This project includes a re-engineering of Penn's core IAM infrastructure to dramatically improve the security, efficiency, and usability of Penn's central user- and privilege-management systems. The new cloud-based IAM solution will be implemented in phases, aligned with and leveraging other critical in-flight deployment projects, including the Human Capital Management (Workday) and Next Generation Student Systems (Pennant Records) deployments.
Note: The current IAM infrastructure will continue to serve the needs of campus while we design and deploy the new IAM system. Once ready for service, the new IAM solution will be implemented in phases. There will be no “big-bang” cutover.
Who’s Affected
As this project is infrastructure-based, there will be minimal disruption for existing PennKey holders – users will continue to access their Penn resources as before when the re-engineering is complete. The audiences affected by the project are source data owners (identity source systems), target system owners (consumers of Penn Community data), and ISC IAM-related service owners. The IAM project team will collaborate with representatives from these groups through all phases of the project.
Anticipated Benefits
Following are the anticipated benefits of the Internal IAM project:
- Enhance security by assigning privileges automatically based on known user identity data and predefined rules
- Provide an audit trail for – and periodic recertification of – user access rights to ensure users have the correct privileges and to explain how and why they receive them
- Provide significant user experience improvements and an accelerated onboarding process
- Streamline request-approval processes and automate account de-provisioning
- Speed application development with modern identity and access APIs and tools
- Integrate with on-premises or cloud-hosted applications and/or frameworks to provide real-time provisioning and de-provisioning of user accounts and identity data to partners inside and outside of Penn
FY 2021 Goals
This is a multi-year project. During FY 21, the IAM team, in collaboration with representatives from the Schools and Centers, will focus on the following goals:
- Purchase IAM product and hire implementation partner
- Install new Identity Management system in development and test environments
- Develop plan to address functionality gaps between new product and legacy Penn Community system
- Complete data management strategy for data conversion, source/target integrations, and manually-entered data
- Complete identity-matching design and begin data conversion and source system integration
- Present business process implementation plans for client endorsement