Topics Map > Account
Topics Map > General UWM Knowledge
Topics Map > Security
Identity and Access Management (IAM) @ UWM FAQ
FAQ for Identity and Access Management at UWM
If you have a suggestion for a question, please email iam-faq@uwm.edu.
Q: What
is IAM (Identity and Access Management)?
A: Identity
and Access Management is composed of the processes for managing the creation of
electronic identities for individuals of the UWM community, establishing
attributes that reflect relationships between individuals and the organization,
and asserting these electronic identities and attributes to enable access to
other services that deliver value to individuals.
Q: Why
is UWM investing in Identity and Access Management?
A: Higher Education
increasingly relies on services delivered electronically to accomplish its
mission of delivering education and engaging in research. Most such
services need some form of electronic based identity to control access to these
services and ensure the security of the information contained in the
services. At the same time, individual members of the community desire
access methods that are user friendly and non-intrusive. The investment
by UWM in identity and access management services drives the continual
improvement of technology and processes to meet these often conflicting goals
in as effective a manner as possible.
Q: When
will the IAM Program be complete?
A: The
IAM Program is intended to be an ongoing effort that will continually work to
improve service to the campus while also adapting to the future needs of the
community. On an annual basis, the steering committee for the program
reviews the strategy and goals of the program and adjusts them to address changes
in campus focus and/or emerging technology trends.
Q: What
is the time line for deployment of single sign-on?
A: There is no
defined time line for the deployment of single sign-on (SSO). The
infrastructure to support the SSO user experience has been deployed. The IAAM
Steering Committee has drafted a priority list of existing services that have
been identified as candidates for integration into SSO. The approach is each
service will be integrated as a separate project with a separate service
transition plan. Services that are in the process of being implemented and new
services will have a component of each implementation built into the project to
address integration with the SSO framework.
Q: What
framework is UWM using to deploy single sign-on?
A: UWM has deployed
a Shibboleth Identity Provider and is requiring SAML2 compliant interfaces,
either using the Shibboleth Service Provider software or native
implementations, to integrate into the SSO environment.
Q: How
is UWM improving IAM services?
A: Several steps
are being taken. The coordination of all of the services has been
consolidated into a formal program structure with a steering committee setting
goals and UITS program sponsors manging resources. Services are being
reviewed and are either being improved or replaced with more appropriate
solutions. Processes and procedures are being documented and formalized
where needed. Where appropriate processes and procedures are being
reviewed to streamline or better define service expectations to provide the most
effective use of resources. New technologies are being deployed to
support single sign-on and federated access technologies. Key
infrastructure is getting updated. A formal IT service management
framework is being implemented. The security of services is being
reviewed and improved were required to meet future service needs.
Q: What
is Single Sign-On?
A: Single Sign-On
(SSO) at UWM is about fulfilling two desires for individuals that use IT
services at UWM. The first desire focuses on minimizing the number of times an
individual needs to "login" while still maintaining a secure
environment. An indivdual will experience signing on to one application and
seamlessly gaining access to other common applications without the need to
re-enter an ePantherID and password again. This does not mean people will never
need to sign-on or only have to sign-on once a day. For various technology and
security reasons, some applications will need to remain outside of the SSO
framework. However, the goal is to significantly reduce the time and effort it
takes to access the common applications used by the majority of the
UW-Milwaukee community.
The other desire focuses on improving access to applications that are supported
by people outside of the UW-Milwaukee community. Whether supported by
UW-System, another university, government agency or other application provider,
there are external applications in use from UWM that need to be accessed in a
secure fashion. The second, and longer term goal of SSO will be to introduce
procedures and technology to allow this to happen. Further, the goal is to
allow this to happen without the need for a person to have yet another set of
user-names and passwords to remember. Collectively, the set of procedures and
technology needed to do this is called Federated Identity, or sometimes just
Federation.
Q: I
got an ePantherID when I got here. Don't we have identity management already? A: UWM has
maintained various identity management services over the years, many of which
were tightly linked to services such as email, the Alpha environment, campus
computer labs or PAWS or other administrative systems. What is new is a
realization that operating these services in such a fragmented way leads to a
poor experience for individuals in the community, is not efficient, poses
security risks, and puts UWM at a disadvantage as the institution moves
forward. It is believed that by having a coordinated approach on identity
and access management, UWM will be better positioned to offer access to IT
services with a higher level of satisfaction to the user community while still
meeting security goals and supporting new initiatives.
Q: What
is the answer to the ultimate question of identity and access management?A: A
42 position password