Main Nav

Hi All,

 

We are trying to evaluate username generation in our university. I am trying to find pros and cons of “allowing users to select their own username” VS “ generating usernames automatically using an algorithm”.

Your experience or insight in this regard will be greatly appreciated.

 

Thanks,

Pranab Pati

Sr. Identity and Access Management Architect

University of San Diego

Email:pranabp@sandiego.edu

Work: 619-260-7553

 

Comments

Check the archives for this list, I’m sure this has been discussed at length more than once.  If I recall there are problems with most every solution you can think of.

 

We use an algorithm and have few issues.  The main issue is the occasional change we are forced to make to accommodate a name change.  I think I remember some similar feedback from others who allow their users to select their own.

 

 

Self selecting might require a good deal of human intervention and monitoring for swear words or impersonation of another person (e.g. Sam Jones clams a username that is derivative of the president of the university).

Plus if you have a common name, it might require alot of trial and error.

If you are gong ho on letting the user have a say, as a parent I have learned not to ask "What do you want for dinner?"  That is sure to generate debate and conflict and/or no response and/or ridiculous requests.  The better solution is to say "do you want Pasta or Chicken?".  Prepare some options ahead of time and let the user select.

Mike


Message from les.lacroix@carleton.edu

We allow faculty and staff to self-select usernames.  We offer them a selection of available names based on our patterns and the name information we have on file, but also give them an option to request something else if they like (requires approval and availability).  We have usernames based on first initial/last name; in the choices, we will pull the first initial from legal first name, preferred first name and middle name; for last name, we pull from the legal last name or preferred last name, or portions thereof if either are compound (e.g. "Smith-Jones").  This has allowed us to "get it right" the first time before we create too many secondary accounts.

Prior to putting this in place, we would have to rename a couple of accounts every year because we guessed the wrong name, and we would have to rename them in all of the secondary places, typically during very busy times for us.

We don't allow students to self-select usernames, at least yet.  We have some business processes that assume they can send an email to the student before we can guarantee that the student will have chosen his/her username.

Les LaCroix | Strategic Technologist and EIS Team Lead
Carleton College | 1 N. College St. | MS 3-ITS | Northfield, MN 55057
507.222.5455


From: "Pranab Pati" <pranabp@SANDIEGO.EDU>
To: IDM@LISTSERV.EDUCAUSE.EDU
Sent: Monday, April 23, 2012 1:52:50 PM
Subject: [IDM] Username -  auto-generate or allow users to self-select?

Hi All,

 

We are trying to evaluate username generation in our university. I am trying to find pros and cons of “allowing users to select their own username” VS “ generating usernames automatically using an algorithm”.

Your experience or insight in this regard will be greatly appreciated.

 

Thanks,

Pranab Pati

Sr. Identity and Access Management Architect

University of San Diego

Email:pranabp@sandiego.edu

Work: 619-260-7553

 


Message from chad.rabideau@aegisidentity.com

Hi Pranab-

 

We’ve seen some recent traction in a hybrid approach – generating a list of possible unique id’s for a user using an algorithm but letting the user choose which of the options they prefer. I’ve attached a screenshot of what this might look like (logos and URL’s removed) – this step comes after the user ‘identifies’ themselves using information obtained from source systems (another complex topic).

 

 

Thanks,
Chad Rabideau
Aegis Identity Software

 

 

From: Identity Management Constituent Group Discussion list [mailto:IDM@LISTSERV.EDUCAUSE.EDU] On Behalf Of McDermott, Michael
Sent: Monday, April 23, 2012 1:19 PM
To: IDM@LISTSERV.EDUCAUSE.EDU
Subject: Re: [IDM] Username - auto-generate or allow users to self-select?

 

Self selecting might require a good deal of human intervention and monitoring for swear words or impersonation of another person (e.g. Sam Jones clams a username that is derivative of the president of the university).

Plus if you have a common name, it might require alot of trial and error.

If you are gong ho on letting the user have a say, as a parent I have learned not to ask "What do you want for dinner?"  That is sure to generate debate and conflict and/or no response and/or ridiculous requests.  The better solution is to say "do you want Pasta or Chicken?".  Prepare some options ahead of time and let the user select.

Mike

This has been discussed before:

Search the archives (http://listserv.educause.edu/cgi-bin/wa.exe?S1=IDM) for the subjects:

Algorithms for producing unique public name-based identifiers

Usernames and legal issues

Username re-use?

 

Or just search for “username”.

 

 

Message from pradtke@gmail.com

Generating names automatically allows them to be created in advance. This allows accounts to be provisioned into necessary systems and access granted to required resources before the account gets used.

