Identity and Access Management (IAM) Secure program
What is Identity and Access Management?
Identity and Access Management (IAM) refers to a set of business processes and supporting technologies that enable the creation and maintenance of a digital identity that is used to access applications, systems, and data.
The University of Minnesota is a large, complex, and distributed organization with diverse cultural and business practices. Identity and Access Management must serve the institution’s disparate needs, where users may have multiple roles and may change their roles, responsibilities, or departments over time.
Identity management is the process of identifying and authenticating an individual to use an application or system
Access management is the process of tracking and managing a user’s access to systems, applications, and other tools based on their role in an organization.
The IAM Secure program is a University-wide effort to modernize the Identity Management (IDM) Service and to advance access management capabilities for the University.
The program’s key deliverables are to:
- Partner with key business process owners and compliance officers to establish IAM governance.
- Deliver a strategic vision and roadmap for implementing IAM.
- Evolve the existing IDM service team so that it can successfully deliver IAM for the University.
- Establish appropriate oversight to improve compliance with related policies and standardized processes.
- Provide the University of Minnesota with secure and adaptable access to systems, applications, and data.
- RFP for cloud access management
- Access deprovisioning pilots
- Password resets
- X.500 abatement
Access Management Efforts
Fiscal Year 2020–2021
- Cloud Access Management
Mid-Fiscal Year 2020–2021
- Access Deprovisioning
Mid-Fiscal Year 2020–Mid-Fiscal Year 2022
- Group Based Access Controls
Fiscal Year 2022–Mid-Fiscal Year 2024
- Access Deprovisioning Operations/Onboarding
Mid-Fiscal Year 2022–Mid-Fiscal Year 2024
- Group Based Access Controls Operations/Onboarding
Identity Management: Account Lifecycle Transformation Efforts
Fiscal Year 2020–Mid-Fiscal Year 2021
- Foundational Efforts
Mid-Fiscal Year 2021–Mid-Fiscal Year 2023
- Modernize Account Types
Mid-Fiscal Year 2023–Fiscal Year 2024
- New Identity Store
Mid-Fiscal Year 2021–Mid-Fiscal Year 2024
- Portfolio Simplification
Impact of Identity and Access Management Advancements
New users can lose productivity and time as they wait for accounts to be created. Delays in the ability to access resources often result when manual, workflows, and approvals cannot be streamlined.
The inability to streamline the deprovisioning of users or manage user access privileges to applications and resources exposes the University to the risk of unauthorized access and audit compliance issues.
Improved Sharing Ability for Information Across Applications
Applications are unable to share information that should be shared, such as contact information, files, and common data for calendars and other frequently-used functions.
- Structure, convene and carry out shared governance
- See "Program Leadership and Governance" section below
- Monitor compliance
- Provide remediation consultation
- Improve automation and logic
- Engage stakeholders to inform governance, build shared definitions, and develop and adopt standard practices
Program Leadership and Governance
Executive Leadership: Identity and Access Management Executive Oversight Committee
Senior Leadership: Identity and Access Management Leadership Steering Team and Identity Access Management Lifecycle Committee
Program Management: Identity Management Service Program Team
Executive Oversight Committee
- Robert Mc Master, Vice President & Dean of Undergrad Education
- Bernie Gulachek, Vice President of Information Technology
- Brian Dahlin, Chief Information Security Officer
- Ken Horstman, Vice President of Human Resources
- Michael Volna, Associate Vice President & Assistant Chief Financial Officer
- Lincoln A. Kallsen, Assistant Vice President, Institutional Analysis
- Michael Berthelsen, Vice President, University Services
IAM Lifecycle Committee
- Brian Dahlin, Chair, Chief Information Security Officer, University Information Security
- Sue Van Voorhis, AVP and University Registrar, Academic Support Resources
- Stacey Tidball, Director, Academic Support Resources
- Amy Kucera, Senior Director, Office of Human Resources
- David Laden, Director, Controller’s Office
- Amy Schult, Director, Enterprise Data Management & Reporting
- Jeff Lessard, Director, Emergency Communications Center
- Susan McKinney, Director, Records & Information Management, Office of the General Counsel
- Lori Ketola, Chief Information Compliance Officer, Health Information & Compliance Office
- Colby Reese, Director, Health Sciences Technology
- Nathan Kufner, IAM Program Director
The IAM Lifecycle Committee will leverage individual experience, knowledge, and expertise to advocate for decisions that strike the appropriate balance between user experience and information security risk. This group will identify the conditions under which access to University resources is granted, denied, and revoked (otherwise known as the IAM Lifecycle).
IAM Program Leadership
- Nathan Kufner, Senior Director, Identity and Access Management
- Jake Fleming, Senior Product Manager and Service Owner, Identity and Access Management Services
- Matt Nuttall, Manager, Identity and Access Management Services
- Dillon Bogenreif, IAM Security Architect
- Michael Reeves, IAM System Architect
- Mark Skweres, IAM Data Architect
- KT Cragg, Product Owner, Access and AD
- Katie Weber, Product Owner, Identity
- Ellie Lijewski, Release Train Engineer and Communications and Change Management Lead
- Joseph Barjis, Agile Coach and Release Train Engineer
IAM is a Strategic Priority
From the mundane to the mission-critical, IAM is foundational to what we do at the University of Minnesota. IAM correctly ensures:
the right people
have the right access
at the right time.
Your University digital identity permits or prohibits the ability to accomplish tasks, such as:
- read or send emails
- register for classes
- access library resources
- analyze research data
- submit student grades
- maintain patient records
- pay tuition
- and more!
A modern IAM program also means when someone no longer needs access, it is removed in a timely and secure fashion.
Contact the IAM Secure team at [email protected].