Software helps IAM tighten onboarding and app security
UIT’s Identity & Access Management (IAM) group has found a vendor solution for managing account lifecycles and passwords, access control, and onboarding new University employees, students, and affiliates.
After consulting with Gartner Inc. analysts, the IAM team undertook a five-day proof of concept evaluation of SailPoint IdentityIQ and RSA Via products. The team tested the platforms against 23 common use cases. One of the “must have” use cases, for example, was finding a self-service tool that allows users to change or reset their passwords. Criteria for success included ease of use, minimal customization, and the ability to delegate services and core integration with enterprise IT applications such as PeopleSoft, Epic, ServiceNow and more.
SailPoint IdentityIQ provided two customers as references, which the IAM group consulted with before making a selection – the University of Victoria and Integris Health. RSA Via did not provide references.
After comparing ease of use, price, and capability of the platforms, the IAM team selected SailPoint IdentityIQ.
“If IdentityIQ is enabled with enterprise applications across the board, this will allow the University to ensure the right people are accessing the right information at the right time, for the right reasons,” said IAM Program Associate Director Subhasish Mitra. “Sensitive and protected information will be more governed, and we will be able to easily certify our access policies and procedures with data stewards and application owners.”
Mitra said that SailPoint IdentityIQ centralizes institutional identity data and provides a single identity hub to model roles and entitlements, policies, and risks.
“The governance-based approach will allow the University to effectively manage changes to user access, apply policy controls, ensure access is aligned with policy, and provide an enriched user self-service platform,” Mitra said.
The IAM program has laid out two major phases around SailPoint IdentityIQ:
Phase 1
The IAM team will use the access governance approach to gradually onboard 17 of the highest risk and/or most commonly-used applications at the University into SailPoint IdentityIQ for access review: PeopleSoft, Active Directory, Epic, Kronos, Cactus, and Faculty Activity Report (FAR), among others. This enables application- or data-stewards and managers the authority to certify access of users in a simple self-service action.
Phase 2
The IAM team will transition legacy systems and applications like Rebus, NID tools, Group Manager, Account Requestor, Account Termination, and CIS Password Program into SailPoint IdentityIQ. Organizations will then have the ability to utilize all services in one place, either in a self-service capacity or by a delegated administrator, introducing an audit trail at each step.
Please contact Mitra if you have any questions about the IAM program.
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.