EIM Fundamental Concepts Part I
Following the release of the introductory video, “Identity Management in a Nutshell,” the Enterprise Identity Management (EIM) project is continuing its foundational work to refine and simplify your experience with access to university services. This work entails improving the way UC San Diego manages digital identities and granting (and revoking) access to its many digital services. To understand how that happens, it can be helpful to examine what we mean by identity management, entitlement management and access management.
At its heart, these concepts are really about risk management, ensuring access to any UC San Diego system is protected. The systems could contain student or employee records, but can also include the ability to control systems, access buildings, receive subscription materials restricted to certain University affiliates, and so on.
As we have seen time and time again, data breaches put both the individual and the university in a vulnerable position. But to do anything about that we need to know who is accessing these systems and establish if they should be able to do so. Identity management begins with asking, "who are you and how do I know that?"
Identity Management
To ensure your success at this university, we need to guarantee that you and every member of our community are properly identified when engaging with university services. In other words, we need to uniquely and consistently identify you and differentiate you from everyone else. We can’t even have a discussion about entitlement management and access management without this.
Identity management at UC San Diego involves the use of data from systems like ISIS and UC Path. This data can include legal name, lived name, date of birth, personal email, and phone number as well as various system identifiers like a student PID and/or employee ID. This distinct combination paints the picture of your unique digital identity that the university can use to confidently say in a particular system, "I know you.”
The challenge here is that we want to ensure that the complete collection of ‘interesting’ characteristics is uniformly ‘attached’ to the correct person, which is to say that no matter your relationship with campus, whether you are a student, employee, or other, we can verify who you are. And, in doing so, we can make sure it’s easier to connect your digital identity in different systems. This is one of the goals of the EIM project and what identity management is all about. That identity grants you entitlement management and access management.
Entitlement Management and Access Management
Once we can confidently and consistently identify you, we need to get you access to the things you need. This begins with entitlement management.
Entitlement management essentially asks what are the services – based on your identity and relationship to the institution – that you are authorized to use? And, conversely, what are you not authorized to use? This is simply the permission portion before gaining entry into a restricted space, virtual or physical.
Think of entitlement management as being invited to a dinner party at your friend’s house. You have been granted permission to attend. However, to be able to enter your friend’s house, you need a gate code. The gate code is your literal access to the party. That is access management.
What’s the Benefit to Me?
Part of improving entitlement management at UC San Diego is gaining better visibility into how people become affiliated (and unaffiliated) with the institution and the entitlements that are granted or revoked as a result. When we see an issue pop up with someone’s entitlements or access, we can find the root cause and fix it faster.
With all of this, we can ensure that not only is your data secure at this institution, but that all of your engagements with the university, across its many systems throughout all of the many affiliations you may have with the university, remains seamless for you. That is what EIM seeks to bring to the table.
To hear more about the EIM project and get the latest updates, check out the March 16, 2022 TECHTalk featuring the EIM project team.
Join the Conversation
The success of the project is dependent on the active participation of Subject Matter Experts (SME) from across campus to develop a picture of the processes (process landscape) surrounding EIM.
Find more about the ESR EIM project.