December 2021 Update
Penn Community Re-Engineering Project
The Penn Community Re-Engineering Project includes a phased re-engineering of Penn’s core IAM infrastructure, replacing decades-old, custom-built identity management systems and processes with a standards-based, modern solution to strengthen Penn’s overall security posture and ability to comply with emerging global regulatory requirements.
Phase 1 Rollout Complete
Phase 1 rollout was completed on November 15, 2021 and included the implementation of SailPoint Identity IQ (IIQ) as the underlying identity engine for Penn Community. The new solution runs on a Penn-dedicated infrastructure hosted by Amazon Web Services (AWS), providing a flexible architecture that can grow with the University. More details about this rollout are available on the Penn Community website.
Phase 2 Beginning
In Phase 2, we will begin leveraging our new identity management system’s capabilities to improve the security and efficiency of University-wide identity and access management processes. Phased functional releases are targeted to begin mid-2022, with the implementation of a new delegated identity administration interface to replace the legacy Penn Community EntryView application.
Detailed project planning is underway for Phase 2, which will include improvements to:
- Timeliness and accuracy of University identity data
- Administrators’ tools for user lookup, manual entry, and PennKey support
- End-user self-service tools for password resets and PennKey creation
Areas of new functionality will include:
- Auditing and reporting of identity updates and security events
- Phased integrations with key, business-critical University systems to provide automated, rules-based provisioning and de-provisioning of user accounts and access privileges
Other IAM News
- Two-Step for O365 – Two‑Step Verification with PennO365 will be required as of June 2022. Most O365 users (over 80%) at Penn already use Two-Step to protect their O365 accounts. We strongly encourage IT groups on campus to work with users who are not already enrolled.
- User Self-Service Password Reset – ISC is in the inception and planning phases of a project to deploy new processes for self-service password resets and PennKey creation to replace Penn’s current custom-built solution. The new password reset process will use pre-registered communications channels (e.g., reset link to personal email, notification to phone/other) to provide more secure and convenient resets for all PennKey holders.
Questions & Feedback
ISC values your feedback. If you have questions, comments, or suggestions, please contact firstname.lastname@example.org.
We look forward to sharing more progress with you soon!
The Penn IAM Team