Translated with DeepL.com

  • KIT Admin Account

  • A KIT Admin account is used for unique identification of a neutral administration account in the IT environment of an organizational unit (OU).
    For this purpose, the OU administrator / ITB applies for an administration account for an employee / himself, with which the employee can then perform his administration tasks.

General

A KIT-Admin-Account (also KIT-Admin-Account) allows to perform administration tasks in an IT environment of an OU by means of an own account, i.e. independent from a user assigned personal account. An ITB (IT manager), for example, can thus perform his daily administrative activities in the network with his own special account, which can be designed with rights and group memberships completely independently of his personal account. When an employee who has an admin account leaves, this account can be deactivated at a central location, i.e. the special authorizations in the network are deactivated at a central location.
To enable this, a KIT admin account receives an entry in the central KIT directory services (KIT Active Directory and KIT LDAP) with its own user ID (unixUidNumber) and the unixGidNumber of the requesting OU. The account is created in the employee branch of the OU within KIT-AD and is thus visible to the ITB, e.g. in the group management. The ITB of the OU is responsible for the assignment of permissions, allocation in AD groups (e.g. via ITB group management tool) or anything else in connection with the admin account.

Order

Request by sending an email to the SCC service desk. ITBs can request an admin account directly via ticket form.
The following information is required: OU abbreviation, KIT login (ab1234) of the applicant and the e-mail address of the applicant.
After registration of the admin account the applicant will receive an email with the important parameters of the account and how e.g. the password can be changed. At the same time the ITB distribution list of the organizational unit receives an infomail about the creation of the account.

Cancellation

Information about the cancellation / deactivation also via ticket form to the SCC service desk, which then blocks the corresponding account.

Included services

Entry as own account in KIT-AD and KIT-LDAP with own User-ID (unixUidNumber) and the unixGidNumber of the requesting OU. The account will be added to the global AD group "Domain Users".

Services not included

No KIT.edu email address / mailbox associated with this account. No management of the account, i.e. no customizations of the "neutral" account by SCC, this is the responsibility of the ITB of the organizational unit.

Organizational requirements

Applicant must have an active KIT account (from1234) and thus a kit.edu email and must belong to an OU present in the ActiveDirectory. The KIT account is used to create the admin account: KIT account: ab1234 -> Admin account: OU abbreviation-adm-KIT account, e.g. SCC-adm-ab1234

Technical requirements

OU must also be available in the Active Directory as an organizational unit.