View a PDF of the poster: Michigan Medicine Identity and Access Management Standards
The Identity and Access Management poster addresses Michigan Medicine Authentication Standards and User Account Lifecycle.
Authentication protocols fall into four categories: Strategic, Emerging, Tactical, and Non-Standard. Prior to this year, authentication protocols were not standardized, which confused customers, impacted HITS Service Desk, and resulted in poor identity and access security. In 2018, the Technical Standards Committee approved the Michigan Medicine Authentication standard, providing clear and secure methods to authenticate into Michigan Medicine network.
User Account Lifecycle security involves applying best practices during Onboarding, Maintaining, and Offboarding accounts that report directly or indirectly to the Executive Vice President of Medical Affairs.
Employee on-boarding begins with new hire acceptance with Human Resources. Automated processes provide communications with employee, communications with hiring manager, integration with credentialing agencies (for providers). Non-employees are on-boarded through a combination of manual and automated processes with IAM tools and have a 12-month sponsorship.
Account maintenance involves adding value to identities by sharing and collecting authoritative data with Michigan Medicine customers. Automated messages are generated for periodic maintenance events (password reset and non-employee 12-month sponsorship expiration) and our automated tools create and maintain entitlements and roles which provide digital and physical access controls for employees and non-employees.
Account off-boarding provides security by deactivating accounts within one hour of employment termination. Deactivation occurs on the end date. Accounts are removed from client-facing systems 30 days after deactivation.
With authentication standards and account lifecycle, IAM provides digital security and efficient solutions for a range of customers at Michigan Medicine.