IAM Committee Meeting Notes 11/9/2015
|
|
- Brooke Carr
- 8 years ago
- Views:
Transcription
1 IAM Committee Meeting Notes 11/9/2015 Attendees: Thomas Beard, CW Belcher, Michael Bos, John Chambers, Cesar de la Garza, Fred Gilmore, Ty Lehman, Andy Loomis, Darin Mattke, Michelle McKenzie, Shelley Powers, Charles Soto Absent: Cam Beasley, Tim Fackler, Alison Lee, Steve Rung, Karen Weisbrodt Guest: Francis McGrath IAM Team Members: Justin Czimskey, Rosa Harris, Josh Kinney, Marta Lang, Aaron Reiser, David Strickland 1. Directory Services Roadmap Review (Josh Kinney) The team is developing a roadmap to determine the future direction of the IAM team s directory services. The next step will be to engage with current and potential directory services customers to help them understand how directory services can help them, better understand how the customers are currently using directory services, and elicit ideas for how to enhance directory services. While the team has quantitative metrics for directory services usage (search types and volumes, for example), qualitative data needs to be gathered to understand what sorts of use cases customers are meeting (or would like to meet) using directory services. More information about the roadmap will be shared with the committee by the end of November. Once the customer engagement portion of the roadmap has been completed, the committee s assistance will be needed to help prioritize and approve changes. 2. Proposed Change to UTLogin Logoff Workflow Discuss (Rosa Harris & David Strickland) The primary goal of the next release of UTLogin is to support the implementation of Duo two-factor authentication. However, the release also includes additional enhancements, including a change to the logout workflow. UTLogin now supports SAML integrations in addition to the traditional OpenAM WPA model. The introduction of SAML customers to the UTLogin environment it has introduced an issue with logout that the team would like to address. Logout functionality with SAML works differently than it does with WPAs. If a user is logged into multiple Service Providers (SPs) using SAML, and they log out of one SP, they will not be logged out of the other SPs. This is standard SAML behavior, but is a change from how logout with the on-campus WPAs work. The team proposes changing the current UTLogin flow that redirects customers to upon logout to instead redirect customers to a page that instructs them to close their browser to complete the logout process. This is how Shibboleth already works and UTLogin would be changed to match the Shibboleth behavior.
2 Q: Would this logout page be displayed for both WPA and SAML logouts? A: Yes. If a customer has both a WPA session and a SAML session, and the customer logs out of the WPA session, the SAML sessions would still be active. Therefore, the advice on the logout page would still apply. Q: Would it make sense to add a separate button under the text to close the window? A: The team will consider that suggestion. Q: What are the ramifications of a customer not closing their browser window? A: If a session is still active in a browser and the customer steps away from the machine (e.g. on a public terminal) the next person to use that machine could use the browser history to hijack the still-active authentication session. Q: What do other peer institutions do in these situations? A: The proposed change would bring us in line with the standard practices of other institutions. Decision: The committee voted to endorse this change. 3. IAM Services Web Site Review (CW Belcher) With the modernization of applications across campus, the team has found a growing need for campus to better understand IAM concepts and functions. The team has developed a web site, to be branded IAMservices.utexas.edu, to provide a one-stop resource for learning about IAM core concepts, understanding the questions campus customers need to ask themselves and vendors as they pursue application modernization, and finding more detailed information about IAM services and how the IAM integration process works. Most questions that the IAM Team is currently fielding are related to integrating new applications with the IAM environment, so an Integration section is provided to discuss basic concepts and explain the integration process. The Solutions section provides customers that are further along in the implementation process with more information about the IAM solutions available to them. The Developers section then goes into further technical detail for customers who are doing technical integration work. This site will be part of a larger outreach effort to provide campus groups with the information that they need to ensure that their modernized applications will integrate smoothly with the University s IAM environment. When the site is ready for review, a link will be sent out to the committee. 4. Other Initiative Updates a. Identity Assurance Framework (CW Belcher) Edits have not yet been finalized due to resource constraints, but the team s senior business analyst has been tapped to help complete the final changes.
