June 2021 Update
Internal IAM Project
The Internal IAM project includes a re-engineering of Penn’s core IAM infrastructure, replacing decades-old, custom-built identity management systems and processes with a standards-based, modern solution to strengthen Penn’s overall security posture and ability to comply with emerging global regulatory requirements. The new IAM solution (SailPoint) will be implemented in phases. Recent progress includes:
- The team completed implementation planning, and Phase 1 rollout is underway and targeted for completion in November 2021. The new solution will run on a Penn-dedicated infrastructure hosted by Amazon Web Services (AWS), giving us a flexible architecture that can grow with the University.
- Environment setup is underway (development, staging, production).
- Phase 1 rollout will include the following:
- SailPoint populated with source/historical data
- PennIDs created by SailPoint
- Penn Community becomes a consumer of SailPoint, remains in place during migration of consumers; no “big bang” transition
- Phase 1 affected audiences include ISC system administrators as well as source system personnel (Admissions, Alumni, HR, etc.) involved in identity conflict resolution (approximately 10 staff). Training and documentation will be provided to these audiences.
- Phase 2 rollout (1-2 years) will include the following:
- New Admin interface/model (EntryView retired)
- New PennKey claiming and password reset processes
- All consumers of Penn Community data migrated to new infrastructure – planned system-by-system migration; no “big-bang” transition
- Penn Community retired
Related IAM Work
- Two-Step for O365 – Enrollment passed 15,500 (74% of total) for PennO365 with Two‑Step Verification during Q4 of Fiscal Year 2021. With the synchronization of PennKey and O365 passwords, it is more important than ever for users to enable Two-Step for O365 to ensure consistent protection of their privacy across University systems. We strongly encourage IT groups on campus to recommend use of Two-Step with O365 for users who are not already enrolled. Several Schools and Centers are using ISC’s Two‑Step for O365 enrollment tools to smooth their migration path. Administrators interested in using the toolkit for their users should contact help@isc.upenn.edu.
- The IAM Policy Working Group – This group continues its work to establish the University’s first comprehensive set of Identity and Access Management policies, including policy statements, best and acceptable practices, and technical standards documents. Three identity proofing working groups have been formed to analyze processes for in-person, remote, and self-service password resets including standards and practices, validation process, and training.
- User Self-Service Password Reset – ISC is developing requirements and exploring vendor offerings for a modern user self-service password reset utility to replace Penn’s current challenge-response process. The new process will use pre-registered communications channels (e.g., reset link to personal email, notification to phone/other) to provide secure, convenient resets for all PennKey holders.
Questions & Feedback
ISC values your feedback. If you have questions, comments, or suggestions, please contact penn-iam@upenn.edu.
We look forward to sharing more progress with you soon!
The Penn IAM Team
