The Identity and Access Management (IAM) project is a multi-year initiative to replace and modernize Tufts’ IAM infrastructure. The main goals include:
- Provide greater flexibility for administrative and business processes including security/access management and communications.
- Reduce onboarding and account administration challenges.
- Increase personal agency around identity data and updates.
- Design a sustainable solution.
(Last Updated April 2023)
What are we doing?
The Identity and Access Management (IAM) project will replace the existing IAM systems for access and appropriately integrate the physical access control systems as an extension of identity. This will include both a new technical platform based on industry best practices and a set of capabilities that can be leveraged to work together with common security services, principles, and methods to enable a comprehensively more secure environment. The new platform should facilitate a coordinated approach to overall access (building and applications) and simplify, yet enhance, the processes for identity creation and account provisioning, resulting in improved administration efficiencies, access control and risk management, and end-user productivity and experience.
Why are we doing it now?
The current IAM environment at Tufts lacks the capabilities needed to support the timely provisioning of accounts to new users and the ability to grant access at a more granular level so that users receive only what they need. The current IAM systems are regularly bypassed because they do not adequately support temporal access for short-term visitors and research collaborators, summer program attendees, as well as new program offerings from University College. Because the system encompasses many fragmented, manual processes that are cumbersome and constraining, it requires an inordinate amount of staff time that both heightens the potential for mistakes and makes it difficult to provide efficient and timely service. This environment also precludes us from meeting security requirements for granular access assignment and revocation, as well as disabling and deprovisioning accounts. Similarly, the current identity management system for physical/building access is manual, not integrated with enterprise systems, and requires significant human intervention for regular operation.
Taking agile approach, we anticipate making incremental improvements over the next couple of years.
What is the impact on Tufts and the community?
While most of the improvements will be “behind the scenes,” some of the customer-facing impacts will be:
- Better responsiveness to requests for integrations and reporting.
- Greater visibility for hiring managers into new hire onboarding progress.
- Improved onboarding experience for incoming employees and students.