Identity and Access Management
Overview
Elevated permissions and access can put data and systems at risk. OIT's Identity and Access Management uses state of the art tools to ensure compliance with all cybersecurity policies and best practices so state data and systems are protected from unauthorized access.
How to Request Service
The services provided by Identity and Access Management are provided to every agency. The service is billed monthly through Common Policy.
Customer Benefits
Account Creation and Access
Providing accounts for access to state systems and applications
Email Encryption
Protecting email containing sensitive information from unauthorized access
Authenticated Access
Ensuring only those who need elevated permissions have that access
Service Description
Protecting your digital state identity and the data of all Coloradans in our state systems
Enterprise Identity & Access Management is responsible for how user identities and data is protected. This includes securing critical applications, data, and systems from unauthorized access while managing the identities and access rights of people both inside and outside the organization of all Executive Branch agencies, as defined by C.R.S. § 24-37.5. Many of the services are available to all employees, contractors, interns, vendors and partners who connect to the state network, systems, applications or resources supporting the state’s business functions
Features and Descriptions
Access Management Administration (Provisioning)
Email and Collaboration, email storage, calendar. Email allows users to access the service virtually anytime and anywhere. Email includes
Account provisioning
Access to a global directory of state email addresses and contact information
Mailbox and calendaring storage
Email storage and archiving in compliance with state data/document retention policies
Encryption
Virus scanning of all attachments
Spam filtering
Incident resolution
Licenses *
Network Access, remote access, file storage, support
Network Access, remote access, file storage, support
Account provisioning throughout the lifecycle of the account holder
Access management for remote access to the network, system, application and/or resources
Dedicated private network folder for users in addition to shared access to network folders as determined by users business role
Governance and Compliance
Ongoing access review, audit, reporting, security monitoring and management
Line of Business application user access review
Data and Access Governance
Authentication and Threat Protection
Two-Factor Authentication
Single Sign-On
Privileged access management to mitigate security risks
Employee Account Litigation Holds
Directory Services
User Store
Access, Authorization and Authentication
Users
Groups
Services
Computers
Servers
Related Services
We work to ensure that security is built into all services that OIT provides. The security services are closely aligned to: Identity and Access Management, Infrastructure services, Network/Firewall, Service Desk, application lifecycle management and project support.
Customer Responsibilities
Use the digitized form for access requests.
Ensure that agency employees, contractors, partners and vendors who connect to the state network, systems, applications and/or resources who support the state’s business functions, abide by the Acceptable Use Policy, Colorado Information Security policies, procedures, standards, and guidelines.
Develop and implement agency procedures and governance to ensure that access to systems and data is granted to only those who require it for business purposes.
Report suspicious activities associated with systems, personnel, and/or applications to the Office of Information Security as soon as possible. This can be done through the OIT Service Desk (preferably), or through your IT Director.
Physical Security
Agencies are responsible for physical security for their own locations, workstations, and wiring closets. OIT provides physical security for systems residing in OIT-managed data centers.
Customer Eligibility/Operating Requirements
Non-state employees using state systems must obtain approval from a state authorized approver/state agency sponsor
Contractors
Interns
Vendors
Third-party Partners
Service Notes
Additional Assistance:
To manage your password, use the Password Self-Service web portal. For assistance using Password Self-Service, click on the Password Self-Service User Guide or the Password Self-Service Video.
To request a new account, close an existing account or change a person's access to an account that uses network credentials, start your request using Identity Manager at iam.state.co.us.
Service Owner
Robert Belton
Sr Director, Solutions Delivery & Support
Robert.Belton@state.co.us
Service Levels
It is the responsibility of the OIT Office of Information Security to deliver effective enterprise focused security services by:
Providing support during published hours for questions and/or problems.
Providing support 24/7 in the event of an emergency.
Working with agencies to mitigate risks to their systems and notifying agencies of changing or new risks to their systems.
Service Support
How to Get Help
Call 303.239.HELP
Submit a ticket in the Customer Service Portal
For service escalations, contact your IT Director or email OIT_IAMProgram@state.co.us
Hours of Support
Monday-Friday, 7 a.m. to 6 p.m, excluding holidays
24/7 Major Incident Management
Call 303.239.HELP
Access a live agent via Customer Service Portal Chatbot
Service Costs
*identity assigned - is the unit price for the following managed identities account types:
Active User Accounts
Disabled User Accounts (disabled accounts are different that offboarded user accounts in that they still have a distinct business purpose i.e. litigation hold, extended leave, etc.)
Service Accounts
OIT will not bill for offboarded user accounts
View detail on current utilization here: OIT Common Policy Real-time Billing website