Three units partnered with ITS to begin using the IG tool to improve how they manage access as part of the Identity Governance (IG) early adoption project. The project concluded in March 2019.
Experience from the early adoption project inform plans to offer IG to more units and integrate with additional systems.
Interested in Identity Governance? If your unit is interested in learning more about using IG, send email to [email protected]. Requests to implement IG will be prioritized based on the benefits of IG in relation to the amount of work involved in the transition process
Building Access—College of Engineering
The College of Engineering (CoE) is automating off-hours building access for students, faculty, and staff by integrating the IG tool with C-Cure, the existing building access system. The IG tool will automatically grant or revoke door access by using identity attributes, such as institutional roles and student course roster data. Use of IG will:
- Improve building security with timely access deprovisioning, particularly for alumni.
- Allow CoE to decommission a legacy system used to manage CoE building access.
Other university units that use C-Cure to manage building access could consider integrating it with the IG tool. It can also be expanded to control access to specific rooms within the buildings.
Financials Procurement Access—Shared Services Center
The Shared Services Center (SSC) is automating the provisioning and deprovisioning of M-Pathways Financials Procurement roles by creating IG Business Roles that reflect the different positions on the SSC Procurement Team.
The IG Business Roles combine access to multiple M-Pathways roles and the associated secondary security. The approval of access is done at the level of the IG Business Roles so that access requests and approvals do not need to be performed manually on an ongoing basis.
SSC will reduce steps and time required to grant or remove access with unit-maintained databases, OARS requests, and manual processing by ITS Access & Accounts and ITS Security Analysts. By grouping access by job function, supervisors will no longer need to know the myriad of system roles and nuances of access required for their staff.
Financial Aid Access—UM-Dearborn
UM-Dearborn Information and Technology Services (ITS) streamlined the process for providing Financial Aid permissions in Banner. This eliminated a complicated access request process by automatically identifying individuals who require Banner access and creating a streamlined process for provisioning the access.
The new process prevents confusion over what access to request and reduces the related effort for staff. The net result is that access is provisioned quickly with much less manual effort. Granting and revoking access in Banner will continue to be manual for now.
Prior to the Using the IG Tool:
- The UM-Dearborn Business Roles Project for Enterprise Reporting identified more than 200 Business Roles for UM-Dearborn that are managed manually in MCommunity today. However, the Banner system for student administration was not yet included.
- To get access to Banner, staff needed to learn the request process, know what access to ask for on a request form, and know who was the owner of the requested module or application. The request then went through multiple approval steps.
With the IG Tool:
- Dearborn ITS created five Business Roles for Banner Financial Aid access.
- IG automatically detects who matches a Business Role’s membership criteria based on users’ Human Resources attributes and status.
- Dearborn ITS is notified of who qualifies for the access and assigns the pre-approved access directly in Banner.
- Dearborn ITS will gain improved reporting and auditability by creating a single source for access information, including who has access to what, why, and when it was provided.
- The IG tool will detect when someone’s access should change based on identity attributes.