August 2021 Update
Internal IAM Project
The Internal IAM project includes a re-engineering of Penn’s core IAM infrastructure, replacing decades-old, custom-built identity management systems and processes with a standards-based, modern solution to strengthen Penn’s overall security posture and ability to comply with emerging global regulatory requirements. The new Penn Community (with SailPoint IIQ as the underlying identity engine) will be implemented in phases.
Phase 1 Rollout – November 13-14
Phase 1 rollout is targeted for implementation the weekend of November 13-14, 2021. The affected audience is limited to Penn Community administrators and University personnel involved in identity conflict resolution (approximately 10 staff). The new solution will run on a Penn-dedicated infrastructure hosted by Amazon Web Services (AWS), providing a flexible architecture that can grow with the University. Phase 1 rollout will include the following:
- The new Penn Community (powered by SailPoint IIQ) populated with source/historical data
- PennIDs created by the new Penn Community
- Legacy Penn Community becomes a consumer of the new Penn Community powered by SailPoint IIQ; legacy Penn Community remains in place during migration of consumers; no “big bang” transition
Recent Progress
Recent progress includes:
- Setup of the development and testing environments is complete.
- Baseline configuration of SailPoint IIQ is nearing completion and integration with Penn source systems (Admissions, Alumni, HR, etc.) continues.
- The team is in the midst of unit and system testing and preparing for pre-production testing. Pre-production testing will allow us to simulate the production environment and identify any remaining issues prior to the go-live weekend.
Related IAM Work
- Two-Step for O365 – Mandatory use of Two‑Step Verification with PennO365 is under discussion with a target completion date of June 2022. Most O365 users (~75%) at Penn already use Two-Step. We strongly encourage IT groups on campus to recommend use of Two-Step with O365 for users who are not already enrolled.
- The IAM Policy Working Group – This group continues its work to establish the University’s first comprehensive set of Identity and Access Management policies, including policy statements, best and acceptable practices, and technical standards documents. Three drafting teams are finishing up drafts of policies for (1) in-person and remote identity proofing and (2) requirements for the new self-service password reset process.
- User Self-Service Password Reset – ISC is developing requirements and exploring vendor offerings for a modern user self-service password reset utility to replace Penn’s current challenge-response process. The new process will use pre-registered communications channels (e.g., reset link to personal email, notification to phone/other) to provide secure, convenient resets for all PennKey holders.
Questions & Feedback
ISC values your feedback. If you have questions, comments, or suggestions, please contact penn-iam@upenn.edu.
We look forward to sharing more progress with you soon!
The Penn IAM Team