The new Identity Management framework is designed to enable departments and colleges to manage some of their own groups for controlling access to both digital and physical resources. This marks a shift to a shared responsibility model, where local units and central systems work together to ensure access is granted appropriately and efficiently.
What you’ll be able to do
Fundamentally, the new system is intended to give departments and colleges greater autonomy in managing group memberships and access controls. Rather than relying on IT Services, they will be able to create and manage some groups independently. Automatically populated groups are also on the way, and manual groups can be populated based on membership in other groups, allowing for more flexible and efficient management.
These groups may be used as security boundaries in different contexts:
- In centrally-managed applications, some groups will be integrated as access control boundaries following an initial collaborative setup involving IT Services and the relevant unit.
- In local or unit-level applications, departments and colleges could have the ability to use groups for access control without requiring central coordination.
This approach aims to support greater flexibility and responsiveness by enabling departments and colleges to:
- Grant and revoke access to resources as needed, helping to ensure only authorised individuals have access.
- Keep group memberships up to date as personnel, projects, or resource needs change.
- Tailor access controls to reflect the specific requirements and priorities of their department or college.
Why this is a good thing
This change brings several key benefits:
- Greater control – Departments and colleges will be better equipped to manage their own resources, respond quickly to changes, and maintain up-to-date access permissions.
- Improved data accuracy – Local management helps ensure data more accurately reflects current personnel and resource structures.
- Quick turnaround – Changes can be made locally, by local staff, and prioritised according to local needs.
- Stronger collaboration – Central systems will draw on accurate, up-to-date data from departments and colleges, improving consistency across the organisation and supporting better collaboration and decision-making.
Pilot underway
A pilot of Microsoft Entra ID’s group management features is currently underway across several digital systems and projects, including the new Intranet, MyOxford, Data Warehouse, CRM, and Shared Device Management. These pilots aim to deliver more unified and efficient group management, while also exploring audit and monitoring capabilities to support transparency and compliance.
