ANU Identity and Access Management

Identity and Access Management

The Identity and Access Management (IdAM) Project is working towards improving the effectiveness of the University’s existing identity and access management system. To improve the University’s existing identity management and access management functionality, consideration must be given to the authentication (how they are authenticated), authorisation (who they are) and access (what exactly they can access) components of the existing and envisaged solution.

Background of the Project

The ANU is facing significant issues relating to the capability and maturity of its existing identity management tools. While the University’s existing solution has served it well, the associated issues are compromising its security and access governance relating to identity, administration and password management.

Over the past 17 years, the policies, practices and procedures for the University’s tailored Online Accounts Management System (OLAMS) have not been developed in an enterprise manner, leading to business capability deficiencies, disparate results, and limited support capability. Moreover, continued use of the existing system is resulting in inefficient processes, potential security breaches and inaccurate information management practices.

To mitigate these issues, the University’s IdAM project is working towards developing a solution that underpins its existing infrastructure, thereby establishing a robust, modern and supported solution.

New Identity System

The current business objective of the IdAM project is to decommission the existing bespoke system (OLAMS) and upgrade the existing Oracle Identity Management (OIM) software.

To ensure that user records are accurate and dependable across the University, the OIM software will receive information from the ANU HR PeopleSoft system, using an intermediary software component. A new set of PeopleSoft Staging Database Tables will receive the direct feed from PeopleSoft systems, which will drive the identity lifecycle events for OIM. Present OLAMS functionality will be rebuilt into the new OIM system including the web interfaces to create and manage Alumni, Auxiliary and Functional accounts. 

The most noticeable of the changes will be the introduction of expiring passwords for all staff and students, which will impact all ANU ICT systems and users. The change will result in a 365-day password expiry policy for both Staff and Students, with the Password Update Policy to be changed to a three-monthly expiry at a future point.