With the formation of the new Identity & Access Management department, we held sessions to determine our operating principles as an organization and for our projects.  We use these principles to help guide our decisions.

  • Automate provisioning/deprovisioning/access management when logical
  • Reduce account management overhead
  • Tie accounts to the single identity
  • Support collaboration (federation)
  • Prefer standardized authentication options for web access (e.g. CAS, SAML)
  • More SSO
  • Include extended community (alumni, guests, etc) in identity lifecycle
  • Support authentication and authorization needs of campus
  • Delegate authority to those who need it
  • Simplify end user experience
  • Meet identity needs of all campus units
  • Open communication and transparency


To go along with this, we have specific technical principles that guide our decision making.

  • Single Identity (one record per person in the Person Registry)
  • Single Credential (one username and password per identity)
  • Standards based (industry and OSU)
  • Platform agnostic
  • Secure
  • Highly Available
  • Logging and Auditable Transactions
  • Measurable performance metrics