person walking through an archway
Secure Identity Services is implementing powerful tools to help the university implement an identity-first approach to digital access.

To support making identity access management processes more flexible and robust, Secure Identity Services (SIS) has made several changes to the way that access to services is provisioned at Virginia Tech. Key to these changes are two powerful, open-source tools that SIS has recently onboarded or expanded. 

Midpoint adopted as primary identity management tool

To help manage the identity lifecycle across Virginia Tech’s applications, Secure Identity Services is adopting Midpoint, an open source identity governance and administration (IGA) application that will help Virginia Tech with provisioning and deprovisioning access, policy and role management, auditing, and reporting. 

Simply put, Midpoint holds all the information needed to determine an individual user’s current roles and privileges, and communicates with our other identity management tools, including Grouper, which controls access to services by group, to efficiently map a user’s role to their access. The inner workings are much more complex, but the end result is that with Midpoint, SIS can largely automate processes that previously required a great deal of time and upkeep. 

Additionally, Midpoint has the ability to match and link entities, allowing us to automatically merge any duplicates to ensure one identity entity per user. This feature will be crucial as the university moves from a single source of identity data to multiple sources as part of ERP (enterprise resource planning) modernization. 

Midpoint is the leading open source IGA platform on the market and also part of the InCommon Trusted Access Platform, which also includes Shibboleth and Grouper, other services SIS utilizes for identity management.

Midpoint has no license fees, and we are not subject to vendor lock-in, which provides both cost savings and flexibility to complement Midpoint with other products as needed. It contains secure, fully auditable code with complete transparency, and as an open-source platform, Virginia Tech can contribute to current and future enhancements of the product.

More services added to Grouper identity access policy system

Grouper is an open source access policy management solution that Secure Identity Services (SIS) uses for group membership management. Initially launched in 2021, Grouper controls access to services by determining an individual or group’s eligibility for a particular level of service by assigning group memberships based on existing data, such as student status, employee classification, and other existing affiliations.

Midpoint and Grouper communicate with each other to manage the entire identity access process: Midpoint contains the fundamental information about the user’s affiliations and roles, while Grouper defines access policy based on those roles. 

In FY 2024, SIS onboarded a number of key Virginia Tech services onto Grouper. These include:

  • Google Workspace services
  • Microsoft 365
  • VPN (virtual private network)
  • Wireless
  • Zoom

With these services now using Grouper, the university is able to manage complex access policy for critical systems centrally,  and SIS is moving the university toward auditable, consistent access provisioning and deprovisioning.

Together, Midpoint and Grouper are powerful assets to Virginia Tech’s identity access management activities.