3 b. IAM Integrations (Justin Czimskey) The team has completed several new integrations since the last meeting and the influx of new requests has slowed down. There are currently 6 integrations in progress. The Technology Architecture Implementation (TAI) project has presented a number of novel and interesting technological challenges that are taking extra time to work through. Standard SAML integration requests are being processed quickly, and the team is working with customers whose integration needs are urgent to help ensure that they meet their deadlines. c. Two Factor Authentication/Duo Implementation (Justin Czimskey) The Duo implementation is underway. Planning activities, including communication planning, are nearing completion. The project has been split into a technology component and a business process component which are working in parallel. The team is working closely with the Help Desk to ensure that they are ready to support customers through the transition. In addition to the main Duo implementation, the team is also working with the owners of applications currently using Toopher to plan their transition to Duo. For Financial Information Services (FIS) the migration is expected to take place in March. For Payroll, the migration is planned for June, after tax season is complete. d. Lightweight Authentication (Rosa Harris) The team is currently working on the Request for Proposal (RFP) for a lightweight authentication solution. Meetings with Purchasing are ongoing and the team plans to release the RFP to vendors in December. Oral presentations for the finalists are planned for February with vendor selection taking place in March. The team is also continuing to interview departments regarding how they are using Guest-class EIDs. e. SailPoint Implementation (Marta Lang) The contract with the SailPoint integration vendor is currently being finalized. The contract is scheduled to be submitted to UT System Administration for review this week.
4 Directory Services Roadmap Background The utexas Enterprise Directory (TED) is used by campus applications as the consolidated source of student, faculty, staff and guest data. The Directory is fundamental to many of the services and resources used by campus on a daily basis. TED serves as the user store for the UTLogin and Shibboleth centralized authentication services and also provides LDAPbased user authentication for a variety of departmental systems on campus. The White Pages Directory is the web-based publically accessible version of this directory service. This Roadmap will provide an approach to evaluate and implement Directory architecture and service changes. These changes aim to increase performance, reliability and utility for the internal use of university departments. Project Description and Scope The Directory Services Roadmap will be divided into three broad phases. 1. Increase the performance and reliability of existing Directory Service 2. Customer Engagement Educate current and new customers on existing Directory Service offerings Elicit requirements for service improvements and enhancements Engage the Directory Services community with a survey to quantify current satisfaction and utility 3. Revise Directory Services Evaluate and prioritize initiatives to address requirements Implement proofs of concepts Engage IAM Committee for revising Directory Services mission based on customer feedback and available technology Implement revised Directory Services Engage the Directory Services community with an after state survey
5 UTLOGIN LOGOUT ENDPOINT CHANGE 11/9/2015 OVERVIEW An increasing number of UTLogin clients are using Security Assertion Markup Language (SAML), rather than Web Policy Agents (WPAs). SAML authentication provides the same single sign-on (SSO) capabilities as WPA authentication, but is limited in its single log-out (SLO) support. As a result, a user who is working in multiple applications may not be logged out of each application upon sign out. Currently, users are redirected to the University of Texas homepage upon logout. To help protect user privacy, UTLogin should instead redirect to a new page upon logout that instructs the user to close all browser windows. ACTION REQUIRED The IAM Committee s endorsement to change the UTLogin user s logout experience. IMPACT ANALYSIS If no change is made, users will likely have an incorrect set of expectations for logout, which could threaten their privacy. PROJECT GOALS Redirect users to a new logout endpoint, rather than the homepage. The logout endpoint will explain that the user has logged out of the application that was just in use, but may still have active sessions in other applications. The language will be copied from the Shibboleth logout endpoint at SCHEDULE This change will be included in the UTLogin release scheduled for March 13, FOR MORE INFORMATION Thorough explanation of the limitations of SAML SLO: Current Shibboleth Logout Endpoint: 1
IAM Committee Meeting Agenda 3/14/2016
IAM Committee Meeting Agenda 3/14/2016 Attending: Thomas Beard, Cam Beasley, CW Belcher, Michael Bos, Bill Bova, John Chambers, Fred Gilmore, Ty Lehman, Andy Loomis, Shelley Powers, Steve Rung, Karen Weisbrodt
More informationDESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE. This project is part of the Identity and Access Management Roadmap.
