Identity & Access Management (IAM) at UVA
June 2018 Update
The New IAM Portal Makes Managing Your UVA Identity Easier
With the "go-live" of the new Identity & Access Management Self-Service Portal June 25, it is now much easier to create and change your personal UVA identity information.
Through the self-service portal, you can now:
- activate your UVA computing ID and set your password,
- manage your passwords and security questions,
- set your preferred or professional name,
- add an alternate email address and phone number for password recovery, and
- manage your "From" email address.
Lightweight Directory Access Protocol (LDAP) attributes also changed as part of this rollout. A select number of values from public and private LDAP, Eservices Active Directory (AD), and PeopleSearch have either been deprecated or modified as of June 25. This has an effect on applications which use these attributes. Please see the LDAP Attribute Changes Chart for the list of changes and links to the other updated LDAP and AD webpages.
April 2018 Update
After a comprehensive vendor evaluation and selection process, UVA has selected and is implementing the IAM product from Fischer International Identity.
A core project team, led by Mark Cox, is dedicated to the IAM implementation effort. This is a complex, multi-phase project, with many dependencies upon the University’s Ufirst project and the consolidation of various HR systems with the implementation of Workday.
Phase 1 – The first phase of the IAM project is largely about replacing our legacy Identity Management system, including our legacy Central User Database (CUDB) and the various data feeds into and out of the CUDB. In addition to replacing these components, new self-service functionality will be provided to users via a consolidated Identity Portal. Phase 1 will provide the foundation for future IAM improvements and enhancements.
Phase 2 – The complete scope of Phase 2 (and potential additional future phases) is still TBD and a comprehensive IAM Roadmap will be developed. Minimally, during Phase 2, we will begin to transition ESHARP functionality into IAM and we will evaluate and address Medical Center-specific IAM requirements.
Phase 1 Highlights (June 2017 – January 2019)
Phase 1 items will be delivered via multiple, incremental releases during December 2017 through January 2019.
Note: The Ufirst project schedule change has resulted in a corresponding IAM project schedule shift due to the IAM dependency upon Workday data.
- Develop Source Connectors with SIS, Jenzabar (UVA Wise), and Workday, Inc. as the primary systems of record that generate records for “people” that need digital identities to access UVA systems and resources
- Develop Target Connectors for near real-time provisioning and de-provisioning of user records in LDAP, Active Directory, Office 365 (faculty/staff), Gmail (students)
- Provide User Self-Service for streamlined account activation/claiming
- Provide User Self-Service for password management & password resets
- Provide User Self-Service for Professional/Directory Name preferences
- Provide User Self-Service for Sponsoring Contractor/Affiliate Accounts
- Delineate Retirees in Identity Management (tied to the Workday, Inc. implementation)
- Delineate Contractors in Identity Management
- Provide Access Requests and Approvals for Workday, Inc. (Esharp-like functionality)
- Provide User Self-Service for setting SMTP from email address
Phase 2 begins in January 2019. Detailed planning for enhanced and expanded IAM capabilities is TBD.