Identity Access Management (IAM) is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources.
User cohorts
We have identified five user cohors at PSI
...
that we need to identity and authorise:
Staff - defined as all employees for either PSI Global, or any of the PSI in-country chapters.
PSI longLong-term consultants - which are granted psi.org emails and access to its PSI systems.
Health workers - that include those that have a direct relation with PSI, or indirect, that - includes those that we server are served on contractual basis like partner organizations organisations or MOHother ministries.
Developer and consultants - engaged by PSI Global or PSI subsidiaries.
FInal usersConsumers: one day we will give access to Sara and Sam, the fictional PSI client archetypes, to the information that we have about it, and allow them to interact with it.
Cohort | IAM platform, expected start date |
|---|---|
PSI staffStaff | Azure 0365 |
Health Worker | Keycloak |
Developers & other consultants | Keycloak |
Sara & Sam | Keycloak |
Identity Platforms
PSI Global and most of their localized platforms use MS Azure O365 as their main user directory and identity management system. A second IAM platform was selected in late 2022 to handle those user cohorts for which the use of MS 365 will be inappropriate/ unnecessary. The table below summarize the applications connected to both identity management platforms.
User Identity platform | Final Users Health worker and others | Developers |
|---|---|---|
MS Azure 0365 since 2015 | DHIS2 Monday.com Confluence PBI/ Superset? | PBI dev Confluence (required) |
Keycloak (from early 2023) | WFA web app FHIR ONA android Moodle web & android DHIS2 web & android RocketChat (live agents) Open Help Desk platform* Superset usersDHIS2 | OpenHIM hapiFHIR (dev/QA/test) Superset developer RapidPro Moodle config DHIS2 config AWS ? |
...