Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis



Similar documents
Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Project Charter for ITPC-0375

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Strategic Identity Management for Industrial Control Systems

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Identity Management Overview. Bill Nelson Vice President of Professional Services

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

The New Grouper: Its New User Interface and More

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

EDUCAUSE Security Presentation. Chad Rabideau Senior Consultant Identity Management AegisUSA

Key New Capabilities Complete, Open, Integrated. Oracle Identity Analytics 11g: Identity Intelligence and Governance

Integrated Identity and Access Management Architectural Patterns

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

Trust but Verify: Best Practices for Monitoring Privileged Users

Three Campus Case Studies: Managing Access with Grouper

How can Identity and Access Management help me to improve compliance and drive business performance?

Enterprise Identity Management Reference Architecture

STATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

Advanced Configuration Steps

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

Identity Governance Evolution

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

POLICY Identity Access Management. Number: G 0900 Date Published: 18 February 2014

Softerra Adaxes Enterprise Directory Solution

Automated User Provisioning

Identity and Access Management. An Introduction to IAM

The Unique Alternative to the Big Four. Identity and Access Management

Terminology. Enabling Parent Single Sign-On. Server Configuration

Presentation to House Committee on Technology: HHS System Identity & Access Management

NCSU SSO. Case Study

Integrating Hitachi ID Suite with WebSSO Systems

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

The Top 5 Federated Single Sign-On Scenarios

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

CA Service Desk Manager

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Cayosoft Administrator. Modern Administration. Cayosoft.com. Unify, Simplify and Secure Microsoft Administration. Features at a Glance

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

PUR1308/12 - Service Management Tool Minimum Requirements

Identity & Access Management

Centralized Oracle Database Authentication and Authorization in a Directory

Account Management Standards

Identity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

<Insert Picture Here> Oracle Identity And Access Management

Certification Practice Statement

Single Sign On. SSO & ID Management for Web and Mobile Applications

Active Directory Self-Service FAQ

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Apache Syncope OpenSource IdM

- Identity & Access Management

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Active Directory User Management System (ADUMS)

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

Open Source Identity Management

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

With ADManager Plus, there are no extra installations required, and no OPEX, no dependencies on other software!

TOP. Steps to Success. TOP 10 Best Practices. Password Management With a Plan.

Aurora Hosted Services Hosted AD, Identity Management & ADFS

DATA CENTER SERVICE CATALOG

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

Active Directory Self-Service Bundle

Identity and Access Management

Oracle Identity Manager, Oracle Internet Directory

Cloud Services Catalog with Epsilon

OracleAS Identity Management Solving Real World Problems

Extending Identity and Access Management

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

How To Make A Multi-Tenant Platform Secure And Secure

esign Online Digital Signature Service

Take Control of Identities & Data Loss. Vipul Kumra

Transcription:

Business and Process Requirements Business Requirements mapped to downstream Process Requirements IAM UC Davis

IAM-REQ-1 Authorization Capabilities The system shall enable authorization capabilities that align user's affiliations and associations to a wide range of applications and systems. IAM-REQ-106 Assign Roles Based on User Attributes IAM-REQ-109 Authorization Rules IAM-REQ-110 Auto-Assignment of Roles IAM-REQ-112 Mandatory Roles IAM-REQ-95 Recommended Roles Interface IAM-REQ-116 Role Bundling IAM-REQ-91 Third Party Access Management IAM-REQ-92 Third Party Role Management IAM-REQ-96 User Role Request IAM-REQ-8 Limit Access to Restricted Data The system shall limit access to restricted information to privileged users and processes. IAM-REQ-47 Encrypt Transport and Storage of Sensitive Data IAM-REQ-25 Identify Restricted Information IAM-REQ-78 Multiple Interface Views IAM-REQ-59 Provide Views of Identity Info IAM-REQ-93 Third Party Attribute View IAM-REQ-90 User Search Interface IAM-REQ-10 Activity Logging The system shall log all IAM activities. IAM-REQ-27 Log System Activities IAM-REQ-118 Report Retention Policies IAM-REQ-11 Report Generation The system shall allow reports to be generated and viewed by authorized personnel. IAM-REQ-29 Deliver Reports as Appropriate IAM-REQ-28 Generate Reports as Appropriate IAM-REQ-27 Log System Activities IAM-REQ-118 Report Retention Policies IAM-REQ-117 Target System Report Constraints IAM-REQ-12 Auditing Capabilities The system must support auditing capabilities. IAM-REQ-32 Audit Non-Target Specific Data IAM-REQ-31 Audit Target Specific Data IAM-REQ-29 Deliver Reports as Appropriate IAM-REQ-28 Generate Reports as Appropriate IAM-REQ-27 Log System Activities IAM-REQ-118 Report Retention Policies IAM-REQ-117 Target System Report Constraints

