How many times have you or someone you work with asked, “Who has access to what systems and when — or how — did they get it?” or “Why am I making these access changes manually?” or “Does he really still have access to that?!”
If you’ve lost track — or simply don’t know who needs appropriate access to what or how to get it — you’re not alone. This year, U-M will address this long-standing challenge by taking advantage of strong campus partnerships and newly available technology to begin making an enterprisewide solution a reality.
The Role and Access Management Project (RAMP), part of the Enterprise Identity and Access Management program, will focus on establishing a role-based access service at the university in the coming years. Doing so should accelerate start-up time for new employees, improve data security, replace some manual processes, increase the ability to track and report on access, and simply make it easier for authorized individuals to access the right U-M resources when they need them.
Learning the pain points
Earlier this year, the team conducted more than thirty interviews across the Ann Arbor, Dearborn, Flint, and Michigan Medicine campuses to better understand how the campus community manages U-M resource access today and how the project can help improve it in the long term. During these conversations, individuals representing academic, administrative, and clinical units shared details on current processes and pain points, with many volunteering to collaborate on the future of access at U-M.
One of these partners is Doug Hovey, former business analytics manager at the Shared Service Center (SSC) and now in the U-M Treasurer’s Office. While at the SSC, Doug set up an intricate workaround to manage and assign access to his staff, which skirts the current, error-prone and time-consuming processes, but creates yet another system to manage.
Aimee Lahann, business systems analyst for the RAMP project says, “It’s amazing what IT and administrative staff have done to get around the gaps in our technology and processes. But they shouldn’t have to spend their time doing this when they could be focused on more meaningful work to support their areas’ missions.”
Hovey adds, “Ideally, the Shared Service Center will be able to hire someone, assign them to a role, and on day one, they can access the systems they need to do their job — with all the right training and approvals built right into the process.”
Partnering for the future
The interviews were just the first step in the university’s effort to reach that ideal state. Many of those interviewed — including representatives from LS&A, College of Engineering, and School of Nursing — have joined the project to help select an enterprise-level, role-based management system. DePriest Dockins, co-director of the EIAM program and assistant director of Identity and Access Management at Information and Technology Services, says, “Working with our campus and Michigan Medicine business partners is — and will continue to be — critical to making role-based access a reality at U-M in the coming years.”
“Working with our campus and Michigan Medicine business partners is critical to making role-based access a reality at U-M.”
—DePriest Dockins, EIAM program co-director
The vendor selection process is currently underway (see box below). Next, the project team and partners will identify pilot scenarios for testing the new system at U-M beginning in early 2018. The RAMP effort will also define related business roles and workflows that can be shared by all four university campuses. Expanding the role-based access service to other U-M systems is in the plans, pending the successful completion of pilots in 2018 and the formation of long-term funding, governance, and support models.
The team will continue working closely with academic, clinical, and administrative partners to lay a foundation to support any new business processes, policies, and/or technologies resulting from the pilot phase. With cross-campus planning and a network of dedicated partners, future access management at U-M is bound to be easier and more secure. If you have ideas for pilot systems or want to be part of the effort, contact the RAMP project team.
The Enterprise Identity and Access Management (EIAM) program at U-M coordinates and unites IAM efforts for all four U-M campuses to simplify and improve the technology and administrative processes that allow authorized individuals to access U-M resources. The multi-year initiative is jointly funded by the Office of the Provost and Michigan Medicine through the end of June 2018.