Identity and Access Management (IAM)
The way we do business at SLAC is changing so that we can expand our impact in science and research. SLAC IT must create safe and efficient identity and access processes to support this growth and comply with federal mandates. The SLAC IAM Program provides the crucial infrastructure to comply with federal regulations while streamlining user access and account initiation.
Keep reading to understand the various project components, milestones, compliance deadlines, and what this means for SLAC users, visitors, and managers.
IAM Program Overview
SLAC IT’S IAM Program consists of three critical domains. Within each, several related projects will implement a single sign-on experience and a modern, adaptable, and scalable user access infrastructure.


SLAC IT’S IAM Program consists of three critical domains. Within each, several related projects will implement a single sign-on experience and a modern, adaptable, and scalable user access infrastructure.
IAM Goals

The SLAC IAM Program will accomplish several critical objectives.
The program objectives are:
- Establish a single sign-on experience for all strongly affiliated SLAC staff.
- Consolidate user accounts so there is just one Stanford/SLAC user account to manage per individual.
- Create universal user registration processes for SLAC staff, facility users, and visitors.
- Modernize SLAC’s IAM infrastructure to be adaptable, scaleable, and equipped to meet future research, mission objectives, and administrative needs.
- Transition to systems and tools that are highly available, cloud-hosted, and geo-diverse.
- Comply with federal, Department of Energy (DoE), and Stanford University requirements and industry best practices.
Identity Management

Identity Management includes usernames and devices, services, groups, and other unique online identifiers associated with SLAC users or systems. It also encompasses all aspects of identity creation, from initiating new user access to managing change processes, granting user access levels, authentication, and more.
Understand how SLAC defines person and device identity and the IAM Program will simplify and improve our identity management processes.
Access Management

Access Management refers to the process by which SLAC determines which individuals and systems need access to various applications, devices, and networks. Access control criteria are derived from an individual’s organizational affiliation or role or based on project needs.
The SLAC IAM Program will consistently and securely apply access control policies per best practices and lab needs. Under the new IAM infrastructure, administrators and managers from across the organization can better manage user groups, group definitions, and staff and facility access.
IAM Project Team
ROLE | MEMBER(S) |
---|---|
Primary POC |
Bruce Vincent |
Project Manager |
Erika Everingham |
Information Technology |
Michelle Jost |

In partnership with SLAC IT Cybersecurity, the IAM Program is sunsetting the UNIX email application. New onboarding and entitlement policies will impact facility user sponsors and UNIX email account holders. Understand how this affects you and the available SLAC IT support to facilitate this transition.
Learn more →

SLAC IT is excited to announce SLAC Cardinal Key, a digital credential installed on devices that offers passwordless logins for Stanford applications, is now available on most SLAC-managed devices.

The IAM Program is making it easier than ever to come to SLAC. The user onboarding process is simplified with a unified approach for onboarding new hires and facility users. Multiple identity systems are consolidated into one with single sign-on, automated permission granting, and two-way identity verification from approved partners.
New hires and existing facilities users will access all SLAC systems with only a SUNET ID. This means everyone will get to work sooner in fewer steps.
Learn more →
There are no upcoming events for this project.
-
In ProgressUNIX Email End of Life
-
In ProgressCardinal Key Integration & SSO
-
CompleteSLAC IT Website: IAM Project
-
In ProgressSLAC Registration Portal Requirements Gathering
Facility Users
Onboarding Flow SSO
-
In ProgressIdentity Registration Launch
-
In ProgressSLAC Registration Portal Requirements Finalized
MFA Low Enclave
-
In ProgressGrouper
-
MilestoneCreate Federation Agreements
-
MilestoneYubi Key Service
-
MilestoneFederation for SSH
Federation for SSH
IDP Proxy Server
First Round User Testing SLAC Registration Portal Forms & Workflows
-
MilestoneUpdate Password Policy
Final testing of forms and workflow for SLAC registration portal and training opportunities announced.
-
MilestoneMFA for SSH
-
MilestoneStakeholder Training
-
Milestone802.1 X
-
MilestoneIdentity Access Management Portal & UFVA
Shared two-way trust with Standford University
-
MilestoneOnboarding & User Federation Begins
-
MilestoneHeimdal & Other Identity Systems Decomissioned
-
MilestonePeople Soft Non-Employee Data Decomissioned
-
MilestoneFull People Soft Decomissioning
-
MilestoneOnboarding & User Federation Concludes