IGA Modernization

April 1, 2024

The IGA Modernization project team has accomplished Phase 1, centered on Group and Role Management, and implemented midPoint and Grouper, key components of the InCommon Trusted Access Platform. With this milestone, the IAM team introduced Enterprise Group Services (EGS). EGS enables university departments to automate the management of application and system authorization groups through Attribute-Based Access Control (ABAC) rules. Group membership within EGS is dynamically managed, with members added and removed automatically.


Phase 2 project planning is complete, with the team successfully upgrading both midPoint and Grouper. They have now begun essential infrastructure development and the creation of new connectors.

Program Goals

The goal of the IAM Modernization Program is threefold:

  • Consolidate IAM solutions to reduce technical debt
  • Improve IAM processes
  • Join the InCommon community

Program Phases

Due to the significant scope of this effort, the program has been divided into program phases with distinct deliverables.

Phase 0: Research

(tick) Complete.

Phase 0: Research was comprised of solution analysis and determined that our target tool set would be midPoint and Grouper.

The project team determined that the program would move forward with the InCommon Trusted Access Platform (TAP), implementing midPoint for identity management and Grouper for group and role management.

Phase I: Group and Role Management

(tick) Complete.

Phase I: Group and Role Management will create the infrastructure to facilitate Role-Based Access Control (RBAC) at the university. Project Charter attached. 

Phase II: Workday midPoint feed & SailPoint retirement

(info) In Progress.

Phase II: The Workday midPoint feed & SailPoint retirement is dedicated to transitioning the daily Workday file to be picked up and processed by midPoint and to retiring the SailPoint system.

Future Phases

Future phases may change based on campus and team priorities.

Phase III: Identity Management is expected to modernize the tool set used to create, update, maintain, and administer identities.

Phase IV: Password Store is expected to modernize the infrastructure used to store passwords and integrate with downstream systems.

Phase V: Employee Records Business Logic is expected to review and improve how the identity management systems consolidate, analyze, and process employee data.

Phase VI: Other Business Logic is expected to review and improve how the identity management systems consolidate, analyze, and process all other identity data.