April 5, 2015 SOLUTION PLAN REQUIREMENTS ANALYSIS DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE Executive Summary The (CARE) project will improve the resiliency of the UTLogin, Shibboleth, and Active Directory
More informationProject Charter. Identity & Access Management Strategy. Executive Summary. Business Need and Background. Document Version 1.
August 30, 2012 Executive Summary The Identity and Access (IAM) Strategy project will provide a roadmap for implementing a comprehensive and full- featured set of IAM services to encourage collaboration,
More informationDESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE
SOLUTION PLAN REQUIREMENTS ANALYSIS DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE Executive Summary The project will document campus requirements for IAM functionality and select and procure one or more technology
More informationCASI Project Charter. Centralized Authentication System Implementation. Executive Summary. Business Need and Background
Prepared by Kara Nicholas, ITS Executive Summary The (CASI) project involves the development and release of a new UT EID- based authentication, to replace the aging Central Web Authentication (CWA). CASI
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationGuide to Getting Started with the CommIT Pilot
Guide to Getting Started with the CommIT Pilot Fall 2013 2 Table of Contents What is the CommIT Pilot?... 3 What is the scope for the Pilot?... 3 What is the timeframe for the Pilot?... 5 What are the
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationLogout in Single Sign-on Systems
Logout in Single Sign-on Systems Sanna Suoranta, Asko Tontti, Joonas Ruuskanen, Tuomas Aura IFIP IDMAN, London, UK, 8-9.4.2013 Logout in Single Sign-on Systems Motivation Single sign-on (SSO) systems SSO
More informationProject Charter. Office 365 2015 Migrations Document Version 2.0 Prepared by Sabina Winters, ITS Last Edited February 19, 2015
Prepared by Sabina Winters, ITS Last Edited February 19, 2015 SOLUTION PLAN REQUIREMENTS ANALYSIS DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE Executive Summary In December of 2014, the IT Governance Architecture
More informationSecuring Web Services With SAML
Carl A. Foster CS-5260 Research Project Securing Web Services With SAML Contents 1.0 Introduction... 2 2.0 What is SAML?... 2 3.0 History of SAML... 3 4.0 The Anatomy of SAML 2.0... 3 4.0.1- Assertion
More informationTrends in Identity & Access Management Solutions in Higher Education Institutions. Spring 2012
Trends in Identity & Access Management Solutions in Higher Education Institutions Spring 2012 Abstract A telephone survey of higher education institutions was conducted. A variety of IT professionals were
More informationIT@Intel. Improving Security and Productivity through Federation and Single Sign-on
White Paper Intel Information Technology Computer Manufacturing Security Improving Security and Productivity through Federation and Single Sign-on Intel IT has developed a strategy and process for providing
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationIMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS
APPLICATION NOTE IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS SAML 2.0 combines encryption and digital signature verification across resources for a more
More informationA Look at Ourselves: Shibboleth Deployment Self-Assessment Checklist
A Look at Ourselves: Shibboleth Deployment Self-Assessment Checklist Using the checklist below, we'll look at ourselves to see how we are positioned with respect to the presented stages and use this information
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationThree Case Studies in Access Management
Three Case Studies in Access Management IAM Online June 10, 2015-2 pm EDT Andy Morgan, Oregon State University Mandeep Saini, GÉANT Albert Wu, UCLA Moderator: Tom Barton, University of Chicago Fit for
More informationIdentity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University
Identity and Access Management (IAM) Roadmap DRAFT v2 North Carolina State University April, 2010 Table of Contents Executive Summary... 3 IAM Dependencies... 4 Scope of the Roadmap... 4 Benefits... 4
More informationHP Software as a Service
HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationUniversity of Southern California Identity and Access Management (IAM)
University of Southern California Identity and Access Management (IAM) Brendan Bellina Identity Services Architect Mgr, Enterprise Middleware Development Information Technology Services University of Southern
More informationIntegrating Multi-Factor Authentication into Your Campus Identity Management System
Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context
More informationIII. 9:35-9:50 Retirement of Web Space- Communication Plan Endorse (Dave Moss)
