. Generally, you can request both in the same email to Network Operations. Make sure to request that your UW NetID be associated with the DNS name so you can request certificates for it, and that the IP address reverse resolve to the DNS name. See the example request below.
I would like to request a static IP address and associated DNS name. The current IP address of my computer is xx.xx.xx.xx. I would like the DNS name host.dept.washington.edu. Please associate my UW NetID with the DNS name so I can request certificates for it. Lastly, the IP address should reverse resolve to the DNS name.
IRWS authentication relies on mutual TLS authentication using X.509 certificates issued from the UW Services CA. At connection time, a DNS hostname query is issued for the connecting client's IP address. Authentication will be successful only if the resolved hostname matches the subject name of the certificate or the hostname has been previously registered (see below) as an authorized host for the certificate.
IRWS Guidelines for Certificates:
To request a UW CA certificate, follow instructions to Obtain a UW Services CA Certificate For a UW Application.
To request access to IRWS you must open a support request in UW Connect. Please send an email to firstname.lastname@example.org. To speed up routing, you can include "Please route to the Identity and Access Management team" in your request. Include the following information:
We'll follow up on the Connect request to clarify your business needs and answer any questions before we grant your access. We strive to fulfill access requests within one business day.