If you work in Identity and Access Management (IAM) in higher ed, you’ve likely had this moment:
“Hey, can we get an account for a vendor rep who needs access to Banner for a couple of weeks?”
“Sure… who’s their supervisor? Are they cleared for this? What is their full name, DOB, SSN, etc.? When should the access start and end? What exactly do they need access to besides Banner, such as email?”
Silence.
Welcome to the third-party identity problem—one of the messiest, least-owned corners of Identity Management.
In a perfect world, every digital identity would originate cleanly from a source such as HR or the student system. But our institutions don’t run on perfect worlds—they run on adjuncts, contractors, visiting researchers, community affiliates, volunteers, vendors, etc. And these people need access. Often immediately.
The problem is, they don’t neatly exist in our source systems. There’s no employee ID, no clean separation of duties, no built-in onboarding/offboarding event. And that’s where it gets dangerous.
The Hidden Cost of “Just Give Them an Account”
In many institutions, non-employees get manually entered into various directories or IAM platforms—sometimes with elevated access, often without governance, and usually without an expiration date. Then they stay active, long after the contract ends, the project wraps, or the person disappears.
I’ve seen universities with thousands of orphaned accounts belonging to “temporary” persons. It’s not just messy—it’s a compliance risk, a security risk, and a breakdown in institutional trust.
Why This Matters Now
As higher ed becomes more connected—with federated environments, third-party integrations, and cross-institutional collaboration—this gray area is only growing.
If your IAM strategy doesn’t have a thoughtful plan for non-employees, then it’s incomplete. And this isn’t just about access—it’s about governance, accountability, and protecting the mission.
A Conversation Worth Having
During our upcoming HESS Consortium Quarterly Webinar, I’ll be leading a session on how to design real-world, sustainable identity governance strategies for non-employees. Not just the theory—actual practices that institutions are using right now to bring structure to this part of the identity lifecycle.
We’ll cover:
- Why HR and SIS can’t solve this for you
- How to build policy-driven IAM workflows that include contractors, adjuncts, and affiliates
- Tools and techniques for delegating ownership, setting expiration dates, and reducing audit risk
- And how to make all this work without turning IT into the bottleneck
We’ll also talk about how we’re approaching this challenge at Fischer Identity.
Why This Topic Deserves a Closer Look
Third-party identities may not always have a clear system owner—but they absolutely represent a shared risk. If we’re serious about governance, compliance, and operational security, we can’t afford to let this population sit unmanaged on the sidelines of our IAM strategies.
This presentation will make the case for bringing non-employee identities into the center of your identity governance framework. It’s a chance to step back from reactive account requests and look at how we can build more sustainable, policy-driven practices that serve our institutions over the long term.
Whether you’re just beginning to think about this challenge or already knee-deep in exceptions and workarounds, this session will offer a practical path forward—rooted in real use cases, sector-specific complexity, and the lessons learned from institutions already leading the way.
HESS Consortium Quarterly Webinar Details
Webinar Title: Beyond the Directory: Governance Strategies for Managing Non-Employee Identities in Higher Education IAM
Presented by: Mark Cox, CIDPRO, AVP of IAM Strategic Advisory Services at Fischer Identity
Date/Time: September 25, 2025 | 11:00 AM (EST)
