Secure Identity and Access Management

Background  

Thousands of individuals are active at an institution like KTH. Besides those employed to educate, research, or maintain support functions, the institution also involves many other people. Numerous students at various levels and from different countries are constantly active and research collaborations with companies, authorities, universities, and other organizations are ongoing at KTH. Alumni often maintain a relationship with KTH as well. 

Depending on these individuals' connection to KTH, they may need access to various digital systems, information, and premises at KTH to varying extents. However, this access must be strictly based on the tasks KTH needs them to perform. Access to services and resources beyond what is absolutely necessary risks causing problems in terms of security, resource availability, and KTH's reputation. 

For both resource and security reasons, it is essential that the right person has access to the right resources at the right time. This requires stable and efficient identity and access management. 

The goal is to balance the security and protection of KTH's systems and data, the security and protection of individuals, and an efficient and purposeful digital work and study environment. 

What does it mean? 

Secure identity and access management refers to systems and processes that ensure the handling of individuals' identities and that their access to information or systems is done in a legally secure and understandable manner. This means that identities are correctly verified, access to information or systems is granted and managed based on clear and legal rules, and users' rights and privacy are protected. 

Key components of this work are: 

• Identity Control: Ensuring that the person attempting to gain access is indeed who they claim to be. 

• Access Control: Regulating who has the right to access which data and system functionality – and at what times. This control is based on the user's current role, authority, or need to access the information. 

• Transparency and Traceability: Clear and traceable processes and routines around identity and access management that can be reviewed to ensure they comply with applicable laws and regulations. 

• Protection of Individual Rights: Users' rights to protect their personal privacy and data must be upheld through clear routines and tools (protected identity, HR data, etc.). 

Why are we working on this? 

• Hardware and software, maintenance resources, and licenses incur costs for KTH that need to be optimized based on the institution's needs. Based on KTH's overall goal of efficient and sustainable resource use KTH’s vision and overall goals 2024–2028 | KTH Intranet, KTH must review the use and allocation of IT resources. 

• A large part of the management in this area is done manually and needs to be automated for both resource and security reasons. 

• More and more students are studying entirely or partially remotely, and KTH's services to these students need to be strengthened. 

• Employees work extensively remotely, from home or during business trips. This places particular demands on smooth and secure verification and access management. 

• KTH's partners have increasing requirements in the area of identity management that KTH needs to be able to meet. 

About the programme  

The work of the programme is carried out through smaller projects and activities that ensure progress and step-by-step deliveries. 

• Secure Identity and Access Management at KTH. Programme Directive, registration number V-2024-0554." 

Ongoing sub-projects 

• Measures to ensure identity and service lifecycle. Project plan registration number V-2024-0554. 

Completed sub-projects 

• Guidelines for the use of KTH accounts. Final report, registration number V-2024-0554. 

• Adaptation to BankID secure start. Assignment report, registration number V-2023-0064. 

• Digital issuance of IT accounts. Final report, registration number V-2023-0064. 

Management  

Further managing and development of the area are prerequisites for ensuring that the solutions developed within the programme are sustainable and long-term. The programme is therefore tasked with actively contributing to building a stable management of the identity and access management area.