Risks of implementing this project include:

• Development resources that are already familiar with the EIDP may not be available to assist in implementing the components needed for phase 2 implementation. This will be mitigated by communicating with maintenance and operations staff responsible for coordinating resource availability.
• Not all courts statewide may have adopted Microsoft 365 as their IAM solution. This may require some consideration of allowing local logins via the EIDP. This will be mitigated by polling the various courts statewide to determine what their primary IAM solution currently is. That information will be folded into EIDP phase 2 planning. If selected, local logins may require further configuration mitigation to restrict local login creation to known domains utilized by courts.
• Business analysis resources need to be available to help determine how court assignments to users are handled in current and future states. This risk will be mitigated via coordination with the Court Business Office.

Risks of not implementing this project include:

• Courts will remain reliant on RACF and other IAM systems. They may need to maintain several different logins in order to access various court systems, including those provided by AOC.
• Projects dependent on the EIDP will be unable to comply with AOC policy and standard around usage of the external identity provider when providing access to non-AOC users.

AOC currently provides the capability for public users to log in to the Blake portal using the External Identity Provider (EIDP). The EIDP system provides management of user login flows, as well as built-in management of user accounts, and supports the ability for users to log in via third party identity providers, as well as their Microsoft logins and locally-created accounts.
AOC intends to move away from the maintenance and provision of the RACF login system currently in use by courts accessing AOC systems. In addition, there are projects – either in-flight or proposed – that rely on the EIDP to provide functionality so that courts can log into the proposed solutions. As such, the EIDP needs to be prepared so that it can support AOC application login processes geared towards court users

This project will be successful when:
• A new login flow has been created within the EIDP that adheres to security and functional requirements around IAM for court users.
• The EIDP has been connected to a traits database maintained by AOC that describes user roles within given courts (e.g., clerk, judge, administrator). The EIDP shall transmit those traits as part of login information sent to applications.
• A management portal has been created to allow mapping users to the courts they belong to and their associated role within the court.

At least one project has adopted the infrastructure created by this ITG to successfully allow court users to log in to the system.
• Reduce amount of support overhead required to maintain authorization and authentication information for court users.
• Improve ID and access management
• Improve security by centralizing and implementing modern authentication methods.
• Long term impact will require new application to authenticate via EIDP.

The EIDP has been adopted previously for the use of public users. As a cloud-based solution, the EIDP provides the ability to customize several versions of login workflows to support multiple business use cases. A login flow has already been defined to allow for public users that need to access AOC applications. AOC is currently migrating to Microsoft 365 solutions and the general path of most courts in Washington is towards using Microsoft 365 accounts. As such, providing integration with Microsoft 365 to log in to AOC applications will reduce overhead AOC has historically inherited around identity access management (IAM).
By utilizing court and role information originating from the EIDP for AOC-maintained court applications, the EIDP will allow AOC applications to seamlessly determine basic information about each user. Thus, the EIDP's “single pane of glass” will allow AOC to simplify its role as an identity access management provider by moving away from being the court's central identity authority.

The EIDP will allow for a “single pane of glass” experience for all users that want to interact with AOC systems, whether public or court-based. Custom login flow development will provide users with the comfort of knowing that the EIDP system is an official system of Washington State Courts.
By creating a unified experience, AOC can improve IAM practices, including implementation of conditional access policies and risky user detection. By reducing the number of logins that users have to keep track of to access systems, AOC will also push management of those accounts back onto the IAM providers for the various stakeholders. As such, if a person departs their role, AOC will no longer require a process to immediately remove account permissions and access; that will be done by the IAM provider that originates the account automatically.