The success of an institution’s Identity Access Management tools is largely determined by how they are managed.
“Regardless of design or purchase decisions, IAM tools are only as effective as the institutional philosophy and commitments behind their management,” Mary McKee, director of IM and security services at Duke University, said during the InCommon “Intro to IAM Architecture” webinar held on July 7. “Effective support of systems and processes downstream of IAM systems begins with clarifying the division of responsibilities and approach between IAM teams and upstream data sources.”
McKee also presented information about core IAM functions and the guiding principles for success at Duke University.
Nearly 80 participants joined the webinar, which was the second in a series of regular “InCommon IAM Mini-Series – Community Implementation Stories” discussions. View the webinar recording and download the presentation.
Other speakers included:
- David Hutches, the enterprise architect at the University of California San Diego (UCSD);
- Michael Corn, chief information security officer at UCSD;
- Bill Thompson, director of digital infrastructure at Lafayette College.
The Need for Architectural Flow
It is also critical to think about the architecture of IAM, Hutches said. He explained IAM architecture is needed because of what flows from it:
- the logical decomposition of the problem space
- Dispensing with ad hoc/organic cruft
- Linking software capabilities and business requirements
- Integrating into a larger ecosystem
- Differentiating what improves the customer experience
Participants also learned about UCSD’s identity and entitlements ecosystem and its core services architecture. During this presentation, Hutches outlined the key design principles of high cohesion and low coupling.
Thompson shared a diagram outlining the Lafayette College IAM architecture, including identity sources, identity management, governance, identity and access provisioning, self-service account management, and authentication. Key to his presentation was an analysis of the software used and associated service-delivery costs.
“It is hard (impossible?) to really make progress in IAM without an overarching vision and buy-in from key stakeholders. Even then it can be very difficult,” Thompson said.
Participants asked a variety of questions on such topics as business rules used to define primary roles and the purpose of defining a primary role instead of synthesizing roles. In a post-session poll, participants unanimously agreed that the session was useful and voted that “Understanding IAM Governance” should be the next topic of discussion for the next webinar, which is slated for Aug. 11 at 1 p.m. ET.