HR Deans & Directors Meeting: IAM Update. July 14, 2015 Tuesday 2:00-2:30 p.m. Mass Hall, Perkins Room



Similar documents
Identity & Access Management Lifecycle Committee. April 13, 2015 Monday Smith Center 561

Identity and Access Management PI-3 Demo. June 2, 2015 Tuesday 10:00-11:00 a.m. Lamont Forum Room

Identity and Access Management PI-1 Demo. December 2, 2014 Tuesday 10:00 A.M. 6 Story Street

Collaborating with External Users

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Multi-Factor Authentication Core User Policy and Procedures

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Using YSU Password Self-Service

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Self-Service Portal Registering, downloading & activating a soft token

Identity and Access Management Point of View

Financial Compliance for Research ecrt Principal Investigator Training

The Redesigned SAT. SAT Score Reporting Portal and Managing Access

[Identity and Access Management Self-Service Portal]

Identity and Access Management Technical Oversight Committee

Identity Assurance Framework

Important information regarding our online banking upgrade! Giving You More.

2-FACTOR AUTHENTICATION WITH

3. Delegate access to your book of business through Client portfolio

Identity and Access Management for the Hybrid Enterprise

Setting up Office 365 for Multi-Factor Authentication

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

User Accounts and Password Standard and Procedure

Self Service Portal and 2FA User Guide

Business Online Banking Quick Users Guide

AVG Business Secure Sign On Active Directory Quick Start Guide

Alberta Health Services Identity & Access Management (IAM) Alberta Netcare Access Request Process User Reference Guide

STRONGER AUTHENTICATION for CA SiteMinder

Advanced Configuration Steps

Provider OnLine. Log-In Guide

NCSU SSO. Case Study

Ariba Supplier Mobile App Quick Start Guide

Swisscom Mobile Device Services Quick Start Guide: Set-up Remote Management basic. Mobile Device Services Februar 2014

Identity & Access Management in the Cloud: Fewer passwords, more productivity

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

TaskitPro. Task and Job Management. User Manual Version 1

Enterprise Directory Services Phase 2 Governance Board Recommendations

Active Directory User Management System (ADUMS)

Axway API Portal. Putting APIs first for your developer ecosystem

Multi-Factor Authentication Job Aide

National Healthcare Safety Network & Secure Access Management Services (SAMS)

Network Information Center, University of Chinese Academy of Sciences Dr. Zha Daren

Identity and Access Management Technical Oversight Committee

Multi-Factor Authentication FAQs

AWS Account Management Guidance

Proposal Document TitleDocument Version 1.0 TitleDocument

Getting Started with Single Sign-On

Electronic approvals for forms

RSA Identity Management & Governance (Aveksa)

Single Sign On: Volunteer Connection Support Tree for Administrators Release 2.0

Kroger Supplier Information Management System (SIM) Training Documentation

Okta/Dropbox Active Directory Integration Guide

1 Maximizing Value. 2 Economics of self-service. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Fall 2015 An Empower Federal Credit Union Publication. New online Banking. Important Information Inside: The new way to login pg3

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Client Portal Training

Identity Access Management IAM 101. Mike Conlon Director of Data Infrastructure

Active Directory Self-Service Bundle

Presentation to House Committee on Technology: HHS System Identity & Access Management

Made for MSPs by an MSP

How to set up your NMC Online account. How to set up your NMC Online account

STATE OF NEW HAMPSHIRE. Department of Safety Division of Fire Standards & Training & Emergency Medical Services RFI

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

IAMUCLA 2.0 SSO Updates

Business Banking Customer Login Experience for Enhanced Login Security

Quick Start Guide. TELUS Business Connect

Building Secure Multi-Factor Authentication

Employee Active Directory Self-Service Quick Setup Guide

1 Hitachi ID Password Manager

Instruction Guide. People First Dependent Certification Process

The Unique Alternative to the Big Four. Identity and Access Management

Identity and Access Management Memorial s Strategic Roadmap

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Two Factor Authentication and PKI Token (for Windows)

Payroll + Benefits + Compliance. Manage all your HR online, in one place.

Software Token Security & Provisioning: Innovation Galore!

Mobile Iron User Guide

Multi-Factor Authentication Reference Guide

University of Southern California ivip Guest/Affiliate System

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Single Identity and Access Management

POL Information Systems Access Policy. History: First issued: November 5, Revised: April 5, Last revised: June 18, 2014

One-Time Password Contingency Access Process

Salesforce Installation and Customization Guide for Professional Edition Users

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

Business Process Automation, Document Management, & Customer Relationship Management (CRM) System RFP # APPENDIX 1 USE CASES

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

Step 1. Step 2. Open your browser and go to and you will be presented a logon screen show below.

