The Identity and Access Management (IAM) Program is
critical for strengthening AUB's
cybersecurity posture. By implementing IAM best practices, we enhance security
controls, prevent unauthorized access, and improve accountability across the
organization.
Effective identity and access governance is
built on core principles like least privilege, continuous access verification,
and centralized monitoring. These controls not only safeguard critical
resources but also ensure compliance and operational integrity across the
enterprise.
AUB's IAM Program integrates advanced
technologies and streamlined processes, focusing on three critical areas:
- Unified Identity Management System:
Enforces multi-factor authentication while providing users with a
simplified login experience through a single enterprise platform.
- Identity Lifecycle Automation:
Ensures timely access provisioning, modification, and deprovisioning across the
employee and student account's lifecycle, ensuring consistent enforcement of
security policies and reducing the risk of unauthorized access.
- Role-Based Access Governance:
Dynamically assigns and audits permissions based on job functions and business
needs, enforcing least privilege principles across AUB resources.
AUB
IAM Program Components
AUB’s
IAM Program is structured around several core components that work together to
secure and streamline identity verification, access management, and enforcement
of security policies:
Identity
Single Sign-On (SSO)
Identity
SSO enables seamless and secure authentication across cloud and enterprise
applications using a single identity. For IT administrators, identity SSO provides
centralized user provisioning and access management, while giving employees
frictionless access to all authorized applications with just one login.
Self-Service
Password Reset (SSPR)SSPR
allows users to securely reset/change their passwords without IT service
desk intervention. AUB follows modern security best practices by
implementing multi-factor authentication (MFA), combining one-time passcodes
(OTP) with identity verification to authorize password resets directly through
the SSPR portal.
Administrative
User Application
The
administrative user application delivers a centralized console,
empowering administrators to comprehensively oversee all sponsored and service
accounts. This intuitive interface enables the efficient creation,
modification, and deactivation of accounts while ensuring strict adherence to
organizational policies.
Governance
Module
The
governance module enables administrators and managers to easily collect
relevant user and access information in a central location.
Federated
Authentication
Federated
authentication uses AUB's central single sign-on (SSO) infrastructure and
secure protocols to grant users access to various integrated applications. It
streamlines access by authenticating users through AUB's trusted identity provider
(IdP), protecting credentials within AUB's security perimeter. This approach
enhances security by eliminating the need for multiple credentials, provides
better access control, and offers a seamless user experience across different
platforms.
AUB
Identity Management Overview
Identity and Access Management (IAM) at AUB governs
digital identities throughout their lifecycle. By integrating with core systems of record, it serves as a
unified source of truth, eliminating data fragmentation and ensuring
consistency. This approach streamlines onboarding, offboarding, and role
transitions, improving security, operational efficiency, and user experience.
Automated access management reduces manual effort, accelerates provisioning,
and strengthens compliance enforcement.
