IAM - Identity and Access Management
- Rodolfo Melia
Identity Access Management (IAM) is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources.
User cohorts
We have identified five user cohors that we need to identity and authorise:
Staff - defined as all employees for either PSI Global, or any of the PSI in-country chapters.
Long-term consultants - which are granted psi.org emails and access to PSI systems.
Health workers - that include those that have a direct relation, or indirect - includes those that are served on contractual basis like partner organisations or other ministries.
Developer and consultants.
Consumers: one day we will give access to Sara and Sam, the fictional PSI client archetypes, to the information that we have about them.
Cohort | IAM platform, expected start date |
|---|---|
Staff | Azure 0365 |
Health Worker | Keycloak |
Developers & other consultants | Keycloak |
Sara & Sam | Keycloak |
Identity Platforms
PSI Global and most of their localized platforms use MS Azure O365 as their main user directory and identity management system. A second IAM platform was selected in late 2022 to handle those user cohorts for which the use of MS 365 will be inappropriate/ unnecessary. The table below summarize the applications connected to both identity management platforms.
User Identity platform | Final Users Health worker and others | Developers |
|---|---|---|
MS Azure 0365 since 2015 | DHIS2 Monday.com Confluence PBI/ Superset? | PBI dev Confluence (required) |
Keycloak (from early 2023) | WFA web app FHIR ONA android Moodle web & android DHIS2 web & android RocketChat (live agents) Open Help Desk platform* Superset users | OpenHIM hapiFHIR (dev/QA/test) Superset developer RapidPro Moodle config DHIS2 config AWS ? |
*OpenHelp plat to be confirmed later in 2023