“How do I get access to —?” is likely not an unfamiliar question. The ability to answer often relies on knowing a sometimes complex network of requests and approval processes, which can span academic and administrative offices. Three campus units partnered with ITS to take an important step towards improving how access is managed in their unit.
The College of Engineering, Shared Services Center, and UM-Dearborn are now using a new tool, Identity Governance, to improve how they manage access to certain resources.
“Not only can we use the tool to save time and effort previously spent on requesting and following up on requests, but automating and simplifying access adds a huge boost to new employee engagement. New employees feel more like a part of the team sooner and can begin to contribute sooner,” said Pam Gabel, executive director of the Shared Services Center.
UM-Dearborn reduced manual steps and eliminated a paper request form by using Identity Governance to streamline the process for providing Financial Aid permissions in Banner. Dearborn Information Technology Services now receives information when staff become eligible to receive pre-approved Financial Aid permissions based on their HR data.
“Our project using Identity Governance was small in scope, but helped us to understand how we can significantly improve user access and security,” said Robert Ward, senior application system analyst and programmer at UM-Dearborn Information Technology Services. “The flexibility of the Identity Governance product allows integration with systems with challenging or proprietary user access provisioning. Working through the project prepared us well for our next steps!”
Shared Services Center reduced the amount of time to grant access to new employees and eliminated the need for person-by-person approvals by automating access to M-Pathways Financials & Physical Resources System for Procurement team members. SSC defined and pre-approved M-Pathways roles for 17 job titles that now use Identity Governance to automatically grant and revoke the Financial Procurement access required to do their job. The access is bundled into functional groups that can be assigned to an individual as one package, making FIN Procurement access more agile to provision in times of immediate need and easier to report on. Additionally, by automating this access, supervisors now no longer need to submit requests for access and know the combinations of system role names required for each specific job.
College of Engineering improved building security and reduced support costs by replacing a legacy system with a better means of automatically provisioning off-hours building access. Identity Governance was integrated with C-Cure, the existing building access system, to automatically detect when someone gains or loses affiliation with the College of Engineering, and their access is adjusted accordingly. For example, Identity Governance now grants active College of Engineering students access to buildings via Mcard, and will automatically remove that access upon graduation. The tool is automating access, and College of Engineering will fully retire their former process in the spring.
New access model to improve experience
Identity Governance uses role-based access to strategically and proactively manage how—and why—someone receives access to digital and physical resources. Using role-based access, pre-approved access can be assigned to individuals based on their current position in an organization. For example, if an employee changes jobs, their access could automatically be adjusted in response to the job change. Using role-based access should accelerate start-up time for new employees and students, improve data security, replace some manual processes, increase the ability to track and report on access, and simply make it easier for authorized individuals to access the right U-M resources when they need them.
“Even though the SSC already had a fairly robust access provisioning process, it was time consuming and a manual effort. The automation in Identity Governance has greatly reduced lead time to getting access,” said Zachari Broughman, facility and business office supervisor at the Shared Services Center. “Identity Governance also opened our eyes to business problems we never knew existed, allowed us to rightsize an entire team’s access and save valuable time, as well as give us great agility in our business to quickly give access to staff in times of need.”
An approach tailored uniquely for U-M
Originally part of the Enterprise Identity and Access Management (EIAM) Program, a cross-campus project team with representatives from Information and Technology Services (ITS) and Health Information Technology and Services (HITS) worked with academic, clinical, and administrative partners to understand common pain points and conduct a search for a new technology. In January 2018, the team selected Identity Governance to provide a new access management option to all U-M campuses, including Michigan Medicine.
Now that the academic campus early adoption project is complete, the ITS Identity and Access Management team will begin working with other groups to expand the use of Identity Governance over time. Because access processes vary between units and systems, use of the tool will be gradual and tailored for each unit.
If your unit is interested in learning more about implementing Identity Governance, please contact the team by emailing its.identitygovernance@umich.edu. Requests to implement Identity Governance will be prioritized and evaluated based on several factors including the benefits of Identity Governance in relation to the amount of work involved in the transition process.
Visit the Identity Governance webpage to learn more about the features and benefits of the tool and early adoption project.