ARCHITECTURE & INFRASTRUCTURE COMMITTEE MEETING AGENDA FRIDAY, October 11, 2013 9:00-10:30 AM FAC 228D I. 9:00-9:15 Administrative Systems Update (Mary Knight) II. 9:15-9:35 Priorities Finalization Endorse
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and
More informationPRIVACY, SECURITY AND THE VOLLY SERVICE
PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers
More informationBiometric Single Sign-on using SAML
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On
More informationUSING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS
USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS Andy Ingham (UNC-Chapel Hill) NASIG Annual Conference, June 4, 2011 What I hope to cover Problem statement
More informationWebNow Single Sign-On Solutions
WebNow Single Sign-On Solutions Technical Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2015 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact,
More informationSTRATEGIC IT ACCOUNTABILITY BOARD (SITAB) AGENDA WEDNESDAY, JUNE 15, 2011 2:30 3:30 p.m. STARK LIBRARY
STRATEGIC IT ACCOUNTABILITY BOARD (SITAB) AGENDA WEDNESDAY, JUNE 15, 2011 2:30 3:30 p.m. STARK LIBRARY Attendees: William Powers Alex Albright, Jay Boisseau, Pat Clubb, Brad Englert, Rod Hart, Kevin Hegarty,
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationSSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. http://www.javasystemsolutions.com. Version 4.0
SSO Plugin Case study: Integrating with Ping Federate J System Solutions Version 4.0 JSS SSO Plugin v4.0 Release notes Introduction... 3 Ping Federate Service Provider configuration... 4 Assertion Consumer
More informationThe Florida Department of Education s Single Sign-On Solution. July - August 2012
The Florida Department of Education s Single Sign-On Solution July - August 2012 Presentation Objectives Present the s Single Sign-On solution (FLDOE SSO) Present the minimum requirements to access FLDOE
More informationSD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier
ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,
More informationPARTNER INTEGRATION GUIDE. Edition 1.0
PARTNER INTEGRATION GUIDE Edition 1.0 Last Revised December 11, 2014 Overview This document provides standards and guidance for USAA partners when considering integration with USAA. It is an overview of
More informationSingle Sign-On for the UQ Web
Single Sign-On for the UQ Web David Gwynne Infrastructure Architect, ITIG, EAIT Taxonomy Authentication - Verification that someone is who they claim to be - ie, only the relevant user
More informationEnterprise Business Systems Change Management Coordinator
Announcing an Outstanding Career Opportunity Enterprise Business Systems Change Management Coordinator Application Deadline: September 22, 2013 A national search is underway for highly qualified candidates
More informationIdentity & Access Management: Strategic Roadmap. April 2013
Identity & Access Management: Strategic Roadmap April 2013 What is IAM? Identity & Access Management is the set of policies, process, and technologies used to manage digital identities and their access
More informationFederated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications
Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationSAP Cloud Identity Service Document Version: 1.0 2014-09-01. SAP Cloud Identity Service
Document Version: 1.0 2014-09-01 Content 1....4 1.1 Release s....4 1.2 Product Overview....8 Product Details.... 9 Supported Browser Versions....10 Supported Languages....12 1.3 Getting Started....13 1.4
More informationHow To Use Salesforce Identity Features
Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of
More informationUsing a Combination Proxy Server / PURL Server for Off-Campus Access to Restricted Databases: A Solution for the University of Iowa
University of Iowa Libraries Staff Publications 4-29-1999 Using a Combination Proxy Server / PURL Server for Off-Campus Access to Restricted Databases: A Solution for the University of Iowa Paul A. Soderdahl
More informationShibboLEAP Project. Final Report: School of Oriental and African Studies (SOAS) Colin Rennie
ShibboLEAP Project Final Report: School of Oriental and African Studies (SOAS) Colin Rennie May 2006 Shibboleth Implementation at SOAS Table of Contents Introduction What this document contains Who writes
More informationInternet/Intranet Consultant Request for Proposal #511-09
Notice and Request for Proposal Internet/Intranet Consultant Request for Proposal #511-09 The deadline for submission of proposals is 3:00 P.M. on Thursday, Oct. 1, 2009 Five (5) hard copies and an electronic
More informationAuth0 SSO Drives B2B Expansion
Auth0 SSO Drives B2B Expansion An Auth0 Customer Case Study auth0.com Setting up our application to integrate with one partner and then having that partner act as a service hub for dozens of identity systems
More informationTask Force Charter. Mobile Strategy Document Version 3.0 Chief Information Officer, ITS Last Edited December 17, 2012.
