Operating Level Agreement for NYU Login Service



Similar documents
TRIPwire HSIN Federation:

OpenSSO: Cross Domain Single Sign On

i-mobile Multi-Factor Authentication

SAML-Based SSO Solution

This section includes troubleshooting topics about single sign-on (SSO) issues.

Authentication Methods

Copyright: WhosOnLocation Limited

Getting Started with AD/LDAP SSO

IDAM Most frequently encountered messages / known issues document

Single Sign-On for the UQ Web

Integrating EJBCA and OpenSSO

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Safewhere*Identify 3.4. Release Notes

From centralized to single sign on

[name of project] Service Level Agreement

Copyright

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Perceptive Experience Single Sign-On Solutions

Evaluation of different Open Source Identity management Systems

Logout Support on SP and Application

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

SAML Security Option White Paper

Deploying RSA ClearTrust with the FirePass controller

CA Performance Center

CA Nimsoft Service Desk

Adding Stronger Authentication to your Portal and Cloud Apps

Service Level Agreement for Database Hosting Services

Statement of Service Enterprise Services - MANAGE Microsoft IIS

Security Assertion Markup Language (SAML) Site Manager Setup

How To Use Adobe Software For A Business

MY HELPDESK - END-USER CONSOLE...

Configuring. SuccessFactors. Chapter 67

Configuring SuccessFactors

So we can deal with any issues you may face quickly and effectively, it is really important that you log them on your own helpdesk.

RSA SecurID Tokens Service Level Agreement (SLA)

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

HP Software as a Service. Federated SSO Guide

This Service Level Agreement applies to the Services as defined in the Service Supply Agreement.

Single Sign On. SSO & ID Management for Web and Mobile Applications

Using SAML for Single Sign-On in the SOA Software Platform

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Agenda. How to configure

SAML Authentication Quick Start Guide

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

IST Drupal Cloud Hosting SLA

Portal Instructions for Mac

Q&A Session for Understanding Atrium SSO Date: Thursday, February 14, 2013, 8:00am Pacific

HDAccess Administrators User Manual. Help Desk Authority 9.0

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

SAP NetWeaver AS Java

Bloom Enhanced Performance Monitoring Service Level Agreement

How To Write A Service Level Agreement For The National Patient Information Reporting System

Absorb Single Sign-On (SSO) V3.0

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Configuring. SugarCRM. Chapter 121

WatchGuard SSL 2.0 New Features

SCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Manage An Ipa Print Service At A College Of Korea

How To Use Saml 2.0 Single Sign On With Qualysguard

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Table of Contents INTRODUCTION... 2 HOME PAGE Announcements... 7 Personalize & Change Password... 8 Reminders... 9 SERVICE CATALOG...

APPENDIX 8 TO SCHEDULE 3.3

i. Maintenance of the operating system, applications, content on the server, or fault tolerant network connections

WebNow Single Sign-On Solutions

Authentication and Single Sign On

Managed Support Policy

Desktop Web Access Single Sign-On Configuration Guide

Working with Indicee Elements

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Statement of Service Enterprise Services - AID Microsoft IIS

All other issues are to be submitted via a request ticket utilizing the Web Helpdesk found at

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

Connected Data. Connected Data requirements for SSO

SAML-Based SSO Solution

ESXi Cluster Services - SLA

PowerLink for Blackboard Vista and Campus Edition Install Guide

Yale Secure File Transfer User Guide

An SAML Based SSO Architecture for Secure Data Exchange between User and OSS

IT Services. Service Level Agreement

Securing Web Services With SAML

A RESOURCE GUIDE FOR NEW FINANCIAL SYSTEM PROFESSIONALS

Help Desk Self Service Quick Start Guide

Vidder PrecisionAccess

Logout in Single Sign-on Systems

Operating Level Agreement (OLA) Template

Enterprise UNIX Services - Systems Support - Extended

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Google Apps Deployment Guide

