Project Portfolio

The ITS Identity Management team receives frequent requests from groups around campus for centralized and automated provisioning and deprovisioning of user accounts. We currently use a home-grown utility known as IMPROV for this purpose, but it only provisions Onyens and Guest IDs, not other forms of accounts. IMPROV also does not do deprovisioning, so the team uses perl scripts for this purpose.

This project will implement midPoint, an open source identity management and identity governance solution, as our deprovisioning engine. This project is necessary for follow-on projects such as deprovisioning Zoom and other applications, which are waiting for this work to be completed.

The Remedy application infrastructure has been running on unsupported versions of BMC Remedy AR Server, Oracle DB, Java, and Linux OS, which is a risk for ITS while also consuming team resources to maintain. The purpose of this project is to transition all remaining Remedy applications to other supported ServiceNow applications or application platforms. This project needs to be completed by mid-October at the latest to prevent renewal of the Unix Support contract for another year.

This project will migrate approximately 250 unprotected VLANs (“virtual local area networks”) to campus enterprise firewalls. Migrating these VLANs will prevent attacks and also limit the scope of attacks across the University. Onboarding the rest of campus will significantly expand the range and depth of the University’s defenses. It will also give ITS unprecedented awareness of which mission-critical systems we need to protect.

The National Institutes of Health (NIH) is requiring stronger proof that a person logging into their system is who they say they are. Starting in September 2021 multifactor authentication will be required when logging in to their system, and by December 2022, appropriate levels of identity assurance will also be required.

The National Institute of Health (NIH) is increasing security for their systems. The University met the first of their requirements last September, when the NIH began requiring multi-factor authentication for those logging in to their systems. For the next phase, the NIH will require identity assurance, which means stronger proof that a person is who they say they are.

The NIH uses the criteria defined in the REFEDS Assurance Framework to define levels of assurance. REFEDS, which stands for “Research and Education FEDerations,” is an organization that represents the requirements of research and education related to access and identity management.

REFEDS defines four levels of identity proofing assurance: low, medium, high, and “enterprise equivalency.”  Each level answers the question, “How well does your identity proofing process let you be sure that the person is actually who they claim to be?”

Project Phases

• September 2021: Multifactor Authentication
• June 30, 2022: Local Enterprise Equivalency
• December 31, 2022: Low, Medium, High Level of Assurance

Identity Assurance Key Points 

Visit the New NIH – Identity Requirements for Identity Assurance website to learn more about phase requirements, next steps and links to resources.

NIH: New Requirements for logins – September 2021