Managing Your Identity and Access with EIM
Have you ever missed a deadline because you were waiting for access to a campus system or service? How many times have you encountered delays because different campus systems could not recognize that you were in fact the same person? How many of you struggle to remember the difference between your Business Systems and Active Directory credentials, and long for a true single sign-on process? You are not alone. Eliminating these sorts of problems is the reason ESR is launching a major Enterprise Identity Management (EIM) project. The days of struggling with multiple credentials and passwords will soon be a thing of the past.
“The UC San Diego community has over 70,000 members interacting with university systems more than 6 million times a year,” said project sponsor and Chief Information Security Officer Michael Corn. “Numbers like that mean that even the slightest delay in accessing these systems can have a major impact on the satisfaction and productivity of our community. Combine this with the diverse needs of students, faculty, researchers and guests, and the explosion of attacks on user accounts, and we need to develop contemporary, highly secure identity practices. EIM represents that initiative with solutions that are simple and less expensive to maintain and offer an elegant, modern experience.”
To this end, the EIM project will replace the university’s existing identity and access management services and infrastructure. The goal of the project is to improve access management of our systems, bolster security, increase operational efficiency and flexibility, and simplify life for our community across the board. More specifically, these solutions protect university and personnel data, support and enhance our teaching and research mission across the university and others as well, and improve the user experience in accessing these systems.
Safeguarding Your Security
“As we step further and further into the digital age, we’ve learned that building trust into our systems does not have to mean a greater burden for users,” added Michael. “Security and usability can go hand in hand and be perfectly balanced. For example, by leveraging advanced mechanisms, we’ve eliminated the hassle of mandatory password resets, while lowering the risk of an account compromise.”
However, an examination of our existing identity systems revealed not just user frustration, but serious vulnerabilities. Following a 2018 cyberattack on campus IT infrastructure, an analysis showed there were more than 35,000 idle accounts across the general campus and UC San Diego Health communities. These idle accounts, which were originally created for legitimate purposes but not appropriately deactivated, represent an unnecessary entry point for exposure to cyberattacks. This discovery is one of many examples motivating the EIM project team to redesign the university’s entire identity infrastructure to ensure accounts and access will be appropriately deactivated in a timely manner, reducing security risks to the university.
Supporting Research Collaboration
UC San Diego’s ability to effectively participate in collaborative research requires greater vigilance and effective strategies. Many national and international research collaborations are ceasing to provide local accounts to collaborative research partners. Instead they are relying on ‘federation’ - an aggressive set of identity assurance standards that allow a researcher from one institution to use their credentials to access systems at another institution.
“All modern research is collaborative and often international,” said Michael. “Without preparing now for this shift to federated access, UC San Diego researchers will find themselves locked out of major scientific initiatives.”
EIM is implementing infrastructure changes to ensure UC San Diego remains compliant with federation standards to protect and enhance the potential for these research partnerships now and in the future.
Enhancing the Student Experience
The real impact for students is that from the moment they join the university community, through their time as a student and transitioning to alumni, they will have a seamless experience without any disruption of access. It is a singular identity that remains consistent and secure. One example of this is our adoption of “social identities” to allow alumni to access their academic history and transcripts using a social login from LinkedIn, Google, or Microsoft.
Overall, the goal is to recognize that you are you. So whether you start as a student and transition to alumni, and take a job on campus, or come back as a student, or do the whole process in reverse, you should have one set of credentials across systems regardless of your designation.
“The financial and workforce benefits of improving our identity systems is undeniable,” said Laurel Welton, Change Lead for EIM. “These automated and secure authentication processes reduce the burden of cumbersome manual processes, which means that the time our resources save can now be put toward greater pursuits in better serving our entire community. It’s how we can ensure everyone has appropriate access to the tools they need when they need them. And that’s what’s so exciting about this project.”
What’s Next?
Over the next two years, EIM will replace or enhance a variety of our current identity and access management services, including Single Sign-On, Active Directory and AccessLink. Account provisioning processes will be streamlined for students, employees and affiliates, such as research partners from other institutions. Each member of the UC San Diego community will be assigned a Triton ID, a new unique identifier that will make it easier to link an individual’s information across all of our systems. Additional tools will be implemented to support the use of social login credentials, such as your personal Gmail, LinkedIn or Microsoft account, to access campus services, and to improve our ability to automate system access provisioning to individuals and groups based on relevant characteristics.
“While major systems come and go over time, your connection to the University is permanent. Whether you’re an employee, a student, a parent, a guest or one of our many world class researchers, our mission with EIM is to ensure the full set of University resources are available to you to access the way you want to. Our identity management system is the digital embodiment of that connection and it’s thrilling to see it manifest in our new EIM program,” said Michael Corn.
To learn more, go to the EIM project pages.