The Identity Management service provides a clearing house for all identity based access and permissions for all systems in the MSU Denver environment.
Being Implemented in phases, the Phase 1 System, delivered in January 2025 takes input from one of two "Sources of Truth."
For Students the source of truth is Banner. For Faculty and Staff (including Student Employees?0, the source of truth is Workday ERP.
Sailpoint intakes created and updated identities from these sources of truth and applies birthright account creation/modification for:
1. Microsoft Active Directory exclusive of Azure Active Directory
2. Work Day and Workday Account
3. Watermark Faculty
Legacy account provisioning process remain in place for systems like Canvas, TDX and privileged AD accounts (SA accounts).
Access and permissions to many additional applications is automated through Identity Now APIs and Web Service Calls
Example applications with variations of user type include:
Active Directory VPN
Symplicity
Canvas LMS
Pathways to Possible
Supplemental Instructor
TeamDynamix
University Events
In future phases during 2025, more applications will include birthright functionality.
Birthright means that by the nature of belonging to an organization or being in a role, predefined access and permissions are granted.
Also, users and supervisors will be encouraged to make adhoc requests for access and permissions via the IdentityNow application.
Finally, de-provisioning of employees and students who leave the organization will be managed through IdentityNow automation.