Penn’s Identity & Access Management Program
Reimagining the University’s digital security infrastructure
Penn’s Identity & Access Management Program
Reimagining the University’s digital security infrastructure
Penn’s Identity & Access Management Program (IAM) is completely reimagining the University’s digital security infrastructure. IAM systems protect the privacy, safety, and security of Penn students, staff, and faculty, ensuring that their network credentials, personal data, and intellectual property are safe.
The Penn IAM team is re-engineering Penn’s core IAM infrastructure, replacing decades-old, custom-built identity management systems and processes with a standards-based, modern infrastructure. This is critical for Penn’s overall security posture and ability to comply with emerging global regulatory requirements.
The team continues to work collaboratively with representatives from the Schools and Centers to leverage our new identity management system’s capabilities to improve the security and efficiency of University-wide identity and access management processes.
Penn Community Re-Engineering:
Ongoing implementation of SailPoint Identity IQ as the underlying identity engine for Penn Community
PennPath:
Authentication system for users outside Penn who need access to University resources
PennKey Self-Service Password Reset App:
Using only a pre-registered personal email address and cell phone number, users can reset their own PennKey passwords
PennKey Support App:
All PennKey support operations migrated to the new Penn Community platform
Duo Universal Prompt:
Replaced Penn’s custom solution for PennKey Two-Step Verification with easier and safer device management
O365 Email Two-Step 100% Compliance:
All Penn O365 email users now using Two-Step Verification
SailPoint/KITE/Entra ID Integration
Automated provisioning and de-provisioning of Microsoft identities (KITE and ISC’s O365) by SailPoint IIQ (new Penn Community)
PennKey (WebLogin) Authorization
Expanding PennKey SSO functionality to include authorization checking, providing “front-door” security for PennKey-protected apps
PennKey Provisioning & Email Aliasing
New, streamlined process for creating PennKeys and assigning Penn email addresses for new users with email aliases based on users’ full names
Two-Step Expansion
Mitigating the risk posed by non-Two-Step PennKeys with new policies and access controls that require Two-Step for sensitive resources
Ongoing Legacy Retirements/Change Management
New, streamlined process for creating PennKeys and assigning Penn email addresses for new users with email aliases based on users’ full names
PennKey Live Support
New remote PennKey password resets using live virtual support instead of email to dramatically improve user experience and align with security best practices
More Stories
Data Analytics Drive Penn
New Snowflake AI Data Cloud Platform
Penn SecureIT
Securing the university from cybersecurity threats
Penn Chart
ISC standardized and migrated student medical and behavioral health records to the PennChart system.