Identity & Access Management

Identity & Access Management

April 2024: IAM project key updates:

Phase 1 of SailPoint Identity IQ (IIQ) is being implemented Saturday, April 27. This implementation will: 

  • Make updates of the EDS (enterprise data system) from UAccess Employee (employees, DCCs) happen in near real time. 

  • Implement automatic provisioning of Google. 

Read more about this launch. 

Updates to the IAM project are posted in the IT Coordination Team

Identity and access management (IAM) is foundational to security, digitalization, cloud migration, remote work and operational efficiency.

Over the past several decades of technology development, both UITS and departmental IT staff have implemented myriad systems to identify and authenticate members of the campus community. UITS is undertaking the Identity & Access Management project to provide a more streamlined and reliable central identity and authentication system. The project will also look to implement an identity-first security model and develop workflows allowing for improved and more proactive access management to improve the user experience for a smoother onboarding experience, and addressing offboarding needs.

Identity & Access Management Chart

Scope

Some of the areas included in this project are:

  • Campus systems involved in identification, such as EDS, Active Directories, Grouper
  • Campus systems involved in authentication, such as NetID, WebAuth, NetID+, Guest Center
  • Department-run systems for identification and authentication
  • Role and organization mapping
  • Password synchronization across ADs
  • Designated Campus Colleague processes and categories
  • Service access provisioning and deprovisioning Enterprise and departmental systems

To execute on these needs, we will be implementing SailPoint as our identity solution to consolidate and manage campus needs.

IAM Implementation Goals

UITS has identified 8 overarching goals that will be central to the IAM project. These will guide the implementation phases.

  1. Near Real-Time Updates to data from various data sources <15 minutes
    • Benefit - Increased provisioning/deprovisioning
    • Benefit - Distributed transaction log
  2. Auditing Capabilities
    • Report on systems that users have access to
    • Who provided the approval for systems
  3. Replace existing processes
    • Password Sync - Scale back from syncing 4 different ADs
    • Replace custom NetID management Portal
    • Multi-Factor Authentication
    • EDS Sync - UA Directory
    • Consolidate to one system for sync
    • UAccess Guest Center
  4. Central System for individual data
    • Ability to quickly disable user/access
    • Single point of access for user
    • Repository for all RCU user attributes
  5. Central System for provisioning services
    • Lifecycle Management
    • Access Flow with Service Now - Enterprise
    • Integrate with Grouper
    • Provide Scalable provisioning & deprovisioning for campus services
  6. Role & Organization Mapping - Onboarding/Offboarding
    • In PeopleSoft
    • Other programs benefiting from role-based attributes
    • UCAP - RCU - Edge Learning
  7. Streamlined Workflow Management
    • User interface to develop and maintain workflows (tier 2)
  8. Customer Integration
    • Guest Accounts
    • Reduce necessity for full DCC
    • Social Sign on Solution
Chat now