With the formation of the new Identity & Access Management department, we held sessions to determine our operating principles as an organization and for our projects. We use these principles to help guide our decisions.
-
Automate provisioning/deprovisioning/access management when logical
-
Reduce account management overhead
-
Tie accounts to the single identity
-
Support collaboration (federation)
-
Prefer standardized authentication options for web access (e.g. CAS, SAML)
-
More SSO
-
Include extended community (alumni, guests, etc) in identity lifecycle
-
Support authentication and authorization needs of campus
-
Delegate authority to those who need it
-
Simplify end user experience
-
Meet identity needs of all campus units
-
Open communication and transparency
To go along with this, we have specific technical principles that guide our decision making.
-
Single Identity (one record per person in the Person Registry)
-
Single Credential (one username and password per identity)
-
Standards based (industry and OSU)
-
Platform agnostic
-
Secure
-
Highly Available
-
Logging and Auditable Transactions
-
Measurable performance metrics