An Inside Look at Identity Management at UC Davis
When identity management practices work, they truly make life easier for IT staff and users alike. Peter Siegel, CIO at the University of California, Davis, says one of the main benefits of the university's Oracle-based identity and access management (IAM) system is having an accurate central repository of student, faculty and staff identities. The most dramatic results have been seen at the UC Davis Health System in Sacramento, where all primary computer logon accounts are created automatically.
Trisha Edgerton, the university's joint technology program manager, says the UC Davis IAM system establishes a "golden record," essentially a single master directory of all identities. "Everything feeds from multiple databases into one single system, where all the student, staff and faculty identities are automatically matched to ensure accuracy," she says. "Even if a person changes their status, we know that we have
a single individual by matching their unique attributes from the various applications."
Departments can download information from the IAM to gain accurate demographics, including email addresses and department affiliations. In the past, to get a picture of an identity, multiple databases were required, and information was matched manually to ensure slightly different duplicates were properly collapsed into a single record. The system went live in November 2011.
UC Davis uses Oracle Waveset to manage accounts and Oracle Identity Analytics for access management for the main campus and UC Davis Health System. The IAM team performed a system upgrade in December 2012 that added student and affiliate records to the data store. That release increased the number of identities in the system from 35,000 to 80,000.
Accuracy and Consistency
About five years ago, Princeton University IT recognized the growing importance of identity management, and that mobility would only make it more critical.
"Much like other schools, we struggled with maintaining accurate directory information," Colin Currie, the university's executive director of administrative information services, says. "We decided to connect our enterprise resources planning system with our unified directory via an identity management layer."
Fully deployed in 2011, the system more easily and accurately provisions and deprovisions users and delivers access to applications as multiple devices arrive on campus. Using a combination of Oracle Identity Manager, Oracle Access Manager and Oracle Adaptive Access Manager, the system lets the IT staff deliver better application access control, regardless of device.
Voices
"Consolidating user identities into a common identity vault and pairing it with the single sign-on feature makes it easier for our users to access applications. Users benefit from having common authentication credentials across multiple systems, with reduced passwords on different systems."
— Nathan Hensal, IT Services Director, Highland Community College, Freeport, Ill.
"NetIQ Identity Manager lets us manage 110,000 accounts for alumni, students, faculty and staff while maintaining a minimal IT staff. The instant a student or staff member is activated, they immediately have access to all the applications they need to be productive."
— Steven Tharp, Identity Services Manager, Davenport University, Grand Rapids, Mich.
"Identity and access management secures the network at the entry point so that access to the campus network is based on the role of the user, the configuration of the computing device he or she uses and the verifiability that the device is problem-free. It facilitates a balance between secure and collaborative network computing for the college's students, faculty and staff."
— Scott A. McCollum, CIO, Sinclair Community College, Dayton, Ohio