Skip to main content
Project
On Schedule

Identity and Access Management (IAM)

The way we do business at SLAC is changing so that we can expand our impact in science and research. SLAC IT must create safe and efficient identity and access processes to support this growth and comply with federal mandates. The SLAC IAM Program provides the crucial infrastructure to comply with federal regulations while streamlining user access and account initiation. 

Keep reading to understand the various project components, milestones, compliance deadlines, and what this means for SLAC users, visitors, and managers.

 

IAM Program Overview

SLAC IT’S IAM Program consists of three critical domains. Within each, several related projects will implement a single sign-on experience and a modern, adaptable, and scalable user access infrastructure.

 

IAM Current State InfographicIAM Future State Infographic

 

SLAC IAM Components

SLAC IT’S IAM Program consists of three critical domains. Within each, several related projects will implement a single sign-on experience and a modern, adaptable, and scalable user access infrastructure.

IAM Goals
iam program goals

 

The SLAC IAM Program will accomplish several critical objectives.

The program objectives are:

  • Establish a single sign-on experience for all strongly affiliated SLAC staff.
  • Consolidate user accounts so there is just one Stanford/SLAC user account to manage per individual. 
  • Create universal user registration processes for SLAC staff, facility users, and visitors.
  • Modernize SLAC’s IAM infrastructure to be adaptable, scaleable, and equipped to meet future research, mission objectives, and administrative needs.
  • Transition to systems and tools that are highly available, cloud-hosted, and geo-diverse.
  • Comply with federal, Department of Energy (DoE), and Stanford University requirements and industry best practices.
Identity Management
iam program identity

 

Identity Management includes usernames and devices, services, groups, and other unique online identifiers associated with SLAC users or systems. It also encompasses all aspects of identity creation, from initiating new user access to managing change processes, granting user access levels, authentication, and more.

Understand how SLAC defines person and device identity and the IAM Program will simplify and improve our identity management processes.

Learn more about SLAC Identity Management.

Access Management
iam program access

Access Management refers to the process by which SLAC determines which individuals and systems need access to various applications, devices, and networks. Access control criteria are derived from an individual’s organizational affiliation or role or based on project needs.

The SLAC IAM Program will consistently and securely apply access control policies per best practices and lab needs. Under the new IAM infrastructure, administrators and managers from across the organization can better manage user groups, group definitions, and staff and facility access

Learn more about SLAC Access Management.

IAM Project Team
ROLE MEMBER(S)

Primary POC

Bruce Vincent

Project Manager

Erika Everingham
Information
Technology

Michelle Jost
Erwin Lopez
Kevin Purcell
Ross Wilper

Project updates
SLAC Email Unix
Email Account Policies
UNIX Email Sunset

In partnership with SLAC IT Cybersecurity, the IAM Program is sunsetting the UNIX email application. New onboarding and entitlement policies will impact facility user sponsors and UNIX email account holders. Understand how this affects you and the available SLAC IT support to facilitate this transition.

Learn more →

cardinal key
Password-Less Authentication
Improve Your Login Experience with Cardinal Key 

SLAC IT is excited to announce SLAC Cardinal Key, a digital credential installed on devices that offers passwordless logins for Stanford applications, is now available on most SLAC-managed devices.

Learn more →

New Onboarding Processes
Onboarding Made Easier
Streamlined Onboarding & Single Sign-On (SSO)

The IAM Program is making it easier than ever to come to SLAC. The user onboarding process is simplified with a unified approach for onboarding new hires and facility users. Multiple identity systems are consolidated into one with single sign-on, automated permission granting, and two-way identity verification from approved partners. 

New hires and existing facilities users will access all SLAC systems with only a SUNET ID. This means everyone will get to work sooner in fewer steps.

Learn more →

What is happening?
Upcoming Events

There are no upcoming events for this project.

IAM Project Timeline
  • In Progress
    UNIX Email End of Life
  • In Progress
    Cardinal Key Integration & SSO
  • Complete
    SLAC IT Website: IAM Project
  • In Progress
    SLAC Registration Portal Requirements Gathering

    Facility Users

    Onboarding Flow SSO

  • In Progress
    Identity Registration Launch
  • In Progress
    SLAC Registration Portal Requirements Finalized

    MFA Low Enclave

  • In Progress
    Grouper
  • Milestone
    Create Federation Agreements
  • Milestone
    Yubi Key Service
  • Milestone
    Federation for SSH

    Federation for SSH

    IDP Proxy Server

    First Round User Testing SLAC Registration Portal Forms & Workflows

  • Milestone
    Update Password Policy

     

    Final testing of forms and workflow for SLAC registration portal and training opportunities announced.

  • Milestone
    MFA for SSH
  • Milestone
    Stakeholder Training
  • Milestone
    802.1 X
  • Milestone
    Identity Access Management Portal & UFVA

    Shared two-way trust with Standford University

  • Milestone
    Onboarding & User Federation Begins
  • Milestone
    Heimdal & Other Identity Systems Decomissioned
  • Milestone
    People Soft Non-Employee Data Decomissioned
  • Milestone
    Full People Soft Decomissioning
  • Milestone
    Onboarding & User Federation Concludes