IMATS - SAMS User Registration Webinar

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

FREQUENTLY ASKED QUESTIONS ONLINE BANKING

Managing users. Account sources. Chapter 1

Jim Bray, Cyber Security Adviser InfoSight, Inc.

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Thank You! Contents. Promoting SmartDollar Implementing SmartDollar SmartDollar Resource Center Internal Communications...

What is Piilo software?

GRS Advantage Website User Reference Guide

QUICK INSTALLATION GUIDE ACTIVATE

Guide. for HR Users. Posted May 1, 2012

ENTERPRISE MOBILITY ENABLE YOUR NETWORKS TO SUPPORT ENTERPRISE MOBILITY

Transcription:

HR Deans & Directors Meeting: IAM Update July 14, 2015 Tuesday 2:00-2:30 p.m. Mass Hall, Perkins Room

Agenda HarvardKey The Benefits Rollout Timeline A Sneak Peek POI Sponsored Affiliations Enhanced Functions Onboarding Example Multifactor Authentication How Does MFA Work? The Components Integration Strategies 2

HarvardKey: The Benefits HarvardKey is a unifying credential that can enable access to email, desktop, and Web resources with a single login name and password. Successor to Harvard s current PIN System New, mobile-responsive user experience for the login screen and account management suite (looks great on tablets, too!) Authentication and authorization are much more nimble Supports optional multifactor authentication Easier onboarding and off-boarding Supports the HUIT goal of One Identity for Life for any person regardless of role including seamless support for changes between roles, schools, etc. 3

Rollout Timeline You ll see changes to the old PIN login screen beginning in September, with waves of user populations invited to activate a HarvardKey soon after. SEPT: Alumni OCT: FAS Central September 22: New HarvardKey self-service account management functions available to all Alumni users October 6: HarvardKey available to FAS and Central users in conjunction with Harvard s IT Security Campaign Within 18 months, every Harvard Community user will be invited to onboard 4

Rollout Timeline As we rebrand, all screens that currently contain PIN branding will be converted to HarvardKey. Alumni (Post.Harvard) credential goes away (this includes all active students) In October, for FAS and CADM+: New Harvard users will claim a HarvardKey during onboarding All password reset requests will go through HarvardKey Existing users may claim a HarvardKey if they wish Harvard Phone users will require HarvardKey One-year cycle for CADM+, since those users will need to reset password on anniversary Rollout will be coordinated with Security Campaign to reinforce strongpassword requirement (including reminder that strong passwords don t need to be periodically reset) and ensure that users will recognize the claim your HarvardKey email No changes to applications anticipated 5

A Sneak Peek 6

Sponsored Affiliations = Sponsored POI Roles Sponsored affiliations allow Harvard faculty and staff to give individuals outside of their School or organization or outside of Harvard itself temporary access to resources. Sponsored affiliations are implemented via POI roles that require a Harvard sponsor ( sponsored POI roles ) Sponsors may be held accountable for how resources are used Sponsors may delegate administration of the sponsorship to a Sponsor Admin Sponsored POI roles must be renewed on a periodic basis If the person being sponsored doesn t already exist in the identity registry, the system will create an identity record for them this requires a minimum of first name, last name, and date of birth 7

Onboarding Workflow 8

POI Role Types Current Sponsored Affiliations Consultant Contractor Vendor Security Family Member Tenant Smithsonian Employee Harvard Management Co. Employee Other Proposed Additional Sponsored Affiliations Incoming Employee/Transfer Collaborator Inter-school Affiliated Short-Term Visitor or Guest Volunteer Hospital Employee Field Education Supervisor Academic Advisor Non-sponsored Affiliations Overseer Retiree Spouse of Deceased Retiree Retired Hospital Affiliate Spouse of Deceased Hospital Affiliate 9

Multifactor Authentication Multifactor authentication (MFA) is an authentication method that requires the user s identity to be verified by more than one of these independent factors: Something you know (such as a password) Something you have (such as a physical security token or a response to a smartphone app push notification ) Something you are (such as a fingerprint) For multifactor authentication, we will use the user s smartphone as the second factor in addition to standard login name/password authentication. (Users without smartphones will have other phone-based options.) 1. User enables MFA in the HarvardKey self-service admin portal 2. User downloads the app to his/her smartphone 3. After logging in to a requested service, user must acknowledge the push notification on his/her phone and is then granted access as normal 10

Multifactor Authentication Integration Strategies An application requires the use of MFA for all users: Application registration with HarvardKey will be extended to support this option User prefers to use MFA on all his/her access points: Users can use HarvardKey s self-service functionality to set this preference for themselves Application requires MFA for some users (e.g. admin users): Grouper, IAM s group management tool, will be used to support this requirement (rollout anticipated in 2015) 11

Questions?

Thank you!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information