What is Identity and Access Management?

Identity and Access Management (IAM) refers to a set of business processes and supporting technologies that enable the creation and maintenance of a digital identity that is used to access applications, systems, and data.

The University of Minnesota is a large, complex, and distributed organization with diverse cultural and business practices. Identity and Access Management must serve the institution’s disparate needs, where users may have multiple roles and may change their roles, responsibilities, or departments over time. 

Identity Management

Identity management is the process of identifying and authenticating an individual to use an application or system

Access Management

Access management is the process of tracking and managing a user’s access to systems, applications, and other tools based on their role in an organization.

IAM Secure

The IAM Secure program is a University-wide effort to modernize the Identity Management (IDM) Service and to advance access management capabilities for the University. 

The program’s key deliverables are to: 

  • Partner with key business process owners and compliance officers to establish IAM governance. 
  • Deliver a strategic vision and roadmap for implementing IAM. 
  • Evolve the existing IDM service team so that it can successfully deliver IAM for the University.
  • Establish appropriate oversight to improve compliance with related policies and standardized processes.
  • Provide the University of Minnesota with secure and adaptable access to systems, applications, and data.

Multi-Year Efforts

IAM Secure Program Multi-Year Timeline
The IAM Secure program includes several multi-year efforts as shown in the timeline above; see a text-only version below

Expand all

Current Initiatives

  • RFP for cloud access management 
  • Access deprovisioning pilots 
  • Password resets
  • X.500 abatement

Access Management Efforts

Fiscal Year 2020–2021

  • Cloud Access Management

Mid-Fiscal Year 2020–2021

  • Access Deprovisioning

Mid-Fiscal Year 2020–Mid-Fiscal Year 2022

  • Group Based Access Controls

Fiscal Year 2022–Mid-Fiscal Year 2024

  • Access Deprovisioning Operations/Onboarding

Mid-Fiscal Year 2022–Mid-Fiscal Year 2024

  • Group Based Access Controls Operations/Onboarding

Identity Management: Account Lifecycle Transformation Efforts

Fiscal Year 2020–Mid-Fiscal Year 2021

  • Foundational Efforts

Mid-Fiscal Year 2021–Mid-Fiscal Year 2023

  • Modernize Account Types

Mid-Fiscal Year 2023–Fiscal Year 2024

  • New Identity Store

Mid-Fiscal Year 2021–Mid-Fiscal Year 2024

  • Portfolio Simplification

Impact of Identity and Access Management Advancements

Expand all

Increased productivity

New users can lose productivity and time as they wait for accounts to be created. Delays in the ability to access resources often result when manual, workflows, and approvals cannot be streamlined.

Enhanced Security

The inability to streamline the deprovisioning of users or manage user access privileges to applications and resources exposes the University to the risk of unauthorized access and audit compliance issues.

Improved Sharing Ability for Information Across Applications

Applications are unable to share information that should be shared, such as contact information, files, and common data for calendars and other frequently-used functions.

Our Approach

Expand all

Governance

  • Structure, convene and carry out shared governance
  • See "Program Leadership and Governance" section below

Policy

  • Monitor compliance
  • Provide remediation consultation

Process

  • Ensure processes support policies
  • Create standardized review procedures independent of location, business unit, or resources

Technology

  • Improve automation and logic

Collaboration

  • Engage stakeholders to inform governance, build shared definitions, and develop and adopt standard practices

Program Leadership and Governance

Expand all

Governance Structure

Executive Leadership: Identity and Access Management Executive Oversight Committee

Senior Leadership: Identity and Access Management Leadership Steering Team and Identity Access Management Lifecycle Committee 

Program Management: Identity Management Service Program Team

Executive Oversight Committee

  • Robert Mc Master, Vice President & Dean of Undergrad Education
  • Bernie Gulachek, Vice President of Information Technology
  • Brian Dahlin, Chief Information Security Officer
  • Ken Horstman, Vice President of Human Resources
  • Michael Volna, Associate Vice President & Assistant Chief Financial Officer
  • Lincoln A. Kallsen, Assistant Vice President, Institutional Analysis
  • Michael Berthelsen, Vice President, University Services

IAM Lifecycle Committee

  • Brian Dahlin, Chair, Chief Information Security Officer, University Information Security
  • Sue Van Voorhis, AVP and University Registrar, Academic Support Resources
  • Stacey Tidball, Director, Academic Support Resources 
  • Sharon Ramallo, Senior Director, Office of Information Technology 
  • Amy Kucera, Senior Director, Office of Human Resources
  • David Laden, Director, Controller’s Office 
  • Amy Schult, Director, Enterprise Data Management & Reporting
  • Jeff Lessard, Director, Emergency Communications Center
  • Susan McKinney, Director, Records & Information Management, Office of the General Counsel
  • Lori Ketola, Chief Information Compliance Officer, Health Information & Compliance Office
  • Colby Reese, Director, Health Sciences Technology
  • Nathan Kufner, IAM Program Director

The IAM Lifecycle Committee will leverage individual experience, knowledge, and expertise to advocate for decisions that strike the appropriate balance between user experience and information security risk. This group will identify the conditions under which access to University resources is granted, denied, and revoked (otherwise known as the IAM Lifecycle).

IAM Program Leadership

  • Nathan Kufner, IAM Program Director
  • Jake Fleming, IDM Service Owner
  • Matt Nuttall, Manager, Integration, Identity Management, and IT Tools
  • Dillon Bogenreif, IAM Security Architect
  • Michael Reeves, IAM Tech Architect
  • Barbara Mueller, Interim Program Manager
  • KT Cragg, Access Team Product Owner
  • Katie Weber, Identity Team Product Owner
  • Craig Woodford, AD Team Product Owner
  • Ellie Lijewski, Communications and Change Management Lead