Identity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University

Size: px
Start display at page:

Download "Identity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University"

Transcription

1 Identity and Access Management (IAM) Roadmap DRAFT v2 North Carolina State University April, 2010

2 Table of Contents Executive Summary... 3 IAM Dependencies... 4 Scope of the Roadmap... 4 Benefits... 4 Risks... 4 Current and Major Foundation Projects... 5 The Internet2 IAM Model... 9 Policy and Governance Source Data / Systems of Record Enterprise Directory Services Identity Data Consumers (Applications, Services) Groups and Privilege Management NC State University Current Account Provisioning NC State University - Planned IAM Services NC State University IAM Governance and Team Structure Next Steps Conclusions Gantt Chart of IAM Initiative Projects APPENDIX A IAM Project List Page 2 of 23

3 Identity is such a crucial affair that one shouldn't rush into it. - David Quammen, writer Executive Summary The area of Identity and Access Management (IAM) has existed for a number of years, particularly in higher education. It has recently been gaining momentum at most universities in part due to an increasing amount of online collaboration between institutions and the growth of identity federations such as InCommon. These new collaboration efforts allow and encourage colleagues and students from academic environments to access shared resources within an identity federation without the need for an account and password on each resource. Additionally, with the growth of services being made available in the cloud (e.g. Google Apps for Education) many of our students and employees will be accessing external resources using their NC State campus credential (UnityID and password). But let s go back to identity and access management Digital identities are the electronic representations of individuals. Therefore, identity management is the management of data that is contained in an individual s digital record specifically data about who they are. Some identity attributes for employees would be their name, phone number(s), campus location and address, job classification, college and/or department and address. Similar attributes are captured for students, and additionally we might have information on program of study, year, college, course enrollment, and whether they have a FERPA privacy block in place. Access Management is the process of granting, maintaining or revoking the entitlements or authorizations individuals (or their digital identities) have to online resources - whether data, applications or services. Identity and Access Management (IAM) covers the entire spectrum of users and their digital identities; the data captured about them, how it is protected and who or what is authorized to access it, how users are designated and differentiated from other members of the community (e.g. students, faculty, staff, alumni, parents, guests, etc.); how sure we are that the electronic credential we issue (username and password) goes to the right person; what services individuals are entitled to use; and the mechanisms, directories and systems that allow them to securely access those services. The IAM Roadmap addresses each of these areas and shows how they re related and dependant on each other. Priority projects are identified that are needed to support current university programs and applications, or lay the foundation for later efforts. These include the current Shibboleth and Identity Federation Project (which is supporting the student and other projects), a Password Management Project to provide self-service password resets (saving the Helpdesk many hours of support calls), Non Name-Based UnityIDs (to protect user privacy and eliminate renaming issues), the Campus Affiliation and Services Matrix to match campus affiliates with the services they require, a Guest Account system, and an Enterprise Directory Services project to develop a central location for campus identity data. The benefits of a fully implemented IAM infrastructure in addition to improving the efficiency and effectiveness of our existing systems - are specified and become more apparent as each project is briefly explained. The risks of not implementing a complete IAM environment are redundant accounts, systems and services; not meeting or adhering to audit requirements, federal regulations and state and federal privacy laws; and not being able to provide access to university services in a timely manner or remove that access when a user s relationship with the university changes. Page 3 of 23

4 IAM Dependencies As part of the overall IAM initiative, there is a dependency on the campus IT and University governance groups and the university data stewards to establish policies and procedures that define the different relationships individuals have with the university, and what services and data they are entitled to access. This extends across the student and employee lifecycles as well as to all non-traditional affiliates. Decisions made by the IAM governance committee(s) will determine what data needs to be obtained about individuals and stored in the appropriate System of Record (SoR). This data is the source for IAM identifiers and attributes that make up the core of the IAM system and is centrally located in the Enterprise Directory Service. Scope of the Roadmap This document is structured to show the relationships between the components that make up the IAM environment and how authoritative and sufficient identity data (attributes) can provide data consumers with the information they need to make appropriate authorization decisions about who should have access to what. The Roadmap is not a comprehensive project plan for addressing the IAM needs of the university. Plans will be developed as specific projects are undertaken to implement or enhance some facet of the overall IAM infrastructure for NC State University. Benefits The IAM Roadmap shows how the functions and components of Identity and Access Management are integrated into an infrastructure that enables many of the university services and online resources to operate more efficiently, effectively, economically and securely. From defining who has what relationship with the university, and as a result of that relationship to what services they are entitled; to provisioning access to those services through account and privilege management, IAM provides a foundation for developing web applications, sharing information and collaborating with others at the university, UNC System, State, National and International level. Risks As with any service that enables people to interact with systems, applications and resources, the availability of IAM services is critical to providing online access to the NC State community. This requires a very robust IAM environment from redundant, fault-tolerant servers, power, and networks, to an appropriate level of support personnel. The underlying infrastructure and backend systems need to be in place for the full benefits of Identity and Access Management to be realized. Another risk is that the growth in demand for IAM services might exceed the resources available to build and grow the infrastructure required to support it. Page 4 of 23

