Identity and Access Management
Identity and Access Management Steering Committee
This Letter of Intent (LOI) is established to formalize the commitment between Administrative Information Technology Services (System), Information Technology Services (UIS), Chief Digital Risk Office (System), Technology Solutions (UIC), and Technology Services (UIUC) to collaborate on the creation and empowerment of an Identity and Access Management (IAM) Steering Committee. This Committee will drive the development and implementation of a unified and effective IAM framework across the universities and system offices.
Goals and Scope
The IAM Steering Committee will be entrusted with the following immediate priorities:
- IAM Governance: Develop and implement a governance framework for IAM to ensure consistency, efficiency, and alignment with institutional and system-wide goals.
- Architectural vision: Develop a shared architectural vision that adheres to the tenets below. This includes a current and future state.
- Core tenets: To ensure alignment and consistency, all decisions and actions will adhere to the following foundational tenets:
- Core stability will be maintained for critical enterprise services that rely on a stable identity service. Modifications to this system will be carefully planned and executed to avoid disrupting essential operations.
- The authoritative source of identity management will persist at the University of Illinois System level.
- Common ID and password services are essential.
- Support future SaaS ERP. Decisions and actions will align with future goals, avoiding changes that would need to be undone during the transition to a new ERP system. Efforts will focus on standardizing processes and streamlining operations to prepare for the adoption of a SaaS-based ERP system, emphasizing simplification and consolidation.
- Identity Governance and Administration Solution: Execute on the acquisition of an Identity Governance and Administration (IGA) solution that meets the collective needs of the system. The tool and implementation of the tool will adhere to the tenets above and include the following activities:
- Funding Sources: Propose funding strategies, including budget allocations, cost- sharing models, and potential external funding opportunities.
- Prioritization: Identify high-impact areas for initial implementation, such as critical access management functions or specific user populations.
- Implementation Timelines: Define phased and achievable milestones for rolling out the IGA solution across the system.
- Implementation Partner Requirements: Evaluate and recommend criteria for selecting an implementation partner to ensure successful deployment and alignment with system needs.
- Make recommendations regarding strategic MFA Alignment: Assess and determine the strategic direction for Multi-Factor Authentication (MFA) alignment, including:
- Review market leaders Duo, Microsoft, and possibly others for optimal MFA offering for the cultural and technical environment at the System.
- Technologies, processes, and resources required for implementation of the MFA solution are in scope.
- The recommendation will identify potential impact on customers.
Formation of the IAM Steering Committee
The IAM Steering Committee will consist of representatives appointed by each Party and will have the following responsibilities and authorities:
- Decision-Making Authority: The Committee will have the authority to make decisions on IAM policies, initiatives, and investments. The Committee will create an escalation process to UT IT LT to be used as necessary. Decisions will be made by consensus.
- Strategic Oversight: Guide and oversee IAM-related projects to ensure alignment with institutional priorities, the tenets above, and system-wide objectives.
- Collaboration: Foster communication and collaboration across the universities and system offices to address IAM challenges and opportunities.
Commitments of the Parties
Each Party agrees to:
- Provide resources, including staff and expertise, to support the Committee’s initiatives.
- Actively participate in discussions and decision-making processes to ensure system-wide representation.
What is IAM?
Identity and Access Management (IAM) in higher education is a system designed to ensure that the right individuals can access the right resources at the right times for the right reasons. It's like a digital keychain that controls who can enter specific rooms or use certain tools, but in a digital environment.
Why Should I Care About IAM?
Protecting digital identities is the cornerstone for security and safety, guarding both your data and our institution. Think about the damage that someone could do by impersonating you online. They could access your bank account, research data, and student data or they could do something malicious while claiming to be you.
Examples of IAM Systems
- Single Sign-On (SSO): Instead of remembering multiple passwords for different systems, SSO allows users to log in once and gain access to various applications securely.
- 2-Factor Authentication (2FA): Adds an extra layer of security by requiring users to verify their identity with a second factor, such as a mobile authentication code.
- Privileged Access Management (PAM): Focuses on securing and managing access to privileged accounts—those with elevated permissions that can modify system configurations, access sensitive data, or manage other user accounts.
- Automated Account Provisioning & Deprovisioning: New employees, students, and affiliates receive appropriate access upon onboarding, and access is revoked promptly when they leave, reducing security vulnerabilities.
What Would Happen if IAM is Not Implemented?
Failing to maintain an effective IAM system can lead to:
- Increased IT Costs: More resources are needed to manage security breaches, unauthorized access, and manual user provisioning.
- Decreased Service Delivery: Inefficient access management leads to delays, hindering productivity and the user experience.
- Security Risks & Data Breaches: Without proper IAM, sensitive information could be accessed by unauthorized individuals, leading to data loss or cyberattacks.
- Compliance Violations: Failure to meet security and privacy regulations could result in legal and financial repercussions for the university.
By implementing a strong IAM framework, the university can ensure a secure, efficient, and user-friendly digital environment for all members of its community. Your participation in IAM best practices helps protect our systems, data, and users from potential threats. University of Illinois System Identity Governance and Administration (IGA) Executive Summary
What is IGA?
Identity Governance and Administration (IGA) is a key component of Identity & Access Management (IAM) that focuses on managing and governing user identities, access permissions, and compliance requirements. While IAM ensures the right people have access to the right resources, IGA provides visibility, control, and auditing to ensure that access is granted appropriately and in accordance with policies and regulations.
How IGA Impacts Your Role
- Students: IGA helps validate who I am and grants me access to my courses, software, libraries, ARC, and other services.
- Faculty/Staff: IGA helps validate who I am and grants me access to the data, software, and services I need to do my work and make a living (payroll/benefits). If I change roles and take on different job opportunities within the university, IGA will ensure my access to changes appropriately.
- IT Professionals: IGA streamlines identity management by automating user provisioning, access controls, and deprovisioning, reducing manual workloads and security risks. It ensures that IT teams can efficiently manage access requests while maintaining security standards. If a department onboards new staff or students, IGA facilitates a smooth transition by granting the right access from day one.
- Compliance and Audit Professional: IGA helps ensure that users have the appropriate access to systems and data while maintaining regulatory compliance. It provides automated access reviews, audit trails, and reporting to help enforce policies and detect unauthorized access. If an employee leaves or changes roles, IGA ensures that access is updated or revoked accordingly, reducing security risks and compliance violations.
Key Benefits of Implementing IGA
Enhanced Security and Compliance
- Strengthens protection through a unified approach against privacy risks, threats, and vulnerabilities.
- Ensures regulatory compliance by clearly defining responsibility for granting and removing access to various systems, software, and technologies.
Improved User Experience
- Enhances the experience of students, faculty, and staff through automated tasks such as password resets and streamlined access.
- Improves overall user experience and operational efficiency across the university.
Streamlined Processes and Reduced Workload
- Automates tasks and process workflows, reducing dependency on outdated systems and manual processes.
- Supports integration with key vendors like Box, Google, and Microsoft to streamline user access.
Eliminate Single Points of Failure
- Addresses single points of failure in current access and authentication operations.
- Improves reliability and security by updating aging infrastructure.
Empowerment and Accountability
- Empowers universities, colleges, and units to perform user access reviews as necessary.
- Establishes clear responsibility for access management and adoption of evolving standards.
Utilize Identity and Access Intelligence
- Leverages identity and access intelligence to make informed decisions.
- Provides better insights into access patterns and strengthens risk management strategies.