Chief Information Officer, ITS Last Edited December 17, 2012 Task Force Charter Mobile Strategy Executive Summary The mobile strategy will provide the policies, best practices, mobile website and application
More informationIdentity Assurance Framework
Executive Summary Assurance of a user s identity in an electronic system is required for many University business processes to function efficiently and effectively. As the risk associated with an electronic
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationFederated Identity Management Checklist
Federated Identity Management Checklist This document lists the minimum (marked with an *) and recommended policy, process, and technical steps required to implement Federated Identity Management and operate
More informationUniversity of Wisconsin-Madison
Shibboleth University of Wisconsin-Madison Added by Keith Hazelton, last edited by Keith Hazelton on Jun 26, 2007 (view change) Labels: (None) Stage 1: Intra-campus Web Single Sign-on - Central Identity
More informationLogout Support on SP and Application
Logout Support on SP and application Logout Support on SP and Application Possibilities and and Limitations SWITCHaai Team aai@switch.ch Single Logout: Is it possible? Single Logout will work only in some
More informationWhite Paper. McAfee Cloud Single Sign On Reviewer s Guide
White Paper McAfee Cloud Single Sign On Reviewer s Guide Table of Contents Introducing McAfee Cloud Single Sign On 3 Use Cases 3 Key Features 3 Provisioning and De-Provisioning 4 Single Sign On and Authentication
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationState of Hawaii Excellence in Technology Award Nomination. Single Sign On (SSO) for the Hawaii State Department of Education
State of Hawaii Excellence in Technology Award Nomination Single Sign On (SSO) for the Hawaii State Department of Education Cross-Boundary Collaboration and Partnerships Data, Information and Knowledge
More informationSAP: One Logon for All Systems SAP NetWeaver Single Sign-On
SAP: One Logon for All Systems SAP NetWeaver Single Sign-On SAP AG applied its own best practices to enable employees to access the systems they need quickly, seamlessly, and invisibly, thanks to the SAP
More informationFor details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.
Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:
More informationA Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR
A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth
More informationIdentity Implementation Guide
Identity Implementation Guide Version 37.0, Summer 16 @salesforcedocs Last updated: May 26, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: University of Lethbridge 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Royal Roads University_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they
More informationConfiguring Salesforce
Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:
More informationSharePoint 2013 Project Charter
Prepared by David Moss Last Edited June 27, 2014 SOLUTION PLAN REQUIREMENTS ANALYSIS DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE SharePoint 2013 Project Charter Executive Summary The SharePoint 2013 project
More informationConfiguring. SuccessFactors. Chapter 67
Chapter 67 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationSingle Log-Out. Andreas Åkre Solberg Malaga, June 2009
Single Log-Out Andreas Åkre Solberg Malaga, June 2009 Sessions On Web HTTP originally stateless Using Cookies to keep state Cookies in RFC2965 Set a session ID first time user visits, sent back to site
More informationConfiguring SuccessFactors
Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors
More informationOperating Level Agreement for NYU Login Service
Operating Level Agreement for NYU Login Service This Operating Level Agreement (OLA) documents the agreement regarding support of Single Sign-On (SSO) services for a Partner Service, which has been integrated
More informationHamilton Campus. Information Technology Strategic Project Plan
Hamilton Campus Information Technology Strategic Project Plan July 2007 Revised: June 2009 C:\Users\lipnicje\Documents\Documents\MUH IT SP\MUHITSP_final.doc 12/19/12 Page: 1 Table of Contents Executive
More informationPassword Management Before User Provisioning
Password Management Before User Provisioning 2015 Hitachi ID Systems, Inc. All rights reserved. Identity management spans technologies including password management, user profile management, user provisioning
More informationFederated Identity Architectures
Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,
More informationFederation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015
Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationEnterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask
Enterprise Single Sign-On SOS The Critical Questions Every Company Needs to Ask Enterprise Single Sign-On: The Critical Questions Every Company Needs to Ask 1 Table of Contents Introduction 2 Application