5 Current and Major Foundation Projects The following projects are currently in progress or will be shortly, as they lay the foundation for future IAM projects. Shibboleth and Identity Federation Project The Shibboleth System is a standards-based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. NC State users of external resources that are members of an identity federation can use Shibboleth to access these resources. This allows the user accessing the remote service to authenticate at NC State using his or her own campus username and password. The user then presents a digital authentication assertion to the resource along with any requested attributes and the resource makes a determination on whether to allow access. NC State established a Shibboleth Identity Provider (IdP) for the university in August, 2008 in response to a UNC-GA requirement to participate in the UNC System identity federation. This was to allow students within the system to register for courses at any of the system schools by accessing an interinstitutional registration application. Since that time, we have become a member of the InCommon identity federation and have the ability to easily set up access to federation service providers (SPs). We are currently exploring the use of Shibboleth to access some of our current vendors that are members of InCommon, rather than having to maintain a username and password on the vendor site and we have recently launched Google Apps for Education for student , which uses Shibboleth for access. Current campus web services that use or are planning to use Shibboleth to provide access are VCL, Moodle/Wolfware, My Pack Portal, the NCSU Library services and a number of web applications in engineering. There is also a strong interest in setting up this application as a potential replacement for the existing web authentication service WRAP. A primary benefit of using Shibboleth is that NC State users authenticate at our campus and don t need to maintain accounts in another location. Additionally, access can frequently be determined by the resource provider without needing to exchange personally identifiable information (PII), thus protecting the privacy of individuals. Password Self-Service Reset & Initial Password This project is well underway and is a foundation project for automating the account provisioning process for new users. It uses the Sun IDM product along with an application developed by AegisUSA that will allow users to set their initial password automatically, as well as establish challenge-response (UIA) questions for future password resets. The ability to set an initial password eliminates the use of a guessable formula for the initial password that is currently in use. By requiring the user to set their challenge-response questions when the initial password is chosen a way is provided for the user to reset their own password if they forget what it is. Currently, a user must come to the OIT Helpdesk in person to have a password reset. A primary benefit of this project is that Sun IDM will be connected to all the Page 5 of 23

6 enterprise account systems (currently Active Directory, Novell edirectory, MIT Kerberos and Google Apps for Education). The connectors that tie Sun IDM to the account systems for synchronizing passwords will also be configured to allow the accounts to be disabled. Once this project has been completed, the Sun IDM connectors will be mapped to other fields in the account systems so that when a student or new hire employee requires access to services they will be provisioned automatically with a SIS or HR action. Consequently, when a student or employee leaves the university, these same accounts can be automatically disabled and access to the appropriate campus services can be de-provisioned. Campus Affiliation vs. Services Matrix This project starts by developing a list of affiliate types that are recognized by the university as distinct populations that receive a unique service or set of services. For example: Student, Faculty, Staff, Alumni or Guest. This affiliation (or list of affiliations) can then be carried as identity attributes for each campus user. To clearly distinguish who is entitled to what services on campus, it may be necessary to provide more granularity by carrying sub-affiliations. For example an Employee who is also a Student and an Alumni, with sub-affiliations of FTE and Grad (MBA). Another example is a Guest who carries a sub-affiliation of Library Patron. These individuals all receive some service or services from the university. These will be mapped against the affiliation type and possibly grouped into service categories. These affiliation attributes or groups could then be used to make authorization decisions about which individuals get access to specific web services. An example of this would be certain licensed online library services. These might only be available to those users who carried a faculty, student or staff affiliation, or guest with a library patron sub-affiliation. Non Name-based UnityIDs There are many issues associated with name-based identifiers (usernames). The biggest challenge from an IT support perspective is the time-consuming and labor-intensive effort to rename an employee when their last name changes. Many applications embed the username in account or record information and these all need to be changed to ensure the individual continues to receive services they re entitled to. Creating usernames (UnityID) that are not name-based will allow us to stop the practice of renaming accounts. An additional benefit is that having name-based identifiers makes it difficult to release a principle name to an application if it can be easily traced back to a student (if they have a FERPA privacy block in place). Just privacy concerns in general would be eliminated if the UnityIDs were randomly generated or used an algorithm that did not include the users name. This project should be relatively simple to implement as it only requires a change to how the UnityID is created. Coming up with an approved formula for the creation of the identifier might be the most difficult aspect of the project. Communicating to campus that renames will no longer be done to Page 6 of 23

