University of Western Sydney – Identity Management Roadmap

The University of Western Sydney identified the requirement for a roadmap to guide the

development of identity management within the staff and student community.

The university is distributed and diverse, with six campuses and three faculties, each comprising multiple schools. The diversity of needs across the university was frustrating the provision of business services and the identity management environment was becoming increasingly fragmented and complex. Directory provisioning of staff and students on commencement, and the timely removal of their accounts on exit, was not occurring in an efficient way.

ICA was engaged to follow an inclusive approach whereby each school contributes to the derivation of the roadmap. A three-step process was followed whereby an Environmental Scan was conducted and documented, identifying the main identity stores and consuming systems in use within the university, a series of key-person interviews and workshops with strategic groups were conducted, and the Roadmap was defined and documented using a straw-man model approach.

The Roadmap recommended the following components be deployed over a three year period:

  • Enterprise Directory – for white pages and application authorisation
  • Virtual Directory – to provide real-time joins between the Active Directory and the Enterprise Directory
  • Provisioning –eliminating the keying of data into multiple identity stores and providing a selective anda utomatic de-provisioning process.
  • Workflow –automating workflow for approval of adds, moves and changes.
  • Attestation and Reporting –a set of tools and audit capability to report on system access rights.
  • Web single-sign-on – diminishing the need for multiple logons.
  • Federated Authentication –providing a mechanism to securely manage remote logons.
  • Four business planning tasks were also defined:
  • Identity planning and data cleansing
  • Provisioning and de-provisioning process re-engineering
  • Security policy definition e.g. review of entitlements for all staff
  • Role mapping and engineering.

ICA developed the University’s understanding that managing a person’s identity, and their access to university resources, is not a singular activity, nor is it the responsibility of Information Services. It is a multi-faceted task with involvement from the schools and administrative departments within the university. The success of an Identity and Access management (IAM) program is directly related to the robustness of these business level tasks.