Identity Improvement Programme: Trinity term 2026

Work this term centres on strengthening foundations and preparing identity services to scale across the University

The focus is on improving how identity services operate day-to-day, investigating how ownership and accountability can be clarified, and developing a stronger understanding of how proven approaches can be expanded so that secure, proportionate access to systems, data and services can be adopted more widely and consistently. 

Sustainable ways of working

The transition from programme to ongoing service continues, with a stronger focus on service readiness and repeatability. This includes strengthening product and service practices, defining measures of success, and embedding consistent approaches to evaluation and prioritisation, alongside exploring how these can be applied consistently across services. 

Day-to-day service operations are improving through clearer ownership, better cross-team working, and regular review points. Ownership is being agreed for priority services, with review points shaping direction and refining priorities as services mature, while building a clearer understanding of what effective service operation looks like in practice. 

All work is aligned to real-world needs and service outcomes. 

A shared direction for identity services 

This work reinforces a shared direction for identity services within the wider digital landscape. Identity services are positioned as a foundational enabler for data and access management, enabling data owners to manage access locally within agreed standards. 

Collaboration across identity, security and service teams has clarified priorities and dependencies, while also helping teams understand where identity services underpin access rather than duplicating controls in individual systems. 

Expanding groups and access management 

This term focuses on expanding access management through Owner Maintained Groups, so access to digital services is increasingly managed via groups rather than assigned to individuals. This includes exploring how these groups can operate as a scalable default approach and building confidence in their use across services. 

Early use of the group request process shows demand where the same access rules apply across several systems, particularly in research and administrative services spanning multiple platforms. So far, the pilot has completed 42 requests for groups. 

Follow-up interviews show that Owner Maintained Groups are particularly useful within SharePoint, both for managing permissions and enabling audience targeting of content. The pilot groups are also used for access management in apps, controlling administrative access to the new Microsoft Fabric data platform. 

Priorities include learning from early use, improving processes and guidance, and extending adoption across services. Work is also progressing on roll-up group patterns, where groups can be combined to manage access at scale, alongside developing understanding of how these patterns can be applied consistently. 

In parallel, work is building a clearer understanding of how identity attributes can support a more consistent and scalable approach to providing key identity data. Identity attributes are also being examined to support more automated group membership and access decisions, with work focused on understanding how attributes can be used reliably across digital services. This approach balances local flexibility with clearer ownership, shared standards and improved visibility. 

Governance to support scale 

Work this term strengthens governance and decision-making through policy development, improved transparency, and reporting on performance and outcomes. 

This includes defining how identity data and attributes are structured, governed and reused, alongside exploring how these approaches support consistent and trusted services at scale. 

Expected outcomes this term 

By the end of Trinity term, stakeholders should expect to see: 

  • Stronger, more consistent identity service operations, with clearer service practices and review points in place 
  • Clear ownership and accountability for priority identity services, supporting the transition from programme delivery to sustainable service 
  • Wider use of access to digital services through Owner Maintained Groups, reducing reliance on individual permissions 
  • Early, repeatable patterns for scaling access using roll-up groups and identity attributes 
  • Improved governance and clarity on identity data and standards, supporting trusted reuse across services 
  • More opportunities to engage, learn and influence direction as identity services expand and mature 

Next steps and getting involved 

The programme will continue design and planning for the attribute architecture, develop guidance on requesting and using attributes, and refine governance and tooling based on feedback, while continuing to build understanding through early adoption and use. 

IT Support Staff (ITSS) and project teams should engage if they are designing or updating services that use identity data, manage access or roles, or store people data locally. Contact digital.identity@admin.ox.ac.uk 

Overall, Trinity term marks a shift from building and piloting identity capabilities to embedding and scaling them as dependable, University-wide services.