7 usernames is also part of this project. An additional enhancement might be to allow users to choose from several usernames when initially entering the university. This might eliminate those situations where whatever method is chosen to create an identifier results in something that is offensive to the individual user. An extension of this project might be to use another numeric campus identifier (ncsuid) to store in records and applications, and only use the UnityID as an alias for logins. It would still be a permanent identifier, but could be changed if there is a problem with it, and not required changes to multiple records and account systems. Enterprise Directory Services An Enterprise Directory Service (EDS) provides campus with a single location for unique user identity data that can be consumed by authorized campus resources and applications. It can be used for many purposes from online person directories to user account information, and to make access decisions around who is entitled to various services. Systems of Record (SoR) would supply authoritative data feeds to the EDS to keep it current. If applications access the EDS rather than using extracts or copies of user data, they would always be using current data and eliminate the possibility of making decisions or reporting on aged data. It also reduces the need for extracts that must be created and copied to multiple systems. The data is much more controlled and secure than a distributed model which gives the data to another owner and must depend on them to keep it secured. The Directory would also hold group and role data that could be created dynamically or by users (either directly through a GUI or by a request to a support team that would create static groups). Groups could be created for any number of purposes classes, distribution lists, department groups, application groups, etc. Groups based on course or class membership could be used to provide appropriate student access to applications such as VCL or Moodle or services such as the Library book reservation system. Roles could be assigned to individuals based on affiliation types, job functions or responsibilities, etc. Application or resource owners could petition the EDS service team to add additional attributes to support their specific services. Guest Account System The Guest account system provides a mechanism to authenticate people who are loosely-affiliated with the university and allow them to access appropriate resources without allowing access to those services restricted to more traditional members of the university community (students, faculty and staff). It also provides a way to enable certain groups of individuals (parents, vendors, alumni, retirees, job applicants, etc.) access to services, without being entered into our HR system as No Pay Employees. These individuals are often provided access to campus services they are not entitled to (or the university is not licensed for) simply because they can login to certain university accounts. Many applications cannot determine a user s affiliation with the university at this time, and therefore assume if someone can login they must be someone who should have access to the service. Having a guest account system would Page 7 of 23

8 provide another way to help make this determination as well as improve the integrity of the HR and Student user data. It also would allow us to capture some limited amount of bio-demo data (to be defined by campus leaders and data stewards) that could be used to provide statistics to different university groups such as admissions, development, athletics, etc. Seminars, summer youth camps, sports camps, continuing education and conferences would fall into this group of campus programs that might need guest access to services. If these individuals transition to a more traditional relationship with the university over time, it could be determined where they first experienced contact with NC State and provide an opportunity to evaluate the effectiveness of these programs in encouraging a renewed and richer relationship with the university. Page 8 of 23

9 The Internet2 IAM Model This diagram was developed by the Internet2 - Middleware Initiative (I2MI) and highlights a model of Identity and Access Management for Higher Education. middleware.internet2.edu Page 9 of 23

10 Policy and Governance Define user Affiliation Types for the university and what Services should be provided to each affiliate or group of affiliates Determine the risk associated with enterprise applications and what Level of Assurance (LoA) and strength of authentication (e.g. Strong Passwords, Second password, multi-factor) should be required for access to each Approve and support implementation of procedures for identity-proofing employees, students, affiliates and guests to meet each Level of Assurance (LoA) required for access Approve access to university identity data in the Enterprise Directory Services (e.g. College, Department, Application/Server, Individual) Authorize the creation of IAM working groups or project teams to address IAM areas of need Set priorities of various IAM projects based upon the university business need and available resources Page 10 of 23

11 Source Data / Systems of Record Systems of Record (SOR) should be identified and the appropriate authoritative data elements or attributes made available to the Identity Management system and/or an Enterprise Directory Service (EDS). The University Data Stewards define what identity data is authoritative (above), approve population of the data into an EDS and who can access it. Traditional campus users (faculty, staff and students) are distinguished from those who are more loosely affiliated with the university. Create a Guest System System of Record, to contain accounts and identity data for non-traditional users. Provide for movement of users between the guest and enterprise systems as their affiliation changes over time. Page 11 of 23

12 Enterprise Directory Services Design the Enterprise Directory Service to hold all the commonly used authoritative identity attributes of traditional and nontraditional users to provide the most value to authorized university identity data customers/consumers Continually evaluate technologies, methodologies and peer solutions to determine if NC State is providing the best service for our customers Evaluate and make recommendations on how to use the IAM system to provide identity information that allows campus resources, services and applications to make appropriate access decisions (e.g. Library services, LMS, college or department web resources, enterprise applications, etc.) Promote appropriate technologies if they can facilitate effective, efficient access to Systems and Services (e.g. Federated Identities, Single Sign-on, Single Authentication environment, twofactor authentication) Page 12 of 23

13 Identity Data Consumers (Applications, Services) Evaluate customer business requirements and needs for identity data and other IAM services Enhance the IAM System (e.g. additional attributes, group and role management, entitlements, etc.) to meet these data needs and to facilitate appropriate and secure access to campus resources where required Provide appropriate attributes to Federated Partners where agreed to by federation policies or agreement (contract) with the Service Provider Page 13 of 23

14 Groups and Privilege Management Look at the implementation of fine-grained group management as a means of providing access to university applications and resources Find or develop tools (scripts) to create entitlements for users based on group membership or roles, and use where appropriate to facilitate access to applications, services and resources Work with campus to transition their resources and applications to use shibboleth and group, role and attribute/entitlement-based access Review and recommend a process or application for group creation (centrally and/or user managed) Look at functional role management and privilege management as a way to provide access to applications and services Page 14 of 23

15 NC State University Current Account Provisioning Page 15 of 23

16 NC State University - Planned IAM Services Page 16 of 23

17 NC State University IAM Governance and Team Structure Page 17 of 23

18 Next Steps After the adoption of the IAM Roadmap, projects will continue in support of the IAM Initiative. The priority of the projects and the resources required to implement them will be determined by the campus business needs and at the direction of the IAM Oversight Committee. The IAM Service Team will continue to review the roadmap and make updates to it and the IAM Project list. They will also continually evaluate the progress of existing projects and make recommendations to the IAM Oversight Committee for establishing new projects or forming new teams as campus demands, business needs, changes in regulations or new technologies dictate. Conclusions The IAM Roadmap is not a static document. As progress is made on various IAM Projects the priorities of the remaining areas of IAM will change. Also, new technology or tools may influence when and how IAM projects are prioritized. What won t change are the business needs of the university for accurate, authoritative and secure identity data about campus community members and guests, and the ability to quickly and securely authenticate those users who have a right to access the university s resources. Page 18 of 23

