Columbia Identity/Access Management. (another tawdry tale of access control convergence)



Similar documents
Columbia University IAM Use Case

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

GENETEC SECURITY CENTER (GSC) Software

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Photo ID card SoftWArE

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

Using SNMP with OnGuard

How To Use Dataconduit With A Powerpoint (Jscript) On A Microsoft Computer (Windows) (For Microsoft) (Windows Xp) (Powerpoint 3) (Amd64) (Macintosh

Strategic Identity Management for Industrial Control Systems

The State of Identity Management Self-assessment Questionnaire

University of Southern California ivip Guest/Affiliate System

Guard All Security Symposium. Identity and Access Management

Schlumberger PKI /Corporate Badge Deployment. Neville Pattinson Director of Business Development & Technology IT & Public Sector

Websense Support Webinar: Questions and Answers

University of Maine System Active Directory Services - RFP# ADDENDUM #01

Three Campus Case Studies: Managing Access with Grouper

The Return on Investment (ROI) for Forefront Identity Manager

Integrated Identity Management Whitepaper

Surveillance and Security for Casinos. Cost-Effective Solutions for Any Size Facility

STATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses

Access Control Manager

OAAP Certification Process Guide

Kenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

INTEGRATED SOFTWARE SOLUTIONS

Avigilon Control Center 5 System Integration Guide. Video and Event Viewer for Lenel OnGuard

The Unique Alternative to the Big Four. Identity and Access Management

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

User-Centric Client Management with System Center 2012 Configuration Manager in Microsoft IT

- Identity & Access Management

Identity and Access Management PI-1 Demo. December 2, 2014 Tuesday 10:00 A.M. 6 Story Street

8070.S000 Application Security

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Oracle Identity Manager, Oracle Internet Directory

How to Implement a Unified Security Management Platform:

P2000 AND P2000LE SECURITY MANAGEMENT SYSTEM. Interactive, real time security management

Avaya Virtualization Provisioning Service

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

Identity and Access Management Memorial s Strategic Roadmap

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

OnCore Clinical Research Management System Standard Operating Procedures

IDENTITY MANAGEMENT ROLLOUT: IN A HURRY. Jason Blackader, UNIX Systems Administrator

can I customize my identity management deployment without extensive coding and services?

AxTraxNG Access Control Management Software

Microsoft Dynamics GP 2010

SYMMETRY PRODUCT OVERVIEW

Banner, BEIS and Active Directory Identity Integration

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

P2000 SECURITY MANAGEMENT SYSTEM. Interactive, real time security management

SYMMETRY. DATASHEET ACCESS CONTROL Product Overview

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Executive Summary P 1. ActivIdentity

Microsoft Dynamics GP Release. Workflow Administrator s Guide

Key New Capabilities Complete, Open, Integrated. Oracle Identity Analytics 11g: Identity Intelligence and Governance

SQL Server 2008 R2 Express Edition Installation Guide

The Convergence of IT Security and Physical Access Control

PART A. Option 1: City Hall & POA Supply and Install Lenel Onguard Security Upgrade and supply and Install Axis IP Cameras

Legacy (RedCloud) Security Management Software 4.2 Release Notes

Development and deployment of integrated attribute based access control for collaboration

Best Practices Report

IOS110. Virtualization 5/27/2014 1

Introduction. There are several bits of information that must be moved:

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

The Convergence of IT Security and Physical Access Control

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Milestone Federated Architecture TM

Doors.NET Access Control Software. Data Sheet. web:

Program Summary. Criterion 1: Importance to University Mission / Operations. Importance to Mission

Integrating Hitachi ID Suite with WebSSO Systems

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

Oracle Human Capital Management Cloud Securing Oracle HCM Cloud. Release 10

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

NFON Whitepaper: Integrating Microsoft Lync (Skype for Business) with Telephony

Enterprise Access Control from Avigilon

The Deployment Production Line

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap

Network Configuration Management

[Identity and Access Management Self-Service Portal]

WatchGuard Dimension v1.1 Update 1 Release Notes

EPICenter Network Management Software

Card Personalization Software. Asure ID 7

Effective Use of Individual User Profiles with Software Distribution

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Technical Specification Data 1

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Transcription:

Columbia Identity/Access Management (another tawdry tale of access control convergence)

The Environment (2006) Highly decentralized and diverse university environment (so what else is new? ) Multiple campuses (a new one coming!) and affiliate institutions (Teachers College, Barnard College, Union Theological Seminary) Multiple access control systems Separate badging system A zillion card types (SSN on mag stripe!) Rather inconsistent deprovisioning

SIAC Project 2006-7 (1 year) Eliminated SSN on ID cards Unified multiple access systems (well, most anyway) with single OnGuard platform Integrated physical security and logical security Deployed HID iclass badges with contactless readers Deployed large amount of field hardware (now over 1400 readers and 2200 cameras) Upgraded IdM from Ingres to Oracle and rewrote core IdM Developed next-generation, homegrown provisioning tool ( DIA ) Facilitated/upgraded operations for Public Safety, University Housing, and 5 badging offices Integrated IdM with Blackboard transaction system

Identity Management Locally developed IdM system (Ingres Oracle database during SIAC, LDAP directory services) dating back to 90 s Logical provisioning waffil system (not realtime) Software components developed locally during SIAC project include idm2lenel interface and DIA (Delegated Identity Administration) provisioning tool

DIA (Delegated Identity Administration) DIA web-based provisioning allows departmental administrators to onboard employees and nonemployees (not students) with online and physical credentials in real-time Authorization for DIA administration tied to PeopleSoft personnel system privileges System of record data still provided in batch (student and employee systems, plus several affiliate institutions) netid ( UNI ) and cardholder/badge record created or modified

DIA

idm2lenel idm2lenel consumes events of interest (add/delete/modify within IdM) via Web service, and executes business logic which in turn produces calls to Lenel through dataconduit Biodem data, Lenel roles, badges, and access levels created/modified DIA-to-Lenel executes in near-time; particularly useful for ID centers that also provision (library and fitness center) Access deprovisioning in near-time for DIA transactions and overnight for batch data

Lenel Customizations Lenel customized to populate up to 3 campus roles per person based upon role hierarchy Roles determines badge type, deactivation date and default access levels Roles printed on back of badge UCN trigger randomly generates badge numbers

Roles

Access Levels

Problems Just a wee bit of stabilization for SIAC project (for a couple of years) dataconduit bug (deprovisioning); resolved instability of OnGuard linkage service; seems better now (fingers crossed) large queue of IdM events (from batch) can take long time to process by idm2lenel (dataconduit is slow) only most general access levels currently provisioned automatically

Roles and Responsibilities Infrastructure and application administration: CUIT TI and IAM Provisioning: systems of record, DIA users, some badging offices Field hardware support/deployment: Public Safety at Columbia, ACT (our VAR) at Teachers College Access issues: Public Safety Badging and card support: ID Centers IdM, idm2lenel, and everything but the kitchen sink: IAM

Next Steps (done) NEC HA deployed 2008 Idm2lenel interface total rewrite 2008 Online photo submission rolled out in 2009; allows new students to submit photos and ID Centers to approve for population in Lenel Comm server farm now consists of 7 VMs and growing, for video and edge readers Built out homegrown reporting infrastructure

Next Steps (soon-ish) Utilize more efficient dataconduit call to assign access levels (primary overhead per transaction) SOA? Provision finer-grain access levels Card number-to-person translator for users of wedge readers that track events and attendance More VM, more comm servers, blah, blah, blah

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information