Edited by Apryl Motley, CAE - InCommon Communications Lead, Internet2 Trust and Identity
As part of our ongoing commitment to providing you with additional opportunities to benefit from the insights and expertise of InCommon Catalysts, in April we introduced a quarterly Q&A column, Catalyst to Catalyst, that will be featured in our monthly e-newsletter InCommon News.
Think of Catalyst to Catalyst as a quarterly, virtual advice panel providing perspectives on a key identity and access management (IAM) topic for the InCommon community. If there’s a question you would like for us to address in a future installment of Catalyst to Catalyst, contact InCommon Communications Lead Apryl Motley.
What strategies are you recommending to prepare for IAM now and in the future?
The whole IAM area is rapidly evolving, and we believe this trend will continue in the foreseeable future. With the rising maturity of the IAM solutions, they are being adapted and used by more and more institutions and also their end-users. That naturally increases the demand for usability and self-service features. At the same time, the advancement of IAM allows us to improve automation and even implement complex processes within the IAM solution.
For the described reasons, we have two recommendations. The first one is to focus on your users. Make your IAM solution user-centric. Allow users to request, manage, approve, or deny access themselves. In the end, this will increase overall efficiency, speed up your processes, and reduce the workload on the technical support team. Evolveum suggests investing in identity governance features with the main focus being on self-service for managing roles.
The second recommendation is to actually focus on the future. Build your IAM with future steps in mind. Have enough flexibility to integrate new features and be able to adapt to any breakthrough in the IAM area. For Evolveum, this is the default approach to all our activities. MidPoint has many configuration options that make it complex, but we consider it better than being limited by insufficient flexibility. Therefore, we recommend using the same principle and staying flexible and adaptable.
—Igor Farinic, CEO, Evolveum; firstname.lastname@example.org
How can research and education institutions streamline identity and access management (IAM) using the InCommon Trusted Access Platform?
The InCommon Trusted Access Platform was made by higher education professionals who understand the challenges, issues, and risks that need to be considered for identity and access management in higher education spaces. The value of trusted access platforms is multifold, but its primary purpose is streamlining IAM for institutions. Schools can take advantage of the open-source trusted access platform bundle applications as they see fit, as each application can stand on its own as well as work together.
The bundled tools streamline IAM from many perspectives, the first and foremost being automation, which reduces the time investment required for teams working on IAM projects. The active Slack channels, working groups, product documentation, and collaborative sessions serve to guide institutions as they move forward with the open-source trusted access platform solution.
The bundle handles everything from single-sign-on with MFA, registry, groups management, provisioning, and more. Governance tools are in place to ensure that configuration options are available to accommodate the policies and decisions of institutions.
The viability of these streamlined IAM solutions is largely measured by how completely student needs are met. The true test is: can your users log in and get the tools they need, in a timely manner and without issue? If you answered yes, you have success!
—Charise M. Arrowood, Senior Director, Identity, Unicon Inc.; email@example.com