Procedure to Request Access
Campus service providers often require identity data for users of their service. As a convenience, a service provider can request this data from the Texas A&M Identity Services, using the following procedure.
It is assumed that you:
- have an application- or service-specific need for information about students, faculty, or staff
- will use the data only for official Texas A&M University administrative or academic purposes, and
- your use is consistent with the Texas A&M Identity Services Appropriate Use Policy.
The request process begins with the service provider completing the request form:
|To request data releases via Shibboleth, web services, or periodic data feeds:||To request a one-time data extract:|
If the service provider is a non-campus entity, the service provider should have a campus sponsor fill out the form. Contacts for the request should be Texas A&M University System employees.
All information on the form should be typed except the signatures. (The pdf form has a button at the top which will highlight the available fields.) If you are uncertain about how to answer a question, please email firstname.lastname@example.org for assistance. A help page is also available.
Submitting the Request
The form is printed, signed by the requester and mailed to the Identity Management Office, MS 3374, faxed to 979.845.6090 or emailed to email@example.com.
Processing the Request
Upon receipt, IT personnel will notify the submitter that the request has been received and review the request. If FERPA protected or private information is being requested, the form will be forwarded to the appropriate data custodians for approval.
Processing of the request typically takes two to four weeks.
If you have any questions about the identity data or the request process, send an email to firstname.lastname@example.org.
The following elaborates on some of the fields/questions included in the access request form.
If you are setting up access for an application and are unsure which access method best meets
your needs, you may find the decision matrix on the Developer Resources page helpful. You can also contact Identity Services
personnel for advice by emailing email@example.com.
The Shibboleth entityID is found in the metadata for your application.
To see an example, search the TAMUFederation metadata file for entityID.
- The web services client identifier is identifier of the client you registered at https://mqs.tamu.edu/rest/docs/.
Requested Data Elements
For Shibboleth data requests, please itemize the data elements using schema attribute names.
(See the Enterprise Directory People Branch Schema.)
For other types of data access requests, be as explicit as possible. For example, 'student
primary major code' or 'student primary major name' instead of 'major'.
- Data owner approval is required before access is granted to any data considered to be non-directory (non-public).
Student directory data consists of a student's name, phone, email address, program of study,
classification, semester enrolled if the student has not requested suppression
of this information. To receive data regardless of FERPA suppression status, or to receive other
data about a student, such as course enrollment, gender, date of birth, etc., the request must be
approved by the Registrar.
- Employee directory data consists of any data related to the employee's job, such as their name, title, office phone, email address, department. Release of personal information, such as employee home phone or date of birth must be approved by B/P/P.
Provide a description of the audience using the application or service that includes the user roles (student, staff, etc.) and campus affiliations.
A brief explanation of how the application utilizes each data element is needed. An explanation is particularly important for requested non-directory data elements. The following example illustrates the type of information expected:
information, and look ups within the application
eduPersonAffiliation - used to determine whether a customer is faculty, staff, or student
and under which affiliation, if multi-valued, the service is being accessed
eduCourseOffering - used to determine whether TAMU students are eligible for service based
on current course enrollment
sn - used for greeting, mailing labels, pending order lists, and look ups within the application
givenName - used for greeting, mailing labels, pending order list, and look ups within the application
mail - when available, used to communicate with customer
tamuEduPersonMember - used to determine campus affiliation(s) and determine eligibility for service
Application or Service
The description of the application or service should include a summary of the business purpose or benefit to Texas A&M University provided by the application/service.
An ISAAC assessment is not required in order to access Identity Services data. The answer to this question assists the Chief Information Security Officer in correlating data releases with ISAAC reviews.
- The Administrative Contact should be the application owner. For non-application requests, such as data to produce mailing labels, this should be the person in charge of the project for which the data is being requested.
- The Technical Contact is the primary contact for the data access request. Identity Services contacts this person with any questions about the data access request and works with this person to set up the access or transfer the data.
The people that operate the application and database or have administrative privileges typically will be able to access all data. If the application displays any data or subsets of data, the user or user groups able to view the data need to be described. In particular, accessibility of any requested non-directory data should be described.
- The Security Contact is the person responsible for data security. This contact is needed only if access to non-directory data is requested.
If you will be storing any of the data released via this access request, it is very important to itemize
- what data elements will be stored
- how they will be stored
- how long they will be retained
- why storage of these data elements is necessary
Texas A&M Identity Services provides demographic, role and contact data to Texas A&M service providers to support identity management, provisioning, authentication, and authorization. The following guidelines are designed to ensure judicious and compliant use of that information, protecting the security and privacy of that data where necessary.
Texas A&M Identity Services data use must be authorized by the appropriate data
custodians for student, employee or other data using the identity data request form
- This form is used by the serive provider to specify what data elements are needed for what purpose. The data obtained must be used only for the specific purpose identified on the request form and not for any other purpose, and cannot be supplied to other applications.
- Texas A&M Identity Services data consumers (applications or services that use data from Texas A&M Identity Services) will be contacted biannually to verify continued need for data access.
Texas A&M Identity Services data use must comply with the applicable State of Texas
and Federal laws and regulations concerning privacy and security as well as complying
with University policy. Texas A&M Identity Services data use is specifically bound
by the University
FERPA Policy and University
Acceptable Use Guidelines.
Texas A&M Identity Services data may be used for purposes of providing identity
management, which includes, for example, directory authentication and authorization
services, provisioning services, and contact information.
Texas A&M Identity Services data consumers must provide details on what Texas A&M
Identity Services data they store locally.
Texas A&M Identity Services data consumers must take all necessary precautions to
secure Texas A&M Identity Services data in transmission and in storage. This includes
utilizing security best practices as posted at
Consumers of Texas A&M Identity Services data responsible for any security breach
traceable to their use or specific authorization will be reported to the Chief Information
Periodic and random audits will be performed on use of Texas A&M Identity Services
- Consumers of Texas A&M Identity Services data must provide access logs and access to systems containing Texas A&M Identity Services data upon request.