Project: IAM Technology Selection
IAM Technology Selection Project
9/25/2013 - The project team has been assembled and drafted initial use cases that will contribute to requirements development. Another set of use cases is being worked over the course of the next two weeks. The team is also working through finalizing the statement of work for the RFP advisory consulting engagement.
Identity and Access Management (IAM) refers to the systems and processes that enable students, faculty, staff, and other groups (like alumni) to gain access to campus systems they should have access to while preventing them from accessing the systems they should not. At a high level, IAM includes creating EIDs, managing the access an EID should have, and the removing access when it is no longer needed. The university's current IAM systems are aging and no longer meet the needs of campus. For example, they:
- Do not easily integrate with new cloud-based services.
- Do not provide easy-to-use services for groups like alumni and applicants.
- Do not allow for efficient management of access across our systems.
This project will address the selection of a set of enabling IAM technologies for campus in the following areas:
- Identity Administration & Provisioning - Flexible and reliable tools for identity and account creation, update, and removal, including ESB- and connector-based provisioning integration with downstream systems (e.g., Active Directory, uTexas Enterprise Directory). Both person and non-person identities (e.g., resources, services/applications, devices) are included.
- Group & Role Management - Federated management of static and dynamic groups and roles.
- Authorization Workflows and Repository - Access request/approval and renewal/recertification workflows and tracking, plus a repository to store authorization and privilege data extracted from key campus systems to provide a single source for knowing "who has access to what" across the university.
- Authentication - Enhancements to the (OpenAM-based) UTLogin authentication service to enable lightweight (and "bring your own identity") authentication for low-risk transactions and strong multi-factor authentication for high-risk activities, as well as federated authentication.
- Logging & Auditing - Collection and storage of transactions across the above IAM functional areas, and the mechanisms to analyze and report on those transactions.
The project's goals are to:
- Select a set of enabling technologies to support the IAM functional areas described above.
- Select a vendor to provide implementation and integration support.
- Develop a practical and achievable plan for implementing the selected solutions.
The project scope includes the following activities:
- Document applicable requirements and use cases
- Select and procure technology solution(s)
- Select integration support vendor
- Develop implementation plan and revise IAM Roadmap (if needed)
The project scope does not include the actual implementation of the selected technology solutions. Technology solution implementation will be managed as a separate set of follow-on projects.