Skip to Main Content

Identity and Access Management at Miami

You can’t spell Miami without IAM

Identity and Access Management is, at its heart, a phrase that describes the process by which people access the tools and resources they need. It asks and answers three questions:

  • Who are you?
  • What is your role?
  • What permissions do you need to fulfill your role?

At Miami, those questions can be complicated. Students, faculty, staff, alumni, emeriti… There are a lot of different roles—and therefore account types and permissions—to manage.

Once these questions are answered clearly, it provides a picture of what kinds of applications and systems you need in order to be successful. Students need access to Canvas. Some staff members need access to Banner. Faculty may need access to both.

IT Services is working on a project that will make answering these questions—and keeping track of our roles—easier and more user-friendly. The Identity and Access Management Program will touch all of the various systems used throughout the University (e.g., Banner, myMiami, Gmail, TeamDynamix, etc.) and will help us determine a better way to manage account types and the appropriate permissions associated with them. With IAM in place, it will be easier to grant access to the resources you need, when you need it.

After all, you can’t spell Miami without IAM!

Why do we need IAM at Miami?

There are several key benefits of IAM that will be immediately apparent:

  1. It makes your job easier. When we can more accurately determine the role and required permissions of the person logging in, we can help them access the tools they need to do their job or excel in their coursework. And as their roles change (for instance, if a former student gets hired as a staff member), permissions will change with them.
  2. It improves security. We can make sure that people are who they say they are—the “identity” part of the phrase. This helps keep the malicious actors out and our community in. What’s more, giving the right people access to the right things at the right time means that everyone’s data is more secure.
  3. Speed! This new program will bring greater flexibility and security to many different systems at Miami. Onboarding will be simplified.

IAM also means greater compliance with regulatory standards, reducing demands on IT resources, and faster workflows. Simply put: You get access to what you need, when you need it.

All of these benefits come together to form a more complete picture of who you are, what your role is at Miami, and how you fit into the grand scheme of things from a technology standpoint.

MUnet Password Utilities

On March 28, 2024, the new MUnet Password Utilities portal was launched. Miami community members may now change their passwords in the new system. This new look gives us a more streamlined, in-brand, easy-to-use way to change passwords, manage recovery options, and reset your password if you forget it.

Please remember, however, that if you had secret questions as your only recovery option before March 28, in the event you forget your password, you will have to contact IT Help and verify your identity (with copies of your ID cards or driver’s license) before they reset your password. If you have a current recovery (non-Miami) email or phone number set, you can reset your password immediately with no help desk intervention!

Check out our YouTube walkthrough of how to change your password in the MUnet Password Utilities portal!

IAM Forecast

The implementation of a modern IAM solution takes resources, hard work, and, importantly, time. This list of activities represents our high-level goals for the IAM Program and offers a suggested sequence of events that will make up the rest of our work. As a forecast is a prediction of future work and responsibilities, all of this is subject to change as our IAM practice evolves and improves. Check back periodically for more information and regular updates!

IAM Objectives

As we continue to mature our IAM environment, we are focusing our efforts on several big-picture objectives. In the forecast that follows, we have divided specific efforts into those larger buckets, defined here:

Account Management

Improving the provisioning and de-provisioning of accounts in target systems based on specific criteria, including but not limited to affiliation.

Maturation

Revising, improving, and documenting current processes, procedures, systems, and configurations. Rationale for improvement can include identified problems or enhancements attributed to changing requirements either by Miami business need or industry regulations and security considerations.

Sources of Authority

Additions and improvements to the ingestion of identity data into RapidIdentity. A "source of authority" is, put simply, a system that feeds identity information to RI—where the identity data comes from. The data pulled from authority sources is only intended for use related to an identity's need for authentication and authorization.

Authentication

Improvements to the processes or actions of verifying the identity of a user (i.e., the "act of logging in"). This can include improvements to systems like multi-factor authentication (Duo) or the CAS login facility.

Access Management and Security

Improvement of definitions and security measures to allow, disallow, and manage authorizations (access) to various Miami resources.

2024-2025

For the 2024-2025 academic year, we will be focusing heavily on a refactoring of our IGA solution. In order to meet business needs in 2024, we partnered with MTC to get things up and running as quickly and smoothly as possible; now that the task of having RI ready to meet Workday and Google needs is complete, we will focus on creating efficiencies so that it is not only working well, but working effectively and quickly.

Account management

  • New affiliations: Enrollment Eligible Student (EES), International Student (INT), Alum (ALU)

Maturation

  • Review affiliation entitlements and lifecycles
  • Determine support needs for the IAM program timeline
  • Short term TDX ticket handling
  • Refactoring of RapidIdentity (creating efficiencies in the system)

Sources of authority

  • Workday student prep
  • Advancement CRM prep

2025-2026

For the 2025-2026 academic year, we will work on on strengthening our connections to Workday (Platform and Student) and preparing for the go-live of Slate as a source of authority (the new Advancement customer relationship management (CRM) tool).

Account management

  • Account and access workflows and approvals
  • Account claim codes for all users
  • Community and family account management
  • Courtesy and entity account management

Maturation

  • Grow IAM as a service
  • Reporting and monitoring (creating visibility into system activities)
  • Create unified account support tool

Sources of authority

  • Timeline milestone: Advancement CRM goes live
    • Implement Advancement CRM as a source
  • Timeline milestone: Workday Student Core goes live

Authentication

  • Implement RapidIdentity authentication / single sign-on (SSO)

Access management and security

  • Account security response

2026-2027

For academic year 2026-2027, we will be working on continuing to strengthen our IAM practice. This includes implementing things like multi-factor authentication for all accounts, replacing legacy tools, and starting to evaluate what priviledged access management looks like in our environment.

Account management

  • Non-human identities (service accounts)

Maturation

  • Process for onboarding new targets
  • Business continuity
  • Testing scenarios
  • Extend character limit for usernames

Sources of authority

  • Timeline milestone: Banner is decommissioned

Authentication

  • Investigate industry best practices for authentication
  • Re-evaluate Unified Logins (applicant student accounts)
  • Evaluate current multi-factor systems

 Access management and security

  • Access management
  • Privileged access management
  • Multi-factor authentication for all accounts

2027-2028

Maturation

  • Directory services assessment and remediation
  • Change University vocabulary to "username" instead of "UniqueID"
  • DAM Tool replacement

Authentication

  • Consider social identity authentication

About Identity Automation

Our new IAM partner, Identity Automation, is a respected company with a lot of experience in the IAM arena, and especially the higher education sector. We are confident that they, along with our trusted consulting partner MTC, will be an invaluable resource as Miami matures in its IAM deployment.

Contact IT Services

312 Hoyt Hall
521 S. Patterson Ave.
Oxford, OH 45056