Identity & Access Management
February 2024: IAM project key updates:
Our Identity and Access Management team continues to work on implementing our SailPoint solution campus wide. Here are some key updates:
- We are starting the SailPoint IIQ onboarding application review process with more than 70 campus units to gather an application inventory of the entire university to help decide and prioritize how we will move forward.
- UAccess APIi Integrations to IIQ and associated table updates are almost complete, and we are testing now. This will allow for real-time (or near real-time) updates and more efficient integration between IIQ and other applications.
- The IAM Team is meeting, prioritizing, and planning for Phase 2 of the University implementation. Announcements of what will be involved in Phase 2 to come soon.
- User Acceptance Testing was put on hold for UA API integration effort in November but restarts again this month.
- Implementation is now targeted for March.
Please check this channel for regular updates on our progress. You can also comment or ask questions on this Teams channel.
Identity and access management (IAM) is foundational to security, digitalization, cloud migration, remote work and operational efficiency.
Over the past several decades of technology development, both UITS and departmental IT staff have implemented myriad systems to identify and authenticate members of the campus community. UITS is undertaking the Identity & Access Management project to provide a more streamlined and reliable central identity and authentication system. The project will also look to implement an identity-first security model and develop workflows allowing for improved and more proactive access management to improve the user experience for a smoother onboarding experience, and addressing offboarding needs.
Some of the areas included in this project are:
- Campus systems involved in identification, such as EDS, Active Directories, Grouper
- Campus systems involved in authentication, such as NetID, WebAuth, NetID+, Guest Center
- Department-run systems for identification and authentication
- Role and organization mapping
- Password synchronization across ADs
- Designated Campus Colleague processes and categories
- Service access provisioning and deprovisioning Enterprise and departmental systems
To execute on these needs, we will be implementing SailPoint as our identity solution to consolidate and manage campus needs.
IAM Implementation Goals
UITS has identified 8 overarching goals that will be central to the IAM project. These will guide the implementation phases.
- Near Real-Time Updates to data from various data sources <15 minutes
- Benefit - Increased provisioning/deprovisioning
- Benefit - Distributed transaction log
- Auditing Capabilities
- Report on systems that users have access to
- Who provided the approval for systems
- Replace existing processes
- Password Sync - Scale back from syncing 4 different ADs
- Replace custom NetID management Portal
- Multi-Factor Authentication
- EDS Sync - UA Directory
- Consolidate to one system for sync
- UAccess Guest Center
- Central System for individual data
- Ability to quickly disable user/access
- Single point of access for user
- Repository for all RCU user attributes
- Central System for provisioning services
- Lifecycle Management
- Access Flow with Service Now - Enterprise
- Integrate with Grouper
- Provide Scalable provisioning & deprovisioning for campus services
- Role & Organization Mapping - Onboarding/Offboarding
- In PeopleSoft
- Other programs benefiting from role-based attributes
- UCAP - RCU - Edge Learning
- Streamlined Workflow Management
- User interface to develop and maintain workflows (tier 2)
- Customer Integration
- Guest Accounts
- Reduce necessity for full DCC
- Social Sign on Solution