Identity & Access Management
The IAM program addresses multiple key business needs and ensures compliance with regulatory requirements. This program is critical for the following reasons:
- Reduce complexity in the provisioning/deprovisioning process
- Strict ownership of data
- One person, one identity
- Administrative review and restructuring
- Confirmed assurance levels
- Compliance with the following regulations:
- Family Educational Rights and Privacy Act (FERPA)
- Health Insurance Portability Act (HIPAA)
- Payment Card Industry (PCI)
- Data Security Standards (DSS)
- Government National Institute of Standards and Technology (NIST)
- Risk reduction
The IAM program determines institutional requirements and defines a strategic roadmap that incorporates the following:
- Identity lifecycle management — Includes management of identity creation, identity provisioning and deprovisioning, identity change processes, attribute maps, and authentication (e.g., password policies and synchronization) for risk-based critical applications not limited to end users but also for generic accounts and system/service accounts.
- Role mining and role management — Adapt and deliver a framework for the management of groups of identities by roles, which are typically based on attributes or business rules.
- Authentication — The process of verifying that a user (or system) is who they claim to be. This includes single sign-on, multi-factor authentication, Integrated Windows Authentication (IWA), password management, and identity proofing.
- Federation — The utilization of trusted connections, which allow authorized users such as non-system affiliates to access university resources, delivering a single sign-on experience for cloud host applications, research collaboration, etc.
- Authorization — The process of determining whether a user is permitted to access a particular resource. Includes role-based authorization, recertification processes, and exception requests.
- Access auditing and compliance control — Automated compliance processes for use in the review of current user access. Includes the ability to revoke access no longer required.
- Identity business intelligence — The ability to provide real-time and historical reports regarding identity-related data and activities. The goal is to provide answers to critical questions about access, improve the ability to respond to auditing inquiries, provide information regarding identity regulatory compliance, answer daily security operation questions, and provide other information regarding identities associated with the university.
Out of scope
The IAM program does not include the following:
- Changing the format of the university ID number (uNID)
- Reconciliation of duplicate accounts