The Trajectory of EIM
What do the 75,000+ (and growing) members of the UC San Diego community have in common?
If you ask the Enterprise Identity Management (EIM) project team what EIM is about, you’ll hear one resounding answer: it has to do with identity.
Ensuring that every member of the UC San Diego community receives precisely the services they're entitled to is at the heart of the EIM project. Because of the unique needs of such a large and diverse community, the project has been set on a four-phase course. Let's take a closer look at what these phases entail.
Through the EIM project, each member of the community will have a unique digital identity that lets university systems know who they are. This digital identity is assigned a specific collection of attributes such as Triton ID, username and primary email address. This identity stays with a user throughout their time at UC San Diego.
So while someone may move from student to alumni, graduate student, faculty or employee, their identity will not change. If the university can confidently identify someone, we can ensure that only that person sees the data that only they should see. This introduces greater efficiency in university systems, and, more importantly, the way you interact with various systems will improve.
“Whether you’re applying for admission, receiving a degree or paycheck, or getting the results of a COVID test, nothing is as fundamental as ensuring that the right person gets the right service, degree, check or test results,” said UC San Diego Chief Information Security Officer Michael Corn.
“The EIM project moves UC San Diego towards a future where we have a much higher degree of confidence in who a person is while lowering the burden we place on members of our community to identify themselves to systems and services.”
To do this, however, requires meticulous work on every enterprise-level application maintaining their infrastructure and integrations. Simply put, the EIM project team has its work cut out for them. That’s why the project has been divided into four phases, the first of which is currently underway.
EIM Phase 1: Focusing on Students and Employees
Much like home construction, Phase I is about setting the foundation for what’s to come. The focus of this phase is the broadest constituent base - namely students and employees.
During this phase, the EIM team will design, implement and integrate the critical systems and processes that underlie all future enhancements and services to come from this project. Again, this is not a simple plug and play operation. It’s about developing a unified identity framework that will provide robust, scalable and efficient identity services.
The project team is currently roughing everything in to make sure it can work seamlessly with existing systems.
This work is not being done without input from the community. University-wide collaboration defines this project with part of the effort involving an exhaustive process of uncovering how the EIM project can best serve the community.
“We have received a great deal of help from various teams/organizations (e.g., Health, Registrar, JSOE, Biology) in understanding how they do their businesses,” said Michael McGrath, EIM Business Systems Analyst. “But there are scenarios, one-offs and ‘oh, by the ways’ to be documented...providing all of us the opportunity to examine organic, legacy business processes and systems to...better understand, streamline and manage identity.”
Post-Phase One: Extending Services Outward
Phase Two
The team will expand identity services to students of the Division of Extended Studies (formerly Extension) in Phase Two of the project. A self-service component for user-driven credential management is also included, to allow employees and students to select a custom email address and providing greater flexibility to make changes due to life events.
Phase Three
Phase Three expands its reach to sponsored guests and affiliates. Shoring up gaps in access and addressing complexities associated with identity management addresses a common challenge experienced by researchers as well as academic and instructional partners.
One important component of Phase Three is the development of the centralized guest account and an access management portal. The portal will make it easier for sponsored guests to effectively collaborate with university resources.
Phase Four
Finally, Phase Four represents EIM as a fully realized service with more enhancements and automation.
This phase involves the implementation of more granular access management services along with more self-service portal capabilities.
Delegated access control for departments may be provided for timely creation of collaboration groups. Access to campus resources for university employees and affiliated research partners may be provided for a quarter or even years. This phase will become more clear in scope as the project team makes their way through Phase One.
With a track record proven in the launch of an enterprise-wide identity management program at the University of Miami, EIM Solution Architect Mona Zarei had this to say:
“What’s really exciting about this proposed solution is in its capabilities, power and convenience. There really is no upper limit for future enhancements for the campus, which assures the University can evolve responsively with its community. The key is the strength of core systems and understanding the critical components now to plan for what our needs may be in the future.”
Project Timeline
Note that the timeline for this effort is still being solidified. The process landscaping sessions with subject matter experts will inform the project team about potential impacts to scope or timeline, allowing the team to properly plan the timing of each of the four phases. The completed timeline will be shared.
Learn more about the EIM project phases.
Find more about the ESR EIM project. Contact esr-eim@ucsd.edu with questions.