IAM-REQ-14 Privacy Protections The system shall maintain privacy protection for identity and other confidential data. IAM-REQ-47 Encrypt Transport and Storage of Sensitive Data IAM-REQ-73 Identify Privileged User Types IAM-REQ-25 Identify Restricted Information IAM-REQ-62 Limit System/Process Access to Restricted Info IAM-REQ-61 Limit User Access to Restricted Info IAM-REQ-49 Meet FERPA Requirements IAM-REQ-46 Meet UCD Campus IT Usage Policy IAM-REQ-45 Meet UCDHS Use Agreements IAM-REQ-78 Multiple Interface Views IAM-REQ-48 Obscure Sensitive Data Entered IAM-REQ-59 Provide Views of Identity Info IAM-REQ-74 Self-Service View of Identity Info IAM-REQ-15 Multiple Password Policies The system shall accommodate password policies for all affected source and target systems. IAM-REQ-75 Accommodate Multiple Password Policies IAM-REQ-79 Password Reset Questions IAM-REQ-80 Password Reset Questions Interface IAM-REQ-76 Self-Service IAM Password Reset IAM-REQ-77 Self-Service Target System Password Reset IAM-REQ-19 Role Assignment and Provisioning Actions The system shall use roles to provision user accounts and provide access to resources across multiple computer systems and applications. IAM-REQ-106 Assign Roles Based on User Attributes IAM-REQ-113 Auto-Approval of Roles IAM-REQ-110 Auto-Assignment of Roles IAM-REQ-112 Mandatory Roles IAM-REQ-95 Recommended Roles Interface IAM-REQ-116 Role Bundling IAM-REQ-99 Role Definition and Policies IAM-REQ-100 Role Expiration IAM-REQ-102 Role Expiration Extensions IAM-REQ-101 Role Notifications IAM-REQ-107 Role Ownership IAM-REQ-103 Role Usage Guidelines IAM-REQ-105 Roles May Define Multiple Permissions IAM-REQ-104 Roles May Provision Multiple Systems IAM-REQ-23 Support Immediate Access Requests IAM-REQ-114 Third Party Bulk Role Management IAM-REQ-92 Third Party Role Management IAM-REQ-96 User Role Request IAM-REQ-35 Accommodate Externals The system shall provide Identity and Access Management for externals from both the Health System and Campus, reusing any existing functionality whenever possible.

IAM-REQ-33 Externals' Registration Interface IAM-REQ-34 Externals' Sponsors IAM-REQ-36 Interface to Manage Externals IAM-REQ-38 Maintain Externals' Identity Info IAM-REQ-37 Reconcile Externals with Existing Affiliates IAM-REQ-120 Privileged Users The system shall empower an organization of authorized IAM privileged users who provide identity vetting for members of the community, as well as assistance for end-users for common IAM interactions such as password resets or group management. IAM-REQ-159 Help Desk Interface IAM-REQ-25 Identify Restricted Information IAM-REQ-78 Multiple Interface Views IAM-REQ-91 Third Party Access Management IAM-REQ-93 Third Party Attribute View IAM-REQ-94 Third Party Password Reset IAM-REQ-92 Third Party Role Management IAM-REQ-90 User Search Interface IAM-REQ-121 Person Repository The system shall provide a Person Repository capable of containing all members of the UC Davis community, for use as an authoritative source of identity information for applications deployed for use at UCD. IAM-REQ-111 Account Name Retention IAM-REQ-57 Define and Locate Identity Info IAM-REQ-115 Identity Suspense Interface IAM-REQ-55 Interface to Resolve Identity Conflicts IAM-REQ-58 Maintain and Store Identity Info IAM-REQ-38 Maintain Externals' Identity Info IAM-REQ-56 Match Resolution Processes IAM-REQ-59 Provide Views of Identity Info IAM-REQ-37 Reconcile Externals with Existing Affiliates IAM-REQ-54 Uniquely Define Users IAM-REQ-122 Group and Org Hierarchy Management The system shall provide a Group Manager tool and other tools to support group management and organizational hierarchies for their use in approval workflows, creating and maintaining institutional groups and ad hoc groups. (Some administrative tools will also require group management.) IAM-REQ-98 Accommodate Organizational Hierarchies IAM-REQ-149 Group Approvers IAM-REQ-141 Group Owners IAM-REQ-140 Groups Admin Interface IAM-REQ-136 Groups API IAM-REQ-146 Groups Containers IAM-REQ-137 Groups DB Access IAM-REQ-145 Groups Hierarchy IAM-REQ-139 Groups LDAP Access IAM-REQ-142 Groups Logging IAM-REQ-147 Groups Membership APIs IAM-REQ-143 Groups Privileged Users

