• Recent Posts

  • Categories

  • Archives


SUNid – even better

Friday, July 25th, 2014

Over the past few months we’ve introduced you to IAM (Identity Access Management) and in particular, one of it’s offspring, SUNid. If this all seems a bit hazy to you, let me recap.

SUNid is the first and an important building block of identity and access management (IAM). External workers and visitors are registered on this system. Previously this task was completed by Human Resources, but it has been decentralised and departments are now responsible for external workers and visitors themselves. Read more on the step by step procedures here.

After a few tweaks, a new version of SUNid will be implemented shortly. Most of the changes have been made at the back end of the system, but there are a few changes users of SUNid will notice.

1. Staff and student engagements are added on SUNid to ensure that there’s only one place (‘Maintain Identities’) where all a person’s engagements can be viewed. (HR and student engagements can not be created or changed on SUNid by SUNid users.)

2. Previously a person could only have an identity on HR or SUNid. This limitation has been removed. However, a person may still have only one of each type of engagement, whether it’s staff, student, external worker or visitor.

3. The “Register Identity” function has been changed in such a way that users first have to do a search for an existing person record before attempting to create an entirely new one. This is of utmost importance to avoid duplicates being created. Training in the use of SUNid is necessary before staff are given access to SUNid.

4. Lastly, a delete function has been added for engagements in the ‘Draft’ status in case a mistake has been made and the request has to be cancelled. SUNid does delete all drafts after 7 days, but users will now be able to also do this manually.

We hope these updates will ensure an even smoother and more pleasant SUNid experience for all SUNid users. If you have any questions or suggestions, feel free to contact us at

Identity and access management 101

Wednesday, June 25th, 2014

Stellenbosch University is currently in the process of renewing its Identity and Access Management (IAM) system. The first step in the identity life cycle, namely Provisioning, has been successfully completed with the establishment of SUNid. Read more on SUNid here.

What is Identity and Access Management (IAM)? 

For individuals needing access to computer systems or physical resources, IAM audits who you are and manages what you are allowed to see and what not. This process is based on business regulations, your role inside the university and your affiliation with departments.

How does Identity and Access Management (IAM) work? 

The main focus of IAM is not on a single system, but on the needs and functions of people working or studying at the university. In addition the process and workflow has to reflect an end-to-end life cycle. The identity life cycle can be represented as follows:




SUNid- the facts

Friday, June 6th, 2014


SUNid is the first and an important building block of identity and access management (IAM). External workers and visitors are registered on this system. Previously this task was completed by Human Resources, but it has been decentralised and departments are now responsible for external workers and visitors themselves. 

No, Human Resources are only contacted for staff who are on the university’s pay roll.    

Where do I start if I have to register an external worker/visitor on SUNid?

  1. The head of your department has to send an e-mail to to indicate which staff are allowed to act as Approvers on the SUNid system.
  2. This automatically logs a request on IT’s request system.
  3. IT Service Desk creates the head of the department as a Sponsor on SUNid and the staff member(s) indicated as the person responsible for the creation of external workers and visitors, as the Approver(s) on SUNid.

What should I, as Approver, do now?
Go to and sign on with your username and password.

The following screen will appear:                                



Where do I start if I have to create an external worker/visitor on SUNid?
Click on Search for Identity and, if available, preferably type in the SU number, otherwise the ID number.


As soon as the Identity is located, the rest of the information will be completed on the screen.

  • Click Next.
  • Complete all the required, red fields on the next screen.  
  • Click Create/Edit Engagement.
  • Make sure that all the information is filled in correctly.
  • Click on Send For Approval.

What will the external worker/visitor receive now?
The new external worker will receive a SU number, as well as a role as external worker.

What is the next step for the external worker/visitor?
The external worker can go to the card office in Administration A to get a photo and receive their SU card.

Does an external worker/visitor have automatic access to e-mail and internet?
No. Access to electronic systems is a separate request. You can apply by completing this form

What does “This new identity is already known outside SUNid – probably a permanent employee.”, mean when I’m trying to create an external worker on SUNid? 
The person already has a role assigned to him, so you can’t create another one. Make sure all the information is completed correctly, especially the dates of the Engagement. If it still doesn’t solve the problem, contact the IT Service Desk at 0218084367 or send an e-mail to

For which period of time can I register an external worker/visitor?
New Engagements can be created for a maximum period of 12 months, but also for as little as seven days. Just make sure Engagement dates don’t overlap. Each Engagement needs to have an unique start and end date. 

Can an external worker/visitor’s information be edited and where can I find this?
Yes, the following options are available:

Edit Attributes

Click on Maintain Identities to edit information.

And click on Search Engagements.
Is there a difference between annual reactivation for electronic services and the expiration of external worker/visitor roles? 
Yes, reactivation should be done annually before 31 March. Roles of external workers/visitors can expire any time of the year depending on when they were created. 

Should external workers/visitors also be reactivated for electronic services if they use them? 
Yes, will send out reminder e-mails which should not be ignored. Although these e-mails indicate that a username will expire shortly, this could also include the expiration of a role.  

How can one be sure reactivation for electronic services has been done?
Log on at and select:


At the bottom, on the right, an Expiration date will be indicated. If the date is indicated as –

 reactivation for 2014 has been completed. 

How can one be sure the role of an external worker/visitor is in order?
The Approver can sign on at SUNid and use the Search for Engagement option to check whether the person’s role is active. 

Where can I find more information on SUNid?
Visit our wiki  for a detailed description of the process. Previous articles on SUNid can also be found on our blog.


Confused about visitors’ activation?

Friday, October 4th, 2013

Two weeks ago we introduced a new decentralised process for activating access for vistors to the SU campus (read the article here) However, it seems that some confusion remains regarding the steps to follow and how the new process works. 

To explain this in a very simple way, we created a diagram explaining  the basics. All this information, as well as FAQs, is also available on our wiki.


kliek op die grafika vir die groter weergawe



© 2013-2022 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.