Identity Provisioning and Administration
This Identity and Access Management (IAM) architecture proposal describes the integration of Courion
with the University infrastructure. The primary function of Courion is to serve as an identity vault with rulebased account provisioning capabilities as well as connectors for integrating with downstream systems.
Courion is designed to provide an individual with the appropriate access to enterprise systems based on
the individual’s affiliation with the University (i.e. faculty, staff, or student). It leverages existing
authoritative sources to capture, register and assign affiliation types to people. In addition, Courion will
provide the necessary tools to manage changes in users access, compliance auditing, roles and other
functions related to identity management.
Although this proposal has been discussed with Courion, this document should only be used to facilitate
the discussion at the IAMTC and other IAM related committees to help identify the areas of integration
between Courion and other systems at the University. Courion will be producing a full design document
based on the University requirements, IAMTC input, and the Courion discovery meetings. In this
document, the specific implementation and naming conventions of the various components of this design
is subject to change based on the underline technology. Significant changes will be brought back to the
The IAM Architecture Proposed Design:
The following diagram describes the proposed initial design of the Identity Provisioning and
Administration architecture. Initially, this design will include provisioning to existing campus identity
management systems (e.g. Tivioli, Phone Book, etc.). Over time, applications that rely on these systems
will be transitioned to Courion and eventually the campus identity systems can be decommissioned.
Page 1 of 4