Letting users select their own means that provisioning cannot happen until after selection. This could lead to issues in your business process if you do lots of nightly batch processing and it takes days for such changes to propagate.

-Patrick

We set up a user-select procedure but had a notification to some hapless staff member (me) if the self selected name didn't bear a striking similarity to some parts of the name-of-record.  After a few years of getting uninteresting notifications about Margarets who wanted to be known as Peggy and a dept head everyone called Butch, I quietly disabled that notification.  No one is going to make their official university email address something they're ashamed or embarrassed to use when conducting university business.  The most creative name I ever encountered during that monitoring was "Celestial Starr".  That was her real name, and she eventually became student body president.


Bob Bayn          (435)797-2396            IT Security Team
       http://it.usu.edu/security/htm/dont-be-fooled
Office of Information Technology, Utah State University

From: "Pranab Pati" <pranabp@SANDIEGO.EDU>
To: IDM@LISTSERV.EDUCAUSE.EDU
Sent: Monday, April 23, 2012 1:52:50 PM
Subject: [IDM] Username -  auto-generate or allow users to self-select?

Hi All,

 

We are trying to evaluate username generation in our university. I am trying to find pros and cons of “allowing users to select their own username” VS “ generating usernames automatically using an algorithm”.

Your experience or insight in this regard will be greatly appreciated.

 

Thanks,

Pranab Pati

Sr. Identity and Access Management Architect

University of San Diego

Email:pranabp@sandiego.edu

Work: 619-260-7553

 


But while using an identity management product (like Oracle, Sun or Microsoft) , I feel it is imperative to use an auto generated algorithm. Anyone using an identity management product and still utilizing self-selected username?

 

Thanks,

Pranab

 

 

Message from mkarram@gwu.edu

Pranab, We are using Oracle Identity Manager (OIM) with a custom web application. The registration application allows our student/ Staff to select a Network ID. The application will scan the ID for Bad words or conflicts, and offer suggestions to the user. Please contact me directory (mkarram@gwu.edu) if you have a questions. Regards, Mike Karram Sr. Technical Analyst, Identity and Access Management Division of Information Technology The George Washington University
In our case, resolving duplicate names was a lot bigger problem than swear words and impersonations, neither of which has ever happened here.  At one time we had 4 Aaron Andersons.  A bigger problem is you get a new administrator with the same name as a student who already has the "logical" email address.  So the new admin has to throw in a middle initial or something and the student gets email intended for the new admin because everybody just tries the "logical" email address (which works to contact most everyone else).  Then the student gets bullied into giving up their email address (and the admin gets email intended for the student for a while).  We solved THAT problem by moving students to USU-branded gmail.


Bob Bayn          (435)797-2396            IT Security Team
       http://it.usu.edu/security/htm/dont-be-fooled
Office of Information Technology, Utah State University
From: Identity Management Constituent Group Discussion list [IDM@LISTSERV.EDUCAUSE.EDU] on behalf of McDermott, Michael [michael_mcdermott@BROWN.EDU]
Sent: Monday, April 23, 2012 1:18 PM
To: IDM@LISTSERV.EDUCAUSE.EDU
Subject: Re: [IDM] Username - auto-generate or allow users to self-select?

Self selecting might require a good deal of human intervention and monitoring for swear words or impersonation of another person (e.g. Sam Jones clams a username that is derivative of the president of the university).

Plus if you have a common name, it might require alot of trial and error.

If you are gong ho on letting the user have a say, as a parent I have learned not to ask "What do you want for dinner?"  That is sure to generate debate and conflict and/or no response and/or ridiculous requests.  The better solution is to say "do you want Pasta or Chicken?".  Prepare some options ahead of time and let the user select.

Mike


Either case ends up with people that desire/need to change userids and in many places this is very hard to impossible when it gets used as a primary key in some other/disconnected/manually synced system.

 

We have plenty of IDs where what was a “good” idea as a student in 1996 is a terrible idea for an employee in 2012.    I don’t care how good your ID rejection algorithm, someone will find something offensive/inappropriate.  On the other hand, with autogeneration, you’ll end up with cases where people absolutely hate their ex-husband and really want to never type that surname again. 

 

Self-Selection also can create an employee-driven gate on autoprovisioning

 

If you have no legacy whatsoever:

 

-          Make it a requirement that it can be changed and synced across ALL systems downstream (good luck ;-))

-          Preserve the ability to change IDs quickly (separate unique ID and named identifier ALA active directory)

-          Keep a way to get the old email address if it’s exposed through your email service

 

Coming from a self-selection place,  generation and planning to allow change would be my recommendation. 

 

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.