Identity & Access Management
Sept. 2024: IAM project key updates:
Phase 1 of SailPoint Identity IQ (IIQ) is being implemented Saturday, Sept. 14. This implementation will:
-
Establish IIQ in the University’s identity infrastructure.
-
Make updates of the EDS (enterprise directory service) from UAccess Employee (employees, DCCs) happen more frequently.
-
Implement automatic provisioning of Google for new employees.
Updates to the IAM project are posted in the IT Coordination Team.
Identity and access management (IAM) is foundational to security, digitalization, cloud migration, remote work and operational efficiency.
Over the past several decades of technology development, both UITS and departmental IT staff have implemented myriad systems to identify and authenticate members of the campus community. UITS is undertaking the Identity & Access Management project to provide a more streamlined and reliable central identity and authentication system. The project will also look to implement an identity-first security model and develop workflows allowing for improved and more proactive access management to improve the user experience for a smoother onboarding experience, and addressing offboarding needs.
Scope
Some of the areas included in this project are:
- Campus systems involved in identification, such as EDS, Active Directories, Grouper
- Campus systems involved in authentication, such as NetID, WebAuth, NetID+, Guest Center
- Department-run systems for identification and authentication
- Role and organization mapping
- Password synchronization across ADs
- Designated Campus Colleague processes and categories
- Service access provisioning and deprovisioning Enterprise and departmental systems
To execute on these needs, we will be implementing SailPoint as our identity solution to consolidate and manage campus needs.
IAM Implementation Goals
UITS has identified 8 overarching goals that will be central to the IAM project. These will guide the implementation phases.
- Near Real-Time Updates to data from various data sources <15 minutes
- Benefit - Increased provisioning/deprovisioning
- Benefit - Distributed transaction log
- Auditing Capabilities
- Report on systems that users have access to
- Who provided the approval for systems
- Replace existing processes
- Password Sync - Scale back from syncing 4 different ADs
- Replace custom NetID management Portal
- Multi-Factor Authentication
- EDS Sync - UA Directory
- Consolidate to one system for sync
- UAccess Guest Center
- Central System for individual data
- Ability to quickly disable user/access
- Single point of access for user
- Repository for all RCU user attributes
- Central System for provisioning services
- Lifecycle Management
- Access Flow with Service Now - Enterprise
- Integrate with Grouper
- Provide Scalable provisioning & deprovisioning for campus services
- Role & Organization Mapping - Onboarding/Offboarding
- In PeopleSoft
- Other programs benefiting from role-based attributes
- UCAP - RCU - Edge Learning
- Streamlined Workflow Management
- User interface to develop and maintain workflows (tier 2)
- Customer Integration
- Guest Accounts
- Reduce necessity for full DCC
- Social Sign on Solution