NIH tracks progress on $35 billion of medical research split into 50,000 competitive grants. It must accept reports and provide access to sensitive information on a need-to-know basis to more than 325,000 researchers at more than 3,000 universities, medical schools and other research facilities worldwide.
Researchers would log in intermittently and find that passwords had changed, meaning they had to spend time to get their updated credentials. NIH started to research existing and emerging open standards. What we thought was key was if we could leverage our existing technologies and infrastructure, support open standards, and promote interoperability.
CA Siteminder met the capabilities needed to support NIH’s username and password, as well as supporting Personal Identity Verifications cards, an additional form of authentication that the federal government used for access control to facilities and information systems.
A few dozen universities are using this new system, making life simpler for the researchers. Additionally, it has opened the chance to use new collaborative tools, such a project-specific wikis. NIH estimates that between 2011 and 2015, it will save close to $3 million just in reducing help desk questions about changed passwords and avoiding additional identity management costs.