Identity Access Management (IAM) is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources.
User cohorts
We have identified five user cohors that we need to identity and authorize:
PSI staff - defined as all employees for either PSI Global, or any of the PSI in-country chapters.
PSI long-term consultants - which are granted psi.org emails and access to PSI systems.
Health workers - that include those that have a direct relation with PSI, or indirect, that includes those that we server on contractual basis like partner organizations or MOH.
Developer and consultants - engaged by PSI Global or PSI subsidiaries.
FInal users: one day we will give access to Sara and Sam, the fictional PSI client archetypes, to the information that we have about them.
Cohort | IAM platform, expected start date |
|---|---|
PSI staff | Azure 0365 in use since 2015 |
Health Worker | Keycloak from early 2023 |
Developers & other consultants | Keycloak from mid 2023 |
Sara & Sam | Keycloak from 2024 |
Identity Platforms
PSI Global and most of their localized platforms use MS Azure O365 as their main user directory and identity management system. A second IAM platform was selected in late 2022 to handle those user cohorts for which the use of MS 365 will be inappropriate/ unnecessary. The table below summarize the applications connected to both identity management platforms.
User Identity platform | Final Users Health worker and others | Developers |
|---|---|---|
MS Azure 0365 since 2015 | DHIS2 Monday.com Confluence PBI/ Superset? | PBI dev Confluence (required) |
Keycloak (from early 2023) | WFA web app FHIR ONA android Moodle web & android DHIS2 web & android RocketChat (live agents) Open Help Desk platform* Superset users | OpenHIM hapiFHIR (dev/QA/test) Superset developer RapidPro Moodle config DHIS2 config AWS ? |
*OpenHelp plat to be confirmed later in 2023