IAM-REQ-144 Groups Reports IAM-REQ-148 Groups Structure APIs IAM-REQ-151 Groups Workflow Constraint IAM-REQ-138 Groups WS Access IAM-REQ-119 Role Approver Groups IAM-REQ-163 Virtual Organization Management IAM-REQ-123 New IAM Processes The system shall support new policies and procedures to govern IAM processes and activities including delegation of authority and role management. IAM-REQ-124 Auto-Provisioning The system shall provide a mechanism to automatically provision and de-provision accounts and authorizations on integrated systems. IAM-REQ-110 Auto-Assignment of Roles IAM-REQ-100 Role Expiration IAM-REQ-6 Timely, Role Aligned Authorization Enabling IAM-REQ-125 Self Service PW Reset The system shall provide a mechanism for self-service password reset for integrated applications. IAM-REQ-76 Self-Service IAM Password Reset IAM-REQ-157 Self-Service Password Reset Interface IAM-REQ-77 Self-Service Target System Password Reset IAM-REQ-126 Self Service Access and Role Requests The system shall provide a mechanism to facilitate self-service provisioning and role change requests for integrated applications. IAM-REQ-71 Auto-Assign Account IDs IAM-REQ-53 LOA Self-Service Interface IAM-REQ-95 Recommended Roles Interface IAM-REQ-116 Role Bundling IAM-REQ-158 Self-Service Account Creation Interface IAM-REQ-74 Self-Service View of Identity Info IAM-REQ-96 User Role Request IAM-REQ-128 ESSO The system shall implement, and integrate with IAM, an Enterprise Single Sign-On (ESSO) system available across all UC Davis departments with the goal of reducing the number of credentials (user name/password) a user must remember, while maintaining the integrity and accountability of the user credentials. IAM-REQ-162 ESSO Support for EPIC IAM-REQ-129 Federation Services The system will provide federation services for all UC Davis users. IAM-REQ-130 InCommon Silver (LOA)

The system must comply with InCommon Silver requirements for those community members who require it, as it pertains to 1) Registration and Identity Proofing, 2) Credential Issuance, Management and Technology, and 3) Identity Information Management. IAM-REQ-7 Comply with InCommon Level of Assurance IAM-REQ-53 LOA Self-Service Interface IAM-REQ-52 Process LOA Vetting IAM-REQ-50 Support Users/Accounts of Varying LOA IAM-REQ-51 User LOA Vetting IAM-REQ-131 Software Integration Infrastructure The system shall be scalable, reliable, and securely designed, allowing integration with multiple source and target applications requiring minimal configuration and repeatable results. IAM-REQ-39 Contact Info for Target System Owners IAM-REQ-160 EPIC Integration IAM-REQ-162 ESSO Support for EPIC IAM-REQ-161 HSAD Integration IAM-REQ-156 Kuali Rice Integration IAM-REQ-153 Real-Time Availability IAM-REQ-154 Self-Service Availability IAM-REQ-87 Support De-Provisioning of Common Applications IAM-REQ-86 Support Provisioning of Common Applications IAM-REQ-155 System Maintenance Supportability IAM-REQ-152 Target Supportability IAM-REQ-132 Virtual Directory The system will provide a Virtual Directory service available to UC Davis applications. IAM-REQ-133 Hardware Infrastructure The system's infrastructure components must meet business objectives in a scalable, reliable, sustainable manner. IAM-REQ-44 Adequate Storage IAM-REQ-42 Infrastructure for High Availability IAM-REQ-43 Infrastructure for Reasonable Response Time IAM-REQ-153 Real-Time Availability IAM-REQ-154 Self-Service Availability IAM-REQ-155 System Maintenance Supportability IAM-REQ-152 Target Supportability IAM-REQ-134 Approval Workflows The system shall provide workflows for approval of access requests, which includes email based notifications and a web interface for approval of requests. IAM-REQ-98 Accommodate Organizational Hierarchies IAM-REQ-164 Approval Types IAM-REQ-113 Auto-Approval of Roles IAM-REQ-83 Delegate Approval Authority IAM-REQ-84 Delegate Authority to Group IAM-REQ-119 Role Approver Groups IAM-REQ-135 Operational Support

The system shall support the needs of a post-live operational support model that addresses customer support and ongoing IdM maintenance. IAM-REQ-41 Administrative Interfaces IAM-REQ-24 Delegation of Approvals and Role Management The system shall allow role approvers and owners the ability to "delegate" their authority for all or some of their roles to another individual. IAM-REQ-83 Delegate Approval Authority IAM-REQ-84 Delegate Authority to Group

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information