Zero Trust: The Critical Role of Identity

As part of our Zero Trust program, Oregon State University completed an RFP, purchased a commercial IGA (Identity Governance and Access) system, and hired an implementation partner. We plan to replace our Shibboleth IDP with Azure SSO and deploy the Cirrus Bridge; redesign our account lifecycles to better reflect real-world scenarios; design enterprise roles for automated access; implement a workflow-based access request process for exceptional access; and create periodic access recertification campaigns. We are early in our journey for replacing OSU Identities and will approach the next phase of this project during the time of this conference (May 2023). We can discuss various aspects such as our reasons for choosing commercial software over open source (TAP), how we will continue to participate in the InCommon Federation, and applying Zero Trust principles in higher education.