!

Alumni Accounts: Granting or Restricting Access to Departmental Services

Alumni Accounts: Granting or Restricting Access to Departmental Services

Beginning in spring 2015, graduating students will be granted Alumni Accounts that provide access to certain enterprise services such as My Pitt Email. Some University departments provide additional technology services, and they may want to allow alumni access to these services or restrict these services (for example, because of licensing requirements). The technical information provided in this section is intended to help departmental IT staff modify access to their services as needed.

Some changes happen automatically when an account transitions to an Alumni account. Service owners should review the list below to determine if these changes are sufficient to remove access for individuals with Alumni accounts, or if additional steps are necessary. Please keep in mind that Alumni accounts will remain active in Active Directory and the Central Directory Service (CDS).

Automated changes when an account transitions to Alumni

  • Account is moved from the Accounts OU in Active Directory to the Alumni OU 
    • Accounts OU: ou=account,dc=univ,dc=pitt,dc=edu
    • Alumni OU: ou=alumni,dc=univ,dc=pitt,dc=edu
  • Account is added to an Alumni group
    • Alumni Group: Pitt-ActiveAlumniAccount or cn=Pitt-ActiveAlumniAccount,ou=groups,dc=univ,dc=pitt,dc=edu
  • Account has an attribute added to it that defines it as an Alumni account
    • Alumni Attribute: pittCategory = Alumni
  • All group memberships are removed
    • CDS-managed groups
    • Active Directory groups
    • Office 365 groups
  • Shibboleth modifications are made
  • Global Address List (GAL) changes are made
    • Students, faculty, and staff will not be able to see Alumni in the GAL
    • Alumni will not be able to see students, faculty, and staff in the GAL
    • Alumni will not be able to see other Alumni in the GAL
  • All Alumni email mailboxes will exist in Exchange Online, so if an individual's mailbox is on premise, we will move the mailbox to Exchange Online when the account transitions to Alumni