Skip to main content

Cornell University

Cornell Experience Modernization Initiative

As common as possible, as different as absolutely necessary

Identity and Access Management Design Team

Identity and access management is how Cornell verifies who someone is and what they should have access to across the university’s digital services and systems. Think of it like a digital passport. Currently, Cornell uses two different types (NetID for Ithaca and Cornell Tech, CWID for Weill Cornell Medicine), making it complicated or impossible for community members to access resources and collaborate across campuses.

The Identity and Access Management design team is focused on removing barriers while maintaining essential security, enabling students, faculty, and staff to seamlessly access the resources they need, regardless of location.

Approach

Building a new backbone for Cornell’s digital identity infrastructure is complex because the university must preserve its strong security measures while maintaining critical partnerships with organizations such as NewYork-Presbyterian Hospital and Columbia University Medical Center. The Identity and Access Management design team is documenting how each campus manages identity and access, looking for ways to bridge these systems without compromising security or existing partnerships.

By understanding current practices and requirements across all campuses, the team will develop a unified approach that:

  • Simplifies access while maintaining security
  • Supports seamless cross-campus collaboration
  • Preserves important medical partnerships and use of shared healthcare systems

 

Key Update

Quarter 2, October – December:

  • Advanced efforts focused on identity consolidation, authentication modernization, and cross-campus access governance. This work will strengthen data integrity and the user experience across Workday, Kindsight, Salesforce, and other enterprise platforms. 
  • Established a cross-campus Identity Management group to define a unified operating model, including governance, processes, and tools. This group will stand up foundational services such as an enterprise identity registry, smart authentication, primaray assignment services, and access management.
  • Submitted the Identity Management Charter to facilitate this operating model alignment and establish the foundational services.
  • Began identity access and security planning to support Secure File Transfer Protocol (SFTP), data loads, and identity integration for the Workday Foundation Tenant.

 

Next Steps

Quarter 3, January – March:

  • Plan a cross-campus Request for Information (RFI) and a data security Memorandum of Understanding between Ithaca and Weill Cornell Medicine to support a scalable shared identity foundaton for Workday, Kindsight, and other enterprise platform authentication.
  • Coordinate Gartner consultations, vendor engagement, and impact analysis.
  • Partner with infrastructure teams and Huron to establish SFTP, enable data loads, and implement identity integration for the Workday Foundation Tenant.

 

Design Team Leads

The university’s campuses currently use different login systems (NetID, CWID), which has resulted in significant barriers to easy collaboration and sharing, and a cumbersome experience in accessing systems. Developing a unified approach will ensure seamless access to resources across Cornell’s global network while preserving security and supporting collaboration among the university’s medical affiliates.

Sponsors

Bobby Edamala
Chief Information Security Officer

Tom Horton
Chief Information Security Officer

Technical Leads

Stephen Wall, Project Management
Service Portfolio Manager
Weill Cornell Medicine

Derrick Jones
Assistant Director for Identity and Access Management
Ithaca-supported campuses

Sumanth Thunga
Assistant Director, Software Development
Weill Cornell Medicine

CEMI’s Six Vertical Focus Areas or Workstreams

a table with six legs

Achieving a seamless digital environment across Cornell will require coordinated progress on six interdependent initiatives — like building all six legs while simultaneously raising the table.

 

Channels within the Technical Workstream

 

Shaped by the Cornell Community: Get Involved

Contribute your skills and experience to the Cornell Experience Modernization Initiative (CEMI). Community members know the current processes and systems best—and what it’s going to take to change how we do things.

Use the new community interest forms in the CEMI Contact Hub to ask a question, suggest improvements, get involved in a CEMI team, or join the mailing list to stay informed.

Students take notes in a lecture hall

Visit the Program Teams page to meet more of the Cornell community members shaping the CEMI program.