Identity and Access Management (IAM) @ UWM FAQ
If you have a suggestion for a question, please email firstname.lastname@example.org. Q: What is IAM (Identity and Access Management)? A: Identity and Access Management is composed of the processes for managing the creation of electronic identities for individuals of the UWM community, establishing attributes that reflect relationships between individuals and the organization, and asserting these electronic identities and attributes to enable access to other services that deliver value to individuals.
FAQ for Identity and Access Management at UWM
Q: Why is UWM investing in Identity and Access Management? A: Higher Education increasingly relies on services delivered electronically to accomplish its mission of delivering education and engaging in research. Most such services need some form of electronic based identity to control access to these services and ensure the security of the information contained in the services. At the same time, individual members of the community desire access methods that are user friendly and non-intrusive. The investment by UWM in identity and access management services drives the continual improvement of technology and processes to meet these often conflicting goals in as effective a manner as possible.
Q: When will the IAM Program be complete? A: The IAM Program is intended to be an ongoing effort that will continually work to improve service to the campus while also adapting to the future needs of the community. On an annual basis, the steering committee for the program reviews the strategy and goals of the program and adjusts them to address changes in campus focus and/or emerging technology trends.
Q: What is the time line for deployment of single sign-on? A: There is no defined time line for the deployment of single sign-on (SSO). The infrastructure to support the SSO user experience has been deployed. The IAAM Steering Committee has drafted a priority list of existing services that have been identified as candidates for integration into SSO. The approach is each service will be integrated as a separate project with a separate service transition plan. Services that are in the process of being implemented and new services will have a component of each implementation built into the project to address integration with the SSO framework.
Q: What framework is UWM using to deploy single sign-on? A: UWM has deployed a Shibboleth Identity Provider and is requiring SAML2 compliant interfaces, either using the Shibboleth Service Provider software or native implementations, to integrate into the SSO environment.
Q: How is UWM improving IAM services? A: Several steps are being taken. The coordination of all of the services has been consolidated into a formal program structure with a steering committee setting goals and UITS program sponsors manging resources. Services are being reviewed and are either being improved or replaced with more appropriate solutions. Processes and procedures are being documented and formalized where needed. Where appropriate processes and procedures are being reviewed to streamline or better define service expectations to provide the most effective use of resources. New technologies are being deployed to support single sign-on and federated access technologies. Key infrastructure is getting updated. A formal IT service management framework is being implemented. The security of services is being reviewed and improved were required to meet future service needs.
Q: What is Single Sign-On? A: Single Sign-On (SSO) at UWM is about fulfilling two desires for individuals that use IT services at UWM. The first desire focuses on minimizing the number of times an individual needs to "login" while still maintaining a secure environment. An indivdual will experience signing on to one application and seamlessly gaining access to other common applications without the need to re-enter an ePantherID and password again. This does not mean people will never need to sign-on or only have to sign-on once a day. For various technology and security reasons, some applications will need to remain outside of the SSO framework. However, the goal is to significantly reduce the time and effort it takes to access the common applications used by the majority of the UW-Milwaukee community.
The other desire focuses on improving access to applications that are supported by people outside of the UW-Milwaukee community. Whether supported by UW-System, another university, government agency or other application provider, there are external applications in use from UWM that need to be accessed in a secure fashion. The second, and longer term goal of SSO will be to introduce procedures and technology to allow this to happen. Further, the goal is to allow this to happen without the need for a person to have yet another set of user-names and passwords to remember. Collectively, the set of procedures and technology needed to do this is called Federated Identity, or sometimes just Federation.
Q: I got an ePantherID when I got here. Don't we have identity management already? A: UWM has maintained various identity management services over the years, many of which were tightly linked to services such as email, the Alpha environment, campus computer labs or PAWS or other administrative systems. What is new is a realization that operating these services in such a fragmented way leads to a poor experience for individuals in the community, is not efficient, poses security risks, and puts UWM at a disadvantage as the institution moves forward. It is believed that by having a coordinated approach on identity and access management, UWM will be better positioned to offer access to IT services with a higher level of satisfaction to the user community while still meeting security goals and supporting new initiatives.
Q: What is the answer to the ultimate question of identity and access management?A: A 42 position password