Virginia Tech® home

Identity-first architecture enhances login security and efficiency

Graphic displaying the text “IAM: Identity Access and Management” with digital security icons such as locks, fingerprints, and network symbols on a blue technology-themed background.

Identity and access management, or IAM, is the process of ensuring that each user can log into the systems they are entitled to access, and only those systems. During FY 2025, the division’s Security & Identity group progressed in its efforts to re-architect the university’s IAM policy from a “just in time” system where authorization is determined at login, to one that is “identity-first.”

With identity-first, access and authentication user roles are attached to each person’s online identity. As roles and affiliations change, the ability to access certain systems automatically changes to match the person’s current role. This enables  access privileges to bedetermined ahead of time and administered centrally.

Identity-first architecture provides many benefits to the university and its users:

  • Enhanced security. Access to services is provided only to the correct individuals at precisely the right level, based on that individual’s role at any given time.
  • Flexibility for future change. Identity management processes can be modified more easily as university data governance processes evolve.
  • Efficiency. Provisioning of roles and services across the university can be automated.
  • Consistency. Identity-first creates consistency in the identity onboarding and provisioning processes
  • Reduced risk of error. Identity-first architecture reduces the potential of creating duplicate user profiles. 
     

Related Content