Identity Access Management (IAM) Modernization

Related Links

Subscribe to IAM Insights monthly newsletter

CTO Nick Stowe shares the IAM vision (YouTube video)

Contact

Louis Bugenig
Project Manager

Progress update - May 2024

Note: This is a non-workforce IAM project. 

During the first quarter of this year, the IAM Evaluation Committee, including business and technical representatives from 13 partner agencies, participated in the final stage of selecting the Customer Identity Access Management (CIAM) solution. Given that the new CIAM solution will be used by all Washington state customers for many years to come, the evaluators are focused on ensuring the selected solution meets the state’s long-term objectives for a modern user experience that is streamlined, secure, accessible and easy to administer.

In this final evaluation stage, the top two vendors in the CIAM marketplace have been evaluated based on the results of a usability study by Anthro-Tech, deep dives into technical and business use cases, and customer question-and-answer sessions.

The IAM Program anticipates making a final CIAM solution selection in May.

What's next?

With a final CIAM solution selection in May the IAM Program needs to complete detailed plans for the Implementation Phase, including:

  • Product roadmap: This lays out the strategy for a minimally viable product (MVP) and incremental “software releases” for identity data management (IDM) and identity verification (IDV) with increasing complexity and maturity of features and functionality over time.
  • Agency onboarding plan: This plan identifies criteria for onboarding agency applications to connect with the CIAM solution in incremental “waves” in alignment with the product roadmap.
  • Operating model: The model envisions the framework for operating the new solution as agencies onboard, including the customer support structure, operations resources, workflows and operating budget.

The IAM Program anticipates the Phase 2 activities described above will occur through early 2025.

Throughout the Roadmap Planning phase (Phase 2), the IAM Program will continue engaging with the IAM Subcommittee to collaborate and decide on the future direction for the program. Governing an enterprise-wide, shared service requires the IAM Subcommittee members to co-create the product roadmap, agency onboarding plan and operating model that will guide the Implementation Phase starting next year. The IAM Program appreciates the commitment of the subcommittee members, including business and technical representatives from 13 agencies.

Roadmap image

Overview

Since 2019, a renewed focus has been placed on cloud computing, data management, resident experience, privacy and cybersecurity.  In addition, there is increased recognition that consumers of Washington state services and our vendors expect to be able to interact with the state consistent with the basic levels of Identity Management provided by the private sector. 

There is a recognized need across the enterprise to modernize our Identity Management (IAM) capabilities to meet these expectations and to better manage access to systems and services in a controlled manner. 

Specific drivers of our need to modernize IAM include:

  • Existing enterprise solutions are limited to email-based authentication.  The current model of federated identity verification has no single and comprehensive view of user identity.  This has resulted in a disjointed user experience as users manage multiple portions of their identity across disparate systems (trust model).
  • Consolidation of access to state services using an updated resident portal that will be a front door for access to all state services and will be dependent on IAM functionality.
  • Ever increasing need to mitigate access-related risks and potential fraud.
  • Outdated policies driving increased waiver requests that increase barriers to delivery of services while proliferating siloed identity stores.
  • Additional IAM functionality needed to realize benefits associated with migration toward cloud computing.
  • Supporting the state’s Digital Equity goals by eliminating outdated technology and policies which increase barriers to services.
  • Alignment to top priorities of national state CIOs. IAM is the National Association of State Chief Information Officers (NASCIO) sixth ranked priority of their 2022 top 10 priorities.
  • Mitigate identity sprawl by modernizing to meet federation needs and integration with other identity stores while maintaining a single source of truth for identity. 

Vision

IAM Strategic Vision: Washington residents can access state digital services efficiently with confidence that their information is protected and privacy is respected. The state reduces risk by verifying all users and authenticating all transactions while increasing digital equity and access to state services.  

Project goals in support of Strategic Vision:  Engage agency partners and complete a successful technology Proof of Concept resulting in contracts with technology and service providers necessary to modernize IAM technology and processes for the state of Washington.