Managing door access at the College of Engineering used to be a complex and time-consuming endeavor involving both technical and administrative staff. Even without its new annex, the college had 177 doors with electronic access control. The Iowa One Cards of nearly 3,000 students, faculty, and staff had to be manually provisioned to swipe into the appropriate classrooms, labs, conference rooms, and offices.

The start and end of each semester were especially hectic. A large number of students needed basic building access, and access rights had to be removed for those who graduated. New employees and student organization leaders, and students enrolled in various courses, needed access to specific spaces.

The card-provisioning process became much smoother and more efficient in the past year thanks to a door-access automation initiative—a sub-project of the OneIT Identity Management Project.

Now, Iowa One Card door access can be automatically provisioned based on a person’s status using data feeds from UI systems, such as MAUI (the student-record system), and human resources or housing databases. Along with reducing the effort of assigning door access, automation increases security by ensuring that door access is automatically removed when people are no longer eligible.

“The new automated method means that basic access provisioning and class-based space access happens automatically, with no further intervention by departmental administrative staff or engineering IT staff,” says Dan Mentzer, senior systems administrator in the College of Engineering. “That workload has been completely removed.”

There is still some ad-hoc provisioning for exceptions and for access requests that aren’t based on MAUI data, but the total number of transactions is far smaller. Mentzer conservatively estimates that the college saves nearly 40 hours of staff time every semester—that’s time and talent they can reinvest in efforts that more directly support the teaching and research mission of the college.

“Automated access is a big win for all players,” says Jordan O’Konek, who heads the Directory and Authentication Team in Information Technology Services and co-leads the Identity Management Project. “It saves operator and faculty time, and reduces risk. While institutional data doesn’t exist to automate everything, we do proactively seek out opportunities, and expect more automations to come soon.”

In addition to the College of Engineering, the sub-project enabled automations for university residence halls and Information Technology Centers (computer labs), the College of Public Health, and the College of Law.

An initial level of door-access automation already existed so that if an Iowa One Card is lost, stolen, or destroyed, the ID Card Office can quickly discontinue access rights. The OneIT project took automation a step further by leveraging course-enrollment data, so when a student enrolls in or drops a course, access is added or removed as appropriate. This required building new data feeds from MAUI.

The most complex aspect of implementing automation is defining the business rules that dictate which people are eligible for access to which doors. It can take a lot of back-and-forth with unit officials to delineate, for example, which spaces students in a particular course should have permission to access.

Excluding the hospital, the UI has about 3,700 doors with electronic access. Facilities Management Key and Access Services is responsible for building security. ITS and the Campus Safety are key partners in making this effort successful. This collaborative effort has been in place for more than 10 years and has resulted in several system improvements, including the expanded use of the IowaOne Card, automated deprovisioning, and identification of lost/stolen cards.

Ann Rosenthal, Associate Director of Building Services in Facilities Management, says automated access provisioning is a valuable tool for both departmental software users and Key and Access Services staff.

“It provides access to general areas and has reduced some of the mundane data-management tasks,” she says. “The biggest benefit is knowing that cardholder access is being automatically removed when individuals no longer meet the eligibility requirements, which helps achieve the goal of the improved security of people and property on campus.”

Some doors use a different type of card reader that UI is phasing out as facilities are built or remodeled. The new card-reading technology has enhanced automation capabilities, among other benefits.

The OneIT Identity Management Project is managed by ITS Senior Project Manager Kris Halter and led by O’Konek, Senior Director of ITS Administrative Systems Mike Noel, and Housing and Dining IT Director Brandon Mills. The sub-project is complete, but the team will continue to accept automation requests. Interested units can contact ITS Directory and Authentication Services or Key and Access Services.