IAM
Space shortcuts

Log in to ASTRA
Manage UW Groups
Manage UW NetID Resources
Manage Certificates
Register/Update Shibboleth SP

IAM in Service Catalog

Access Management
Authentication
Directory Services
UW NetID
UW Directory
Microsoft Infrastructure

Page Tree

Child pages
  • Request IRWS Access
Skip to end of metadata
Go to start of metadata

Prerequisites

Due to the sensitive nature of the information in the Identity Registry, IRWS has several layers of access control.

Before requesting access to IRWS you will need a DNS name and static IP address, and a certificate issued by the UW Services CA

DNS Name and Static IP Address

These are available from UW Network Operations by emailing help@uw.edu. See  Information on DNS Names and Information on Static IP Addresses. Generally, you can request both in the same email to Network Operations. Make sure to request that your UW NetID be associated with the DNS name so you can request certificates for it, and that the IP address reverse resolve to the DNS name. See the example request below. 

I would like to request a static IP address and associated DNS name. The current IP address of my computer is xx.xx.xx.xx. I would like the DNS name host.dept.washington.edu. Please associate my UW NetID with the DNS name so I can request certificates for it. Lastly, the IP address should reverse resolve to the DNS name.

Full name
UW NetID
Email address
Phone number

UW CA Certificate

IRWS authentication relies on mutual TLS authentication using X.509 certificates issued from the UW Services CA. At connection time, a DNS hostname query is issued for the connecting client's IP address.  Authentication will be successful only if the resolved hostname matches the subject name of the certificate or the hostname has been previously registered (see below) as an authorized host for the certificate.

IRWS Guidelines for Certificates:

  • Certificates used to access IRWS should be dedicated to that single use.
  • Do not share a single certificate across multiple applications.
  • If your application needs access to multiple Identity Registry environments, obtain a different certificate for each environment (e.g. myapp.dept.washington.edu and myapp-eval.dept.washington.edu).
  • If you are a developer and need to access IRWS from your workstation, we recommend obtaining a certificate that includes your UW NetID in the subject name (e.g. jsmith.dept.washington.edu).
  • Protect your private keys and notify us immediately if a key might have been compromised so we can revoke access.

To request a UW CA certificate, follow instructions to Obtain a UW Services CA Certificate For a UW Application.

Request Access

To request access to IRWS you must open a support request in UW Connect. Please send an email to help@uw.edu. To speed up routing, you can include "Please route to the Identity and Access Management team" in your request. Include the following information:

  • Application name
  • Certificate subject name
  • DNS names of hosts that will be using the certificate
  • Resources (see v2 and v3 API references) and actions (GET, PUT, POST, DELETE) that you are requesting
  • The Identity Registry environments you need to access

We'll follow up on the Connect request to clarify your business needs and answer any questions before we grant your access. We strive to fulfill access requests within one business day.

  • No labels

Have a question? Contact us at iam-support@uw.edu.