Identity & Access Management (IAM) Program

Overview

UBC has recognised the need for an overall strategy to address the University's security and legal obligations for managing identity information. Identity and Access Management (IAM) is the set of business policies, processes, and a supporting infrastructure for managing the creation, maintenance and use of digital identities. The IAM program is a multi-year initiative to develop an Identity and Access management system that allows UBC to consolidate identification and authorization operations.


Purpose

Students, faculty and staff are faced with an increasing plethora of systems, accounts, usernames, passwords and access rules as part of an ongoing challenge to balance access and security needs. Without an institution-wide approach, these challenges are met on a system-by-system basis with duplicate identity information distributed across campus. As a result, the user experience is increasingly complicated, faculty and staff efficiency diminishes, identity-related administrative complexity and costs rise, and security becomes weaker.

At a high level, a successful IAM system can:

  • Lower overall administration effort
  • Enable business success
  • Improve operational efficiency
  • Boost compliance
  • Heighten security

Goals

The IAM program’s goal is to build policies, processes and technologies that allow UBC to consolidate identification and authorization operations so that the right people have access to the right services at the right time in their user lifecycle.

The IAM system aims to:

  • Quickly and easily identify and enable a person's function at the university
  • Simplify the process for accessing information services, systems, physical facilities, and other resources 
  • Allow people to establish an identity during their first contact with the University 
  • Enable departmental systems to make use of a common identity facility 
  • Provide inter-departmental, institution-wide automated identity workflow 
  • Have the capability to support finely targeted broadcast communications 
  • Allow personal information to be managed through an easy-to-use online service
  • Support easy inter-university access to resources
  • Maintain identity security and auditing standards consistent with university policies
  • Provide local control of local identity resources

For example, this can be achieved by:

  • Reducing the number of separate sign-ons
  • Ensuring that the same username / password is used on most systems
  • Managing digital identity data in a way that is person-centric, not system-centric
  • Using local administration and control for local resources

Contacts

Sebastian Gonzalez (sebastian.gonzalez@ubc.ca)