19 Gantt Chart of IAM Initiative Projects Page 19 of 23

20 APPENDIX A IAM Project List IAM Topics / Tasks Description / Comments Relationships Affiliation vs. Services Matrix Identification of Affiliations Mapping Affiliates to Services When they receive/lose services ID-Proofing & Initial Issuing of Credentials Student Employees Affiliates (non-students) Remote - Distance Education Creation of University Identifier? (ncsuid) Enterprise Directory Services Schema Changes Group Management Determine what different affiliations exist and whether to group into categories Identify what services the university provides to "each" affilate type (e.g. student, alumni, parent, staff, contractor) Needed to implement appropriate provisioning & de-provisioning of services for each affiliate (or group/class of affiliates) Elevate LoA at time of Campus ID receipt Completed when filling out Form I-9 Numeric Identifier that exists outside of ERP systems Adding attributes and Object Classes Some affiliations are part of the Student or Employee "life cycle" and transitions between affiliations result in the addition or removal of services provided People could be provisioned into "affilation groups" that have a specific set of services (e.g. MyPack Portal Self-Service, Library Services, Alumni Services) (see above) Handoff of campus credential (or recredentialing) Potentially need to achieve LoA "2" for certain apps (included for completeness) Required for access to resources Required for access to resources Would allow people to move between guest system and HR/SIS as their affiliation with the university changes Add eduperson, eduorg, educourse Object Classes as well as Student Class data Needed for centralized access management to resources; Requires tool(s) or scripts to Page 20 of 23

21 implement Entitlements (Attributes) Adding Attributes (Process) Federated Identity Attributes Identify Systems of Record Technical Implementation Decisions Shibboleth/SAML - Federation Production IdP (Identity Provider) NC State Federation Process for new SPs WRAP replacement MyPack Portal Currently in place, but need to improve robustness of service (failover, load-balancing) Shibboleth for campus resources and web apps Documentation and Approval Process Shibbolizing Portal authentication Usually created as a result of Group Membership or having a certain "role". Would also be used in access management decisions by web apps or protected resources Requires an approval group (Data Release Management Oversight Committee); Can be used for access management Same as other attributes, but need to be made available to federation SPs Needed to ensure that attribute data is "authoritative"; alternatively to consider additional identity data attributes added to the EDS? Required for any shibbolized services (either internal or external) - needs authentication mechanism and attribute data (EDS) Same prerequisites as above; Can provide WRAP replacement for campus web apps Required to create new SPs within NC State Federation IdP needs to be at full production capability; Process needs to be published, with review committee or approval workflow in place NC State Federation needs to be in place or portal may need to operate within the UNC System Federation; applications behind the portal may need to be modified to accept additional credentials (UNC-CH users?) Page 21 of 23

22 Attribute Release Policy (ARP) uapprove Privacy Flags Account Management & Authentication Sun IDM Hardware Upgrade - Production Account Provisioning Account De-provisioning Guest Authentication System Reduced AuthN Environments Multi-factor authentication Single Sign-On (SSO) Both the policy decisions and the technical execution of the policy that determines which identity attributes are released to which Service Providers (SPs) A tool/utility to allow a user to see what attributes are requested by a SP (above and beyond those attributes that would normally be released) and authorize their release Review uapprove and FERPA regulations with Internal Audit and Legal Affairs Authentication Environment for nontraditional campus affiliates Make effort to utilize a minimum set of authentication service(s) More than just username/password Should be in place prior to releasing student attributes to external federation resources - needs approval from HR and Student data stewards Policy decisions must be made in order to implement the ARP within the IdP.XML files as well as within uapprove; release of student attributes to any external SP require uapprove to be in place (must check FERPA privacy block) Must be checked by uapprove prior to releasing attributes for students Need additional hardware to handle increased load. Requires "trigger" from HR or SIS SOR; Effort to minimize the number of accounts provisioned (same as above - trigger; minimal number of accounts) Need policy to define different affiliation types, services provided, start/stop dates for services; Need to understand whether attribute data will be kept in EDS along with traditional campus members Stable, primary authentication environment for all services; reduce synchronization of credentials Requires application(s) ability to take advantage of another factor, or to implement a second password or reprompt Ability to re-use an authentication credential previously obtained by the user Page 22 of 23

23 Password Management Obtaining initial password; self-service password resets Single authoritative source for campus password; ability to securely sync with other systems if necessary Controls (FGPP)? Need application or tool to implement Issuing Initial Password FERPA and other regulation may determine "how" we can do this; also ties in with identity proofing for on-campus and remote students Need to have "Proponderance of Evidence" to issue to a user via US Mail, Cell Phone, ? Self-Service Password Resets (UIA) Probably through Sun IDM Need adaptors or connectors in place to implement UIA questions; UIA in place to do self-service pwd resets Privileged account management Use SAR? Connectors to required system; determine workflow to approve accounts and access; implement in SAR? SAR/SunIDM should push administration policies consistently to all systems it provisions Not clear on this one - implying that there needs to be consistent password policies across platforms, applications? Page 23 of 23

