Enterprise IAM program aims to unite university

Illustration of a woman in a U-M shirt connected by many nodes in a web

Imagine a researcher at the School of Dentistry who needs three different U-M accounts to do her daily work; or an LSA administrator who lacks current guidelines on how to request appropriate access for a new hire; or a clinical professor at Michigan Medicine who has to switch between different U-M accounts to use the U-M resources she needs.

These are just a few of the challenges the U-M community faces when it comes to accessing university resources with U-M accounts. Addressing these and other Identity and Access Management challenges are the focus of the newly formed Enterprise Identity and Access Management (EIAM)  program, which launched in January after receiving funding from the U-M Office of the Provost and Michigan Medicine. (See infobox below on What is IAM?)

“This is the first time all U-M campuses, including Ann Arbor, Dearborn, Flint, and Michigan Medicine, are working together to improve how people obtain and use U-M accounts and access U-M resources,” says Kelli Trosvig, the program’s executive sponsor and vice president for information technology and chief information officer. “This coordination is essential to improve the teaching, research, and clinical missions of the university and to support the entire university community in their important work that changes the world.”

“This coordination is essential to improve the teaching, research, and clinical missions of the university.”

Kelli Trosvig

In the first 18 months and through seven different projects, the EIAM Program will:

  • Lay the foundation to set university-wide IAM priorities with a single program office and steering committee
  • Prepare for future improvements by piloting new services and identifying university-wide requirements
  • Deliver quick wins to improve the current state for the entire U-M community

Projects currently underway focus on creating a university-wide role-based access service; piloting a social login option for low-risk U-M services; and examining the current and future state of the uniqname. One quick win expected this spring should reduce end user frustration and reduce calls to service centers: improving documentation related to the onboarding and offboarding process on U-M’s academic campuses and Michigan Medicine.

Team members have been gathering input on these efforts from colleagues in Information & Technology Services (ITS) and Health Information Technology & Services (HITS), as well as from administrative partners on various campuses and at Michigan Medicine. The program team will continue outreach as the projects progress.

If any of the EIAM program projects or topics are of interest to you or your unit, please contact the iam-program@umich.edu to learn more or provide input. DePriest Dockins of ITS and and Nimi Subramanian of HITS are co-directors of the program.

What is IAM?

Identity & Access Management (IAM)  makes it easy for you to get appropriate access and to collaborate with others at U-M and beyond. This helps you protect your privacy and the integrity of information belonging to you and to the university.

  • Identity management connects you, and only you, with your online identity at U-M.
  • Access management lets you into the systems and devices you are eligible to use—and keeps out those who are not.

Projects currently underway include:

  • Account Lifecycle Optimization: Deliver incremental enhancements to existing employee or affiliate onboarding and offboarding processes, documentation, and functionality.
  • Role and Access Management: Establish business process guidelines and conduct a pilot to improve the processes for assigning, managing, analyzing, and reporting on roles and access, including automation of tasks.
  • Social Login:  Conduct a pilot to allow non-U-M affiliates  such as contractors, vendors, or parents to use their social identities (Google, Facebook, Yahoo, etc.) to login to a low-risk, U-M provided service.
  • Uniqname Re-Evaluation and Recommendation: Document the administrative, technical, and end user challenges associated with our current uniqname design and use, then conduct an impact analysis on alternatives, and develop a plan to move forward.