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationProject Charter. UT Web Infrastructure Project Document Version 9.0 Prepared by John Lovelace & David Moss Last Edited March 13, 2012
Prepared by John Lovelace & David Moss Last Edited March 13, 2012 Project Charter UT Web Infrastructure Project Executive Summary The goal of this project is to select and implement a solution that will
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationAdding Single Sign-On to CloudPassage Halo
Adding Single Sign-On to CloudPassage Halo For Halo Site Administrators Contents: About SAML-Based Single Sign-On Integrating Halo With a Single Sign-On Provider 1. Enable and Configure SSO 2. Configure
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 4 4 Copyright... 5
This document is licensed to iwelcome KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 iwelcome Identity & Access Management as a Service iwelcome delivers Identity and Access Management
More informationSymplified I: Windows User Identity. Matthew McNew and Lex Hubbard
Symplified I: Windows User Identity Matthew McNew and Lex Hubbard Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2
More informationFeide login (currently username/password)
Identity collaboration and federation in Norwegian education OECD workshop on Identity Management, Trondheim, 2006-05-08 Ingrid Melve, UNINETT Chief Technical Officer Feide login (currently username/password)
More informationSingle Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites
Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single
More informationVyom SSO-Edge: Single Sign-On for BMC Remedy
Vyom SSO-Edge: Single Sign-On for BMC Remedy Guaranteed ROI of BMC Remedy with Reduced Service Desk Calls, Increased BMC Remedy Adoption, Improved End-User Satisfaction, Strengthened Security and Effective
More informationQuestions and Information on Centers TWU Service Desk. Please kindly respond to the following for your center.
Questions and Information on Centers TWU Service Desk Please kindly respond to the following for your center. Hours of Operation o Monday Thursday 7:30am to 9:00pm o Friday 7:30am to 5:30pm o Saturday
More informationFREE E-BOOK HOW TO ENSURE A SUCCESSFUL CRM IMPLEMENTATION
FREE E-BOOK HOW TO ENSURE A SUCCESSFUL CRM IMPLEMENTATION Toll- Free: 1(800) 609-8541 Website: http://www.pipeline-management.com How To Ensure A Successful CRM Implementation ABOUT THIS E-BOOK If you
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationAre Passwords Passé?
Are Passwords Passé? Deployment Strategies for Multifactor Authentication IAM Online December 10, 2014 Mike Grady, Scalable Privacy Project David Walker, Scalable Privacy Project Thank you to InCommon
More informationConfiguring. SugarCRM. Chapter 121
Chapter 121 Configuring SugarCRM The following is an overview of the steps required to configure the SugarCRM Web application for single sign-on (SSO) via SAML. SugarCRM offers both IdP-initiated SAML
More informationThe organization decided that creating a more robust approach to customerfacing identity management represented a strategic opportunity.
BUYER CASE STUDY BuyerPulse Buyer Case Study: McKesson Utilizing Open Source IAM: Benefits in Cost, Customization, and Integration Sally Hudson Susan Funke Chris Skall Global Headquarters: 5 Speen Street
More informationEgnyte Single Sign-On (SSO) Installation for OneLogin
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
More informationGetting Started with Single Sign-On
Getting Started with Single Sign-On I. Introduction Your institution is considering or has already purchased Collaboratory from Treetop Commons, LLC. One benefit provided to member institutions is Single
More informationShibboleth N-Tier Support. Chad La Joie chad.lajoie@switch.ch
Shibboleth N-Tier Support Chad La Joie chad.lajoie@switch.ch Agenda Use Case Terminology Shibboleth Solution Future Effort Resources 2 Use Case Current use case comes from University of Chicago University
More informationFederations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase
Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI
More informationintegrate 2: Business Process Redesign
Nevada System of Higher Education integrate 2: Business Process Redesign Executive Summary TABLE OF CONTENTS I. BACKGROUND AND OBJECTIVES 2 II. METHODOLOGY AND APPROACH 3 III. PROJECT OUTCOMES 5 IV. MAJOR
More informationBiometric Single Sign-on using SAML Architecture & Design Strategies
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand
More informationECM: Key Market Trends and the Impact of Business Intelligence
ECM: Key Market Trends and the Impact of Business Intelligence Cheryl McKinnon, Principal Analyst February 2014 Agenda ECM current state and market trends Achieve ECM success by using business intelligence
More information