Moving into a new phase: IAM Program in the spotlight

by Elizabeth Parsons, IT Services

As you may know, Miami University has embarked on a journey to improve identity and access management (IAM).

The core IAM Program team has been engaged with client offices (e.g., Finance and Business Services, OEEO, Human Resources, Advancement, and many others) as well as internal IT Services teams to determine what our environment looks like and how it can be improved with a modern Identity Governance and Administration (IGA) tool.

So far, our efforts have been mostly in the background – but we are getting ready to move into a new phase of the IAM Program!

Laptops on a desk

Quick reminder: What is IAM?

IAM as a concept describes the process by which people access the tools and resources they need in order to fulfill their role at Miami. It asks and answers three questions:

  • Who are you?
  • What is your role?
  • What permissions do you need to fulfill your role?

Those questions can be complicated. Students, faculty, staff, alumni, emeriti… There are a lot of different roles—and therefore account types and permissions—to manage. You can also add a layer of complexity when you consider not only what permissions to give a new employee when they start their job – but what permissions you need to revoke if that person leaves. Or even when an employee changes jobs or offices at Miami.

In IT Services, we receive a lot of requests to “give Tim (the new employee) exactly the permissions that Sally (the veteran employee, who sometimes isn’t with the University anymore) had”—but that can sometimes be a loaded statement. Sometimes, Sally had access to things because of a previous role at the University that she should no longer have. What’s more, some things Tim needs are stored in one system, and others are in other systems, and those systems don’t talk to one another—a headache in the making.

It would be easier to have one source of truth for access and identity at the University—so that we could give Tim only what he needs and not still be patchworking his access months down the line. A modern IGA tool will give us the granularity and power we need to make access decisions easily and quickly.

On to the next phase: IGA, IAM, and other acronyms

According to technology research and consulting firm Gartner, Inc., “IGA tools aggregate and correlate disparate identity and access rights data that is distributed throughout the IT landscape to enhance control over user access.” Essentially, with a modern IGA solution, we can more easily give Tim the rights to the data and systems he needs to do his job, and we can control the level of access he has.

Our consulting partner, Moran Technology Consulting, has been integral to our process up to this point. They have helped us understand the landscape of the IAM marketplace, given us key feedback on our current architecture, and are now working on a timeline to guide our IGA implementation.

With MTC’s assistance, we have identified two phases of the IAM Program. The first phase, which we are currently working through, is the data gathering phase (and the part where we make all the important and necessary decisions). The second phase is where we will select a tool, implement the necessary technology, make policy decisions about how we are using it, and integrate it into our business processes and account lifecycles.

As we move into the next phase of the IAM Program, we will be putting together a request for proposal and selecting an IGA tool. We are nearing the end of the first phase, so this is cause for celebration!

Colorful code on a black screen

How we’re getting there: Transformational vs. modest

As the core program team has been conducting research, meeting with various groups around the University, and conferring with MTC, one question has surfaced that we have needed to answer before we can continue forward: Do we want to make small, incremental changes now that will help us down the line, or bite the bullet and do truly transformational work that will position Miami to be a leader in IAM—which will help all of us do our jobs better and, most importantly, more efficiently and securely?

The answer, we have come to find, is that we do want to do that upfront transformational work—it will be more work now, but in the long term, it will be instrumental in helping us maintain an efficient working environment and position us effectively for future technological advances down the line.

There will be more information coming out soon about the IAM Program and your role in it. Stay tuned! In the meantime, check out the IAM Program website for more information about IAM in general, and keep your ear to the ground for updates. We are truly grateful for the partnership the University has shown us throughout this project so far, and we look forward to continuing in that same vein!