NEWS: Complex overhaul of the UC Merced Identity & Access Management 

Avi Badwal with CIO's Gabe Gonzales, Van Williams and Joe Bengfort

October 3, 2024All Articles

The UC Merced Office of Information Technology and the UC Merced Identity & Access Management Team won the 2023 UC Tech Awards IT Security Award silver award. Learn more about how they updated UC Merced’s security systems in their nomination, below.

Overview

UC Merced recently completed a total overhaul of our outdated Identity and Access

Management system, which provides the following features:

  1. The new design is fully aligned with the campus brand to create an intuitive and cohesive experience for campus applicants, students, faculty, staff, and Alumni;
  2. It supports the Lived Name policy by allowing username choice during Account Claim; 
  3. It offers integrated self-service features that drive security awareness;
  4. It incorporates artwork and animation in a way that is engaging and playful while also increasing account and campus security.

Project Description

In 2022, UC Merced’s Identity and access management (IAM) system reached a critical nexus as a “system of concern.” It had a fair bit of technical debt, it didn’t meet modern security requirements, its branding was out of date, and it created a fair amount of administrative work for multiple campus departments due to a lack of self-service features.

With recent security breaches at nearby Merced College and the City of Merced on their minds, the UC Merced Office of Information Technology’s Identity and Access Management (IAM) team knew it was time for a complex overhaul of UC Merced’s identification management system serving campus’s 14,000 students, staff, and faculty. The system, which responds to hundreds of thousands of login requests each day and is supported by multiple form factors, had a number of issues:

• Obsolete UI/UX

• Not able to deliver real-time information for account claims

• Not able to handle Gender Recognition and Lived Name (GRLN)

• Problematic for international students due to email delay issues

• Not up-to-date with current campus brand standards

• Lacked the necessary security measures to keep up with advancements in the technical landscape

With these problems in mind, Avi Badwal, director of Enterprise Technologies at UC Merced, partnered with cross-functional teams across the organization to envision a modern IAM system. After multiple meetings with HR, Admissions, Student Affairs, Security, Service Desk, and other campus stakeholders, the team set out to design and build a new system. Their vision was a user-friendly, accessible, and engaging IAM system that provided secure access to campus resources and could help protect university members’ personal information.

During the initial discovery phase, the UC Merced IAM team worked with stakeholders to document the current system’s pain points, including issues with user experience, security, and accessibility, along with desired features and outcomes for the new system. They also made sure to thoroughly review support tickets across multiple departments to understand the challenges faced by end users. They also found that the dated branding of the existing system was especially problematic—new applicants and admits, in particular, didn’t understand the look and feel change they experienced when moving from admissions materials to account claim or login experience. The team recognized that this was a way in which they could support the campus’s strategic enrollment growth goals while also addressing technical debt.

In the design phase, the team focused on creating a user-friendly and thoroughly accessible interface that would simplify the overall digital experience of this essential and necessaryadministrative application for everyone on campus. The old system generally needed acomplete overhaul with modern security in mind, so new system specifications included a streamlined login process and new self-service capabilities for managing passwords, Duo MFA, and more. And since the requirements list was already a mile long, the team decided to implement Duo Universal Prompt alongside all the other changes for an even more secure sign-on experience for campus members.

During the development phase, the team addressed the need for more modern security alignment with features such as the security check-up, which gives individual users an “at-a-glance” understanding of their general security posture and includes a view into their Duo MFA devices and last login, days since last password change, and more. The team also implemented animation and artwork to complement the campus brand standards. The new design supports the UC Merced brand and creates a fresh, playful digital experience for users—while also making it more difficult for bad actors to impersonate UC Merced’s Single Sign On (SSO) pages and identity services.

On March 27, 2023, the team deployed an elegant, modern system that offers an intuitive and ultimately more secure user experience for UC Merced applicants, students, faculty, staff, and alumni. The final project delivery included a new Identity Management page, multiple new self-service features, a new Account Claim experience with more customization to support Lived Name, a new Single Sign-On experience, and Duo Universal Prompt.

Throughout the effort, the team employed a collaborative approach which allowed for an iterative design and development process. Like any project team, they had to weather some scope creep and last-minute requirements changes, but the final product(s) are modern, engaging, intuitive, and accessible – excellent representations of the UC Merced brand. The changes to this critical and highly visible campus system create a significantly improved and cohesive experience for applicants and admits during Account Claim and Single Sign-On — fundamental elements of the admissions process and thus deeply supportive of the campus’s strategic goal of increasing enrollment. The updated system also works to educate campus members via intuitive features like the security check-up, so campus awareness of basic security hygiene will increase as they use that feature. The number of support tickets for account management issues to Admissions, HR, and the Office of Information Technology Service Desk has been significantly reduced due to the incorporation of self-service features.

Kudos to all involved in this sustained effort to modernize our campus technology offerings.

Read the team’s winning 2023 UC Tech Awards application.  

UC Tech Awards Program Background Information

The UC Tech Awards Program celebrates individuals and teams in the UC tech community who have contributed in areas of strategic importance to the university using technical approaches. The UC CIO Council created the program in 2001 when an award for innovation was named after Larry L. Sautter. The program has grown to seven awards, which include design, DEI leadership, innovation, IT Security, operational excellence, UC-wide collaboration, and sustained impact. The UC Tech Awards Program celebrates those designing or implementing high-impact technology initiatives. It promotes an inclusive UC tech community by recognizing the technology contributions of people from all areas of expertise, including business operations, research, education, patient care, and public service. The UC Tech Awards are sponsored by the UC CIO Council, composed of the Chief Information Officers (CIOs) across UC locations. Each year, five members of this council, who rotate on an annual basis, select the award winners. The annual call for submissions is announced in the winter with a spring submission deadline. The committee meets by in the late spring and awards are presented at the annual UC Tech Conference. To learn about the UC Tech Awards program, please visit the UC Tech Awards Program Description or contact Laurel.Skurko@UCOP.edu.

Contact 

Christy Snyder

Christy Snyder
Assistant Vice Chancellor and Deputy Chief Information Officer
UC Merced Office of Information Technology