CA Spectrum and CA Embedded Entitlements Manager

2 Downloading Access Manager 3.1 SP4 IR1

1. Schedule 1 Maintenance and Support Agreement

Control Module, Inc. Software Support Plans

Information Services. Standing Service Level Agreement (SLA) Firewall and VPN Services

Transcription:

Operating Level Agreement for NYU Login Service This Operating Level Agreement (OLA) documents the agreement regarding support of Single Sign-On (SSO) services for a Partner Service, which has been integrated with the NYU Login Service managed by the Identity and Database Services group within NYU Information Technology Services. The main objective of this OLA is to specify party responsibilities and contact information. This will help ensure robust and reliable functionality for the Partner Service as well as all other applications integrated into the overall NYU SSO environment. Staff members responsible for the operation of the NYU Login Service and for the Partner Service are referred to herein, respectively, as the NYU Login Service Team and the Partner Service Team. This OLA provides detail regarding: 1. Supported Services. 1 2. Support and Assistance... 2 3. Service Availability, Maintenance, and Measurement... 3 4. Staff Member Responsibilities... 3 5. OLA Terms and Conditions... 4 Addendum Single Sign-On (OLA) Agreement..... 5 - Contact Information.... 5 - Approval...... 5 Version History..... 6 1. Supported Services a. Description of the NYU Login Service The NYU Login Service, introduced in the fall of 2008, provides web Single Sign-On capabilities for a variety of applications (for example NYUHome, Albert, and Blackboard) with more integrated on a regular basis. Upon initial NetID/password login to one of these applications, other services can be accessed immediately without another login. b. Basic Service Operation When logging in for the first time to any of the applications integrated with the NYU Login Service, the end-user browser is redirected to https://login.nyu.edu, where the enduser is prompted for his/her NetID and password. The validity of the entered password is checked against the NYU Enterprise LDAP Directory and, if found to be valid, the end-user's browser is redirected back to the destination web site. Browser cookies are set by the NYU Login Service, and the NetID of the authenticated end-user is conveyed back to the destination application. Operating Level Agreement for NYU Login Service 1

Subsequent connections to this, or other, integrated applications rely on the browser cookies that have been set and/or session information (maintained at the client application or at the central Login server) in order to enable or deny continued access by the enduser. The NYU Login Service also supports a partial single sign-out capability that many partner services can take advantage of. To support this functionality, the Sign Out function of each integrated application should redirect the end-user's browser to the logout URL https://login.nyu.edu/sso/ui/logout. Note that applications integrated using Federation approaches (e.g. SAML, Shibboleth) will not receive a notification of log-out from OpenSSO, and will consider the user logged-in (even if they have invoked a signout link in another integrated application). c. Services Not Included The NYU Login Service performs only authentication, the process of affirming the identity of a user. This is distinct from authorization, the decision making process of allowing a user to perform actions within an application. To facilitate authorization decisions by the application, the Login Service will present the application with the minimal set of available user data that are required by the application to make authorization decisions. However, the Login Service will not act as a decision making point for user authorization. In order to facilitate integration, modifications to the central Login Service interfaces are not permitted. The Partner Service must conform to one of the existing interfaces offered by the Login Service, using either standardized Federation or a proprietary software module. 2. Support and Assistance a. Incident and Problem Resolution An incident or issue that affects the central infrastructure of the NYU Login Service, causing an outage across many partner services, would be considered an emergency. To report an apparent emergency, contact the IT Service desk as documented at http://www.nyu.edu/its/askits/helpdesk/. An incident considered an emergency will be investigated as a priority and resolved as soon as possible and will be responded to by the NYU Login Service Team within 24 hours of notification by the IT Service Desk. Incidents or issues with the NYU Login Service that do not constitute an emergency should be reported via email to sso.request@nyu.edu. Non-emergency incidents or issues will be responded to within 72 hours, not including NYU-NY holidays and weekends. b. Other Communications Information about system maintenance, planned outages, and known issues will be communicