February 2021 Update
Internal IAM Project
The Internal IAM project includes a re-engineering of Penn’s core IAM infrastructure, replacing decades-old, custom-built identity management systems and processes with a standards-based, modern solution to strengthen Penn’s overall security posture and ability to comply with emerging global regulatory requirements. The new IAM solution will be implemented in phases. Recent progress includes:
- The Design Phase of the project is targeted for completion by May 2021 and includes the following workstreams:
- Identity Works (implementation partner) review of current state, requirements, and system documentation
- Technical design for SailPoint (vendor)
- Architecture for technical infrastructure (servers and storage)
- Planning for implementation schedule (Fiscal Year 2022)
- Base deployment of the development environments has been completed.
- The IAM technical team completed a product training curriculum hosted by SailPoint.
- Identity Works finished their review of our previously gathered requirements.
- Follow-up sessions are underway with certain client partners to gather any remaining information on system connectivity, data schema, and provisioning. These sessions will be completed by the end of March 2021.
- Phased implementation of the new IAM system is targeted to begin in June 2021 and will carry into Fiscal Year 2022. The goals are to replace the current IAM infrastructure (Penn Community) with minimal disruption to existing services and to put in place the foundation for future improvements. Penn Community will remain available in parallel with the new IAM system to provide ample time to migrate all current Penn Community clients.
Related IAM Work
- Two-Step for O365 – Enrollment reached 12,347 (63%) for PennO365 with Two‑Step Verification during Q2 of Fiscal Year 2021. Several Schools and Centers are using ISC’s Two‑Step for O365 enrollment tools to smooth their migration path. We still strongly encourage IT groups on campus to recommend use of Two-Step with O365 for users who are not already enrolled. Administrators interested in using the toolkit for their users should contact help@isc.upenn.edu.
- The IAM Policy Working Group – This group continues its work to establish the University’s first comprehensive set of Identity and Access Management policies, including policy statements, best and acceptable practices, and technical standards documents. Current work is focused on the practices of security event auditing, identity creation, and identity proofing. A draft audit policy has been completed and is currently under review. Prior work has produced agreement on several foundational concepts, most notably:
- PennID is the University’s primary identifier
- PennKey is the University’s primary authenticator
- Every PennKey must be associated with a PennID
- A PennID can only be associated with one PennKey
Questions & Feedback
ISC values your feedback. If you have questions, comments, or suggestions, please contact penn-iam@upenn.edu.
We look forward to sharing more progress with you soon!
The Penn IAM Team