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES 1. Federation Participant Information 1.1 The InCommon Participant Operational Practices information below is for: InCommon Participant organization

More information

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1 Item Count Provisioning/Deprovisioning Automated Deprovisioning 1 Automated on/off boarding from an authoritative source AUTOMATED [DE-]PROVISIONING 1 Removal of resources at the appropriate time 1 Timeliness

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15 Program Name Identity and Access Management (IAM) Implementation IAM Executive Sponsors Jim Livingston Stephen Hess 1 P age Project Scope Project Description The goal of this project is to implement an

More information

Federated Identity Management and Shibboleth: Policy and Technology for Collaboration

Federated Identity Management and Shibboleth: Policy and Technology for Collaboration Federated Identity Management and Shibboleth: Policy and Technology for Collaboration Marianne Colgrove, Deputy CTO, Reed Joel Cooper, Director of Information Technology Services, Carleton John O Keefe,

More information

Identity Access Management IAM 101. Mike Conlon Director of Data Infrastructure mconlon@ufl.edu

Identity Access Management IAM 101. Mike Conlon Director of Data Infrastructure mconlon@ufl.edu Identity Access Management IAM 101 Mike Conlon Director of Data Infrastructure mconlon@ufl.edu 1 Three Processes Identity Answers the question Who is in our environment? Authentication Answers the question

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications

Federated Identity Management and Shibboleth. Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management and Shibboleth Noreen Hogan Asst. Director Enterprise Admin. Applications Federated Identity Management Management of digital identity/credentials (username/password) Access

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access

More information

IDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator

IDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator IDENTITY MANAGEMENT ROLLOUT: IN A HURRY Jason Blackader, UNIX Systems Administrator Undergraduate, Graduate, Continuing Ed Industrial Design, Communication Design, Design Sciences, Arts & Media Two Campuses

More information

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis Business and Process Requirements Business Requirements mapped to downstream Process Requirements IAM UC Davis IAM-REQ-1 Authorization Capabilities The system shall enable authorization capabilities that

More information

Project Charter for ITPC-0375

Project Charter for ITPC-0375 9-16-2011 Page 1 of 12 Project Charter for ITPC-0375 Prepared by: Daryl Fritchey Project Name ITPC-0375 Identity and Access Management (IAM) Implementation IAM Executive Sponsors Chair Michael Hites, Executive

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: McGill University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert

More information

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees Identity Management and Shibboleth h at MSU Jim Green Manager, Identity Management Michigan State t University it Academic Technology Services Identity Management Definition: Identity management is the

More information

Identity Assurance Framework

Identity Assurance Framework Executive Summary Assurance of a user s identity in an electronic system is required for many University business processes to function efficiently and effectively. As the risk associated with an electronic

More information

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement

More information

Novell to Microsoft Conversion: Identity Management Design & Plan

Novell to Microsoft Conversion: Identity Management Design & Plan Novell to Microsoft Conversion: Identity Management Design & Plan Presented To: 3/2/2011 1215 Hamilton Lane, Suite 200 Naperville, IL 60540 www.morantechnology.com Voice & Fax: 877-212-6379 Version History

More information

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers Q # 1 RFP BOR-1511 Federated Identity Services - Response to Questions / Answers Under Technical Requirements the following requirement is listed: 2. The solution is cloud-based softwareas-a-service, requiring

More information

The Unique Alternative to the Big Four. Identity and Access Management

The Unique Alternative to the Big Four. Identity and Access Management The Unique Alternative to the Big Four Identity and Access Management Agenda Introductions Identity and Access Management (I&AM) Overview Benefits of I&AM I&AM Best Practices I&AM Market Place Closing

More information

STATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses

STATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses STATE OF NEW YORK IT Transformation Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses June 8, 2012 Appendix B Consolidated Vendor Questions with

More information

University of Maryland Active Directory Policies

University of Maryland Active Directory Policies University of Maryland Active Directory Policies Purpose of this policy Scope AD Forest Forest Schema & Data Visibility Account and Group Synchronization Account Creation and Password Forest Security Principle

More information

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright

More information

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015

Federation At Fermilab. Al Lilianstrom National Laboratories Information Technology Summit May 2015 Federation At Fermilab Al Lilianstrom National Laboratories Information Technology Summit May 2015 About Fermilab Since 1967, Fermilab has worked to answer fundamental questions and enhance our understanding

More information

Federated Identity Management Checklist

Federated Identity Management Checklist Federated Identity Management Checklist This document lists the minimum (marked with an *) and recommended policy, process, and technical steps required to implement Federated Identity Management and operate

More information

The State of Identity Management Self-assessment Questionnaire

The State of Identity Management Self-assessment Questionnaire Identity and the Cloud: Preparing Your Campus EDUCAUSE 2010 Pre-Conference Seminar The State of Identity Management Self-assessment Questionnaire Each entry below describes an aspect of identity management

More information

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014 Introduction to Identity and Access Management for the engineers Radovan Semančík April 2014 How it works now? Manager Admin Login Users Login Admin Login Login Login Theory Manager Admin Forgot password

