Identity and Access Management (IAM)
Identity and Access Management (IAM) is the set of business processes and supporting infrastructure for the creation, maintenance, and use of digital identities. These processes ensure the right people are able to securely access the right services.
IAM has been identified as one of the top 10 priority projects for Higher Education by several research organizations such as Gartner and EDUCAUSE. As higher education increasingly depends on virtual services for conducting its core missions, e-identity is emerging as a critical strategic asset. Drivers behind its continued attention include: user-convenience (single sign-on), security, compliance, privacy, and efficiencies from shared services for economies of scale.
IAM Benefits for Students, Faculty and Staff
- Reduce the number of user IDs and passwords required to access University systems and services
- Establish one University credential (i.e. ID and password)
- Reduce the number of times that faculty/staff are challenged to authenticate during a session
- Track affiliations more efficiently
- Provide capabilities for faculty and researchers to collaborate across Universities by allowing them to securely access external resources with their University IDs
- Expedite and improve overall access processes for guests and affiliates including research collaborators, contractors, visiting students, conference attendees, and others
- Provide a central authentication system to support applications across a variety of platforms and scope including mobile, departmental and centrally-supported applications
- Provide self-service functionality where appropriate allowing University and external colleagues to request and revoke access
- Retain one’s identity for life
University of Illinois IAM Project Timeline
Courion: Courion is an identity and access management software solution that handles certification, user provisioning and password management.
SiteMinder: SiteMinder is the new Web Access Management system used by the University of Illinois, which will eventually replace both Enterprise Authentication System (EAS) and Bluestem authentication.
Project Timeline Summary
- December 2012: SiteMinder Core Infrastructure Implementation begins
- January 2013: Transition of legacy-authenticated applications to SiteMinder begins
- March 2013 to June 2013: Implement Advanced SiteMinder Features
- Fall 2013: Password Management Implementation (Courion Stage 1)
- Fall 2013: Review Federation Solution
- Summer 2014: Implement Provisioning/De-provisioning (Courion Stage 2)
- Fall 2014: Access auditing and compliance control (Courion Stage 3)
Project Success Measures
The IAM Steering Committee has approved the following success measures for the IAM project:
- Establishing one University credential (i.e. ID and password)
- Requiring single sign-on for all campus and UA technologies
- Reducing the number of times a user is prompted to authenticate during a session
- Providing the self-service functionality (where appropriate and authorized) to allow University and external colleagues to request and revoke access to University and external resources
- Protecting the privacy of University community members
- Allowing individuals some dimension of control over their personal information
- Providing complete transparency over University use of one's personal information
- Understanding and managing risk to the University data environment
- Raising our confidence in establishing and managing a person’s identity and the rigor of one’s credentials
- Reducing the number of entry points for University systems
- Establishing stronger and longer relationships with University community members
- Retaining one’s identity for life
- Providing a central authentication system to support applications across a variety of platforms and scope, including mobile, departmental and centrally-supported applications
- Asking ourselves: "How much work will it be for departmental staff to use the new central system?"