Providing GatorCloud Email (Office 365) to Students represented the first major phase of a program to revamp UF’s centrally provided email services. The next phase was to upgrade and update the UF Exchange system for those Faculty, Staff, and Employees who depend on that system. Next UFIT will retire the old UF WebMail system moving all remaining Workforce members who use that system to the Exchange system.
An important component of this ongoing project is the significant effort to bring clarity to which members of the UF community are eligible for a UFIT email services. Additionally, work to automate the provisioning and de-provisioning process based a person’s UF affiliations provides a key pillar of this effort to clean up how and to whom UFIT provides email services.
In order to facilitate the new email services' lifecycle the Office of Identity and Access Management (IAM) now determines the following based on a person's affiliation(s) with the University:
1. Whether a person is Eligible for email and related services at UF
2. Where a person's mailbox should live within UF's Exchange/O365 hybrid environment
Because eligibility decisions are primarily based on affiliation, it is necessary to reference the UF affiliation table in order to make sense of the affiliation logic:
It may also be helpful to review the review the Student Lifecycle diagram to understand the important affiliation transitions that will trigger automatic provisioning and de-provisioning of a student email services.
Eligibility for Email Services
In order for a person to be eligible for UF email and related services, the individual must have a UF affiliation that maps to one of the following eduPerson affiliations (reference the UF Affiliation Reference link above to see which UF affiliations map to which eduPerson affiliations):
· Student (S)
· Faculty (F)
· Staff (T)
· Employee (E)
Affiliations that map to the following eduPerson affiliations do NOT qualify for UF email and related services:
· Member (M)
· Alumni (A)
· Affiliate (L)
· Contact (P)
Location of Email Services
With the introduction of GatorCloud Email (Office 365) for Students and the retirement of the GatorLink mail system, UF’s central email services will be provided by a single, hybrid email system. This hybrid environment will consist of the cloud-based Office 365 system, and the on-premises UF Exchange system. Within this environment a person may have only one mailbox associated with his or her GatorLink user ID.
In order for this hybrid environment to be viable, UF will be making decisions about where a person’s mailbox should live based on the person’s affiliations to the University.
Here is a breakdown of where an individual’s mailbox should live based on the person’s eduPerson affiliations:
· Faculty, Staff, Employee: this group will default to a mailbox location of on-prem Exchange.
· Student: all Students will have a mailbox location in GatorCloud Email (Office 365)
The astute reader should immediately perceive that many people at UF have multiple eduPerson affiliations simultaneously. Here is the logic to resolve “preferred mailbox location”:
· In most cases, Faculty, Staff, and Employee affiliations will trump a Student affiliation, thereby making the person’s preferred location UF Exchange
· The current exceptions to the above rule are the following 'E'mployee affiliations which will NOT trump Student. Thereby leaving a Student who is also an one of the folllowing affiliations as preferred location of Office 365:
- OPS Employee (194)
- Athletic Association Employee (217)
- Shands Employee (209)
As of November 15, 2013 the above two rules hold true. However, we anticipate that additional rules may be developed.
Please understand that this logic will only be enforced/implemented in the following two decisions:
1. In deciding whether to allow migration to GatorCloud Email (Office 365) from the old UF WebMail system.
2. In deciding whether and where to automatically provision a mailbox (in either UF Exchange or GatorCloud Email) at the beginning of the student or workforce lifecycle.
There is no automated process to move mailboxes between Office 365 and UF Exchange based on changes in the preferred mailbox location. If a person with an Office 365 mailbox obtains employment in such a way as to alter his or her preferred mailbox location Departmental IT staff will need to interact with UF Exchange admins in order to get the mailbox moved to UF Exchange.
Additionally, as there is not currently an automated provisioning/de-provisioning process in place for Faculty/Staff/Employees, departmental IT staff will continue to be responsible for managing the lifecycle of their department’s Faculty/Staff/Employee mailboxes.
Auto Provisioning of Mailboxes
Auto provisioning of Student mailboxes in GatorCloud Email has been active since November of 2013.
Auto provisioning of Faculty/Staff/Employee mailboxes is planned, but not yet implemented.
Students and UF Exchange
The UF Exchange system was never intended to support Student mailboxes. Even with the upgrade of UF Exchange, Students will not be eligible for UF Exchange mailboxes. Nonetheless, due to historically inconsistent provisioning practices across UF departments and colleges some small number of Students, who are otherwise eligible for Office 365, will be unable to migrate to Office 365 due to the existence of the Student’s UF Exchange mailbox.
In the case of a Student being prevented from moving to Office 365 due to an existing UF Exchange mailbox, UFIT will treat the Student similar to a Faculty/Staff mailbox as we work towards retiring the old UF WebMail system. Students with both WebMail and Exchange mailboxes will be consolidated in to the Exchange mailbox.
De-provisioning of Student Email Services
Along with automatic, programmatic, affiliation-based de-provisioning comes the ability to provide Students with a clear statement about how long they will maintain access to their Office 365 mailbox and other O365 resources after leaving UF.
Please note that de-provisioning will only occur in the case that a person loses all qualifying affiliations (the person no longer has any of Student, Faculty, Staff, or Employee eduPerson affiliations). So, for instance, if a person loses his or her Student affiliation, but maintains an Employee affiliation that person’s Office 365 mailbox will not be de-provisioned (though they would be eligible to have the mailbox moved to UF Exchange if the employing department wishes).
The two cases for de-provisioning are as follows:
· Student transitions to Alumni (with no other qualifying affiliation)
o De-provision grace period of 6 months
· Student loses all qualifying affiliations and does NOT become an Alumni
o De-provisioning grace period of 30 days
In both of the above cases a student can expect to have access to their Office 365 mailbox for roughly six months after ceasing to be enrolled in courses. Please refer to the UF Student Affiliation Lifecycle for more information on this.
During the grace-period, the de-provisioning system will generate notification emails to the affected mailbox with increasing frequency as the de-provision deadline approaches.
How can I affiliate a user for email services?
Current and active Students, Faculty and Staff should already have sufficient affiliation to qualify for services. In cases where you have used Departmental Associate to qualify someone for a Gatorlink account, but they also need a mailbox or other cloud services, you can use one of the following affiliations.
Consultant Faculty (221)
Consultant Staff (220)