More information

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap UW System Identity & Access Management (IAM) Recommended Strategic Roadmap Fall 2015 ITMC (Rev 1/11) Our challenge CIOs charged IAM-TAG with recommending an IAM strategy that would: Establish an identity

More information

Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management SAP Solution in Detail SAP NetWeaver SAP Identity Management Business-Driven, Compliant Identity Management Table of Contents 3 Quick Facts 4 Business Challenges: Managing Costs, Process Change, and Compliance

More information

SAML SSO Configuration

SAML SSO Configuration SAML SSO Configuration Overview of Single Sign-, page 1 Benefits of Single Sign-, page 2 Overview of Setting Up SAML 2.0 Single Sign-, page 3 SAML 2.0 Single Sign- Differences Between Cloud-Based Meeting

More information

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements Encore Software Solutions (V3) provides a holistic Identity Lifecycle

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes

More information

Achieving HIPAA Compliance with Identity and Access Management

Achieving HIPAA Compliance with Identity and Access Management Achieving HIPAA Compliance with Identity and Access Management A Healthcare Case Study Stephen A. Whicker Manager Security Compliance HIPAA Security Officer AHIS/St. Vincent Health DISCLAIMER: The views

More information

Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management Solution in Detail NetWeaver NetWeaver Identity Business-Driven, Compliant Identity Using NetWeaver Identity Managing users in heterogeneous IT landscapes presents many challenges for organizations. System

More information

Conceptual Design. Forefront Identity Manager. Karen McLaughlin

Conceptual Design. Forefront Identity Manager. Karen McLaughlin Conceptual Design Karen McLaughlin January 29, 2013 Overview The purpose of this design is to provide information on the value in addition to Global Address List Synchronization (GAL Sync) that a full

More information

Identity and Access Management Memorial s Strategic Roadmap

Identity and Access Management Memorial s Strategic Roadmap Identity and Access Management Memorial s Strategic Roadmap Executive Summary January 29, 2015 Identity and Access Management Identity and Access Management (IAM) is an integrated system of policies, business

More information

Multi-Factor Authentication, Assurance, and the Multi-Context Broker

Multi-Factor Authentication, Assurance, and the Multi-Context Broker Multi-Factor Authentication, Assurance, and the Multi-Context Broker IAM Online April 30, 2014 Keith Wessel, University of Illinois, Urbana-Champaign David Langenberg, University of Chicago David Walker,

More information

Brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.

Brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group. IAM Online Brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group. IAM Online is a new monthly series delivering interactive education on

More information

Current Environment Assessment Specification. Single Sign On Customer Relation Management Workstation Support

Current Environment Assessment Specification. Single Sign On Customer Relation Management Workstation Support Current Environment Assessment Specification Single Sign On Customer Relation Management Workstation Support Georgia State University By: Team #2 Members: Igor Wolbers Tony Yuan Saeed Nadjariun Team2 Version

More information

Three Case Studies in Access Management

Three Case Studies in Access Management Three Case Studies in Access Management IAM Online June 10, 2015-2 pm EDT Andy Morgan, Oregon State University Mandeep Saini, GÉANT Albert Wu, UCLA Moderator: Tom Barton, University of Chicago Fit for

More information

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth

More information

Enterprise Identity Management Reference Architecture

Enterprise Identity Management Reference Architecture Enterprise Identity Management Reference Architecture Umut Ceyhan Principal Sales Consultant, IDM SEE Agenda Introduction Virtualization Access Management Provisioning Demo Architecture

More information

IAM, Enterprise Directories and Shibboleth (oh my!)

IAM, Enterprise Directories and Shibboleth (oh my!) IAM, Enterprise Directories and Shibboleth (oh my!) Gary Windham Senior Enterprise Systems Architect University Information Technology Services windhamg@email.arizona.edu What is IAM? Identity and Access

More information

Enhancing Collaboration by Extending the Groups Directory Infrastructure. James Cramton Brown University

Enhancing Collaboration by Extending the Groups Directory Infrastructure. James Cramton Brown University Enhancing Collaboration by Extending the s Directory Infrastructure James Cramton Brown University Why We are Here De-duplication without all the facts Software in central business system identifies individuals

More information

Regulatory Compliance Using Identity Management

Regulatory Compliance Using Identity Management Regulatory Compliance Using Identity Management 2015 Hitachi ID Systems, Inc. All rights reserved. Regulations such as Sarbanes-Oxley, FDA 21-CFR-11 and HSPD-12 require stronger security, to protect sensitive

More information

Identity and Access Management Policy

Identity and Access Management Policy Page 1 of 5 Identity and Access Management Policy Reference number 0605-IAM Interim HEMIS Classification 0605 Purpose Date of implementation 1 December 2012 Review date Previous reviews Policy owner Policy

More information

Oracle Identity And Access Management

<Insert Picture Here> Oracle Identity And Access Management Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

Aurora Hosted Services Hosted AD, Identity Management & ADFS

Aurora Hosted Services Hosted AD, Identity Management & ADFS 22/09/2013 Aurora Hosted Services Hosted AD, Identity Management & ADFS 1 Service Overview - Hosted Identity Management Core provides a fully managed solution hosted in Azure and connected directly to

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Open Source Identity Management

Open Source Identity Management Open Source Management OpenAlt 2015 Radovan Semančík November 2015 Ing. Radovan Semančík, PhD. Software architect Co-owner of Evolveum (open source company) Architect of midpoint project Apache committer

More information

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges 1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda Business challenges

More information

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications Matt Weisberg Vice President & CIO, Weisberg Consulting, Inc. matt@weisberg.net Paul McKeith Technical Sales, Novell, Inc. pmckeith@novell.com

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and

More information

InCommon Basics and Participating in InCommon

InCommon Basics and Participating in InCommon InCommon Basics and Participating in InCommon A Summary of Resources Updated October 25, 2013 Copyright 2011-2013 by Internet2, InCommon and/or the respective authors Table of Contents TABLE OF CONTENTS

More information

Quest One Identity Solution. Simplifying Identity and Access Management

Quest One Identity Solution. Simplifying Identity and Access Management Quest One Identity Solution Simplifying Identity and Access Management Identity and Access Management Challenges Operational Efficiency Security Compliance Too many identities, passwords, roles, directories,

More information

IT Commons Enterprise Directory Services Project

IT Commons Enterprise Directory Services Project Business Case and Funding Proposal IT Commons Enterprise Directory Services Project Table of Contents Executive Summary...3 Introduction...4 Statement of Opportunity...4 Current State of Directories...5

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

Accelerate Without Fear: Extend Your Enterprise with Identity Federation. Kirk Brown CTO, Identity Management Sun Microsystems

Accelerate Without Fear: Extend Your Enterprise with Identity Federation. Kirk Brown CTO, Identity Management Sun Microsystems Accelerate Without Fear: Extend Your Enterprise with Identity Federation Kirk Brown CTO, Identity Management Sun Microsystems 1 Welcome to the Participation Age Enterprise Collaborative Industry Networks,

More information

Extending Identity and Access Management

Extending Identity and Access Management Extending Identity and Access Management Michael Quirin Sales Engineer Citrix Systems 1 2006 Citrix Systems, Inc. All rights reserved. Company Overview Leader in Access Infrastructure NASDAQ 100 and S&P

More information

Information Technology Services. Roadmap 2014-2016

Information Technology Services. Roadmap 2014-2016 Information Technology Services Roadmap 2014-2016 Introduction This document charts the direction for Humboldt State University s Information Technology Services department over the next three years. It

More information

Presentation to House Committee on Technology: HHS System Identity & Access Management

Presentation to House Committee on Technology: HHS System Identity & Access Management Presentation to House Committee on Technology: HHS System Identity & Access Management Bowden Hight Deputy Executive Commissioner Information Technology Services Health and Human Services Commission May

More information

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM) www.wipro.com

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM) www.wipro.com WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM) www.wipro.com Table of Contents 03...Introduction 04...Wipro Cloud (WIC) as a Service Type 05...Wipro Cloud Capabilities

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

Single Sign On at Colorado State. Ron Splittgerber

Single Sign On at Colorado State. Ron Splittgerber Single Sign On at Colorado State Ron Splittgerber Agenda Identity Management Authentication Authorization The Problem The Solution: Federation Trust Between Institutions Trust Between Institution and Federal

More information

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Approaches to Enterprise Identity Management: Best of Breed vs. Suites Approaches to Enterprise Identity Management: Best of Breed vs. Suites 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Executive Summary 1 3 Background 2 3.1 Enterprise Identity

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: Royal Roads University_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they

More information

Active Directory User Management System (ADUMS)

Active Directory User Management System (ADUMS) Active Directory User Management System (ADUMS) Release 2.9.3 User Guide Revision History Version Author Date Comments (MM/DD/YYYY) i RMA 08/05/2009 Initial Draft Ii RMA 08/20/09 Addl functionality and

More information

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant Easy as 1-2-3: The Steps to XE Mark Hoye Services Portfolio Consultant September 25, 2015 Objective / Agenda Objective Provide relevant information about Banner XE Provide a framework for understanding

More information

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT Solution in Detail NetWeaver BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING NetWeaver IDENTITY MANAGEMENT Identity management today presents organizations with a host of challenges. System landscapes

More information

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision

More information

[Identity and Access Management Self-Service Portal]

[Identity and Access Management Self-Service Portal] 2014 The University of Tennessee at Chattanooga Tony Parsley [Identity and Access Management Self-Service Portal] The following document is intended for all Students, Faculty, Staff, and Affiliates of

More information

The Role of Federation in Identity Management

The Role of Federation in Identity Management The Role of Federation in Identity Management August 19, 2008 Andrew Latham Solutions Architect Identity Management 1 The Role of Federation in Identity Management Agenda Federation Backgrounder Federation

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: University of Lethbridge 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources

More information

August 14, 2007 Chapter 2. Identity Management Requirements Identity Management. Table of Contents Definitions Bona fide identity. Digital identity.

August 14, 2007 Chapter 2. Identity Management Requirements Identity Management. Table of Contents Definitions Bona fide identity. Digital identity. August 14, 2007 Chapter 2. Identity Management Requirements Identity Management. A comprehensive set of tools and processes for creating and managing digital identities for all entities that are affiliated

More information

Intelligent Security Design, Development and Acquisition

Intelligent Security Design, Development and Acquisition PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New

More information

Identity Management Issues for Multi-Campus Institutions - University of California -

Identity Management Issues for Multi-Campus Institutions - University of California - Identity Management Issues for Multi-Campus Institutions - University of California - David Walker Jacqueline Craig Office of the President University of California Copyright Regents of the University

More information

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology Establishing A Multi-Factor Authentication Solution Report to the Joint Legislative Oversight Committee on Information Technology Keith Werner State Chief Information Officer Department of Information

More information

Securing Physician and Patient Portals for HIPAA Compliance

Securing Physician and Patient Portals for HIPAA Compliance Securing Physician and Patient Portals for HIPAA Compliance HIPAA Summit VIII Session 2.04 1:00 2:00 pm March 8 1 Agenda Identity and Access Management Technology and HIPAA Requirements Bob Tahmaseb, Principal

More information

DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE

DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE SOLUTION PLAN REQUIREMENTS ANALYSIS DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE Executive Summary The project will document campus requirements for IAM functionality and select and procure one or more technology

More information

PROJECT CONTROL DOCUMENT

PROJECT CONTROL DOCUMENT PROJECT CONTROL DOCUMENT PERSISTENT EMAIL (AKA EMAIL MODEL) EM-PCD-001 Draft 06/09/2004 Prepared by Don D Worth UCLA PERSISTENT EMAIL Copyright 2002-2004, The Regents of the University of California All

More information

Google Apps SSO to Office 365 Integration

Google Apps SSO to Office 365 Integration KETS Google Apps SSO to Office 365 Integration Kentucky Department of Education Version 1.6 4/21/2015 Google Apps for Education (GAFE) + Microsoft Active Directory Integration Introduction Welcome to the

More information

CAMPUS EXPERIENCES USING NET+ TRUST, IDENTITY, AND SECURITY SERVICES

CAMPUS EXPERIENCES USING NET+ TRUST, IDENTITY, AND SECURITY SERVICES CAMPUS EXPERIENCES USING NET+ TRUST, IDENTITY, AND SECURITY SERVICES Nicholas Roy Penn State (Pennsylvania State University, The) Andrea Harrington Penn State (Pennsylvania State University, The) Michael

More information

Google Apps SSO to Office 365 Integration

Google Apps SSO to Office 365 Integration KETS Google Apps SSO to Office 365 Integration Kentucky Department of Education Version 1.5 12/3/2014 Google Apps for Education (GAFE) + Microsoft Active Directory Integration Introduction Welcome to the

More information

Enterprise Directory Services Phase 2 Governance Board Recommendations

Enterprise Directory Services Phase 2 Governance Board Recommendations MAIS Information Technology Central Services and Michigan Administrative Information Services Enterprise Directory Services Phase 2 Governance Board Recommendations Populations and Data Sources The goal

More information

- Identity & Access Management

- Identity & Access Management IBM Software Group NSHE - Identity & Access Management 2006 IBM Corporation Identity & Access Management Access Management and The Monitoring, Auditing and Reporting for Compliance So What s The Problem

More information

Update on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing?

Update on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing? Update on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing? Ann West, Michigan Technology University Jackie Charonis, Stanford University Nancy Krogh, University of

More information

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD By Gail Coury, Vice President, Risk Management, Oracle Managed Cloud Services 2014 W W W. OU T S O U R C IN G - CEN T E R. C O M Outsourcing

More information

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS

USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS USING ESPRESSO [ESTABLISHING SUGGESTED PRACTICES REGARDING SINGLE SIGN ON] TO STREAMLINE ACCESS Andy Ingham (UNC-Chapel Hill) NASIG Annual Conference, June 4, 2011 What I hope to cover Problem statement

More information

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management Solution in Detail NetWeaver Business-Driven, Compliant Identity Table of Contents 3 Quick Facts 4 Business Challenges Identity for the User Lifecycle 5 The Solution Supporting a Heterogeneous IT Landscape

More information

ALA Technology Roadmap. All dates are subject to change at any time based on available resources. 01/16/2014 FY14: January 2014

ALA Technology Roadmap. All dates are subject to change at any time based on available resources. 01/16/2014 FY14: January 2014 FY14: January 2014 Solr Search Engine Our Google Mini Search Appliance in use on ala.org was no longer supported by Google, so we needed to replace it with Apache Solr Search, an open source search engine.

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Integrating Multi-Factor Authentication into Your Campus Identity Management System Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context

More information

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta.

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA 94107. info@okta. Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta

More information

Georgia Tech Active Directory Policy

Georgia Tech Active Directory Policy Georgia Tech Active Directory Policy Policy No: None Rev 1.1 Last Revised: April 18, 2005 Effective Date: 02/27/2004 Last Review Date: April 2005 Next Review Date: April 2006 Status Draft Under Review

More information

Carleton College: Identity Management and Enterprise Directories at a Smaller Institution

Carleton College: Identity Management and Enterprise Directories at a Smaller Institution NMI-EDIT Identity and Access Management Case Study Series Carleton College: Identity Management and Enterprise Directories at a Smaller Institution September 2004 NMI-EDIT Case Study Series In response

More information

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,

More information

User Guide. Version R91. English

User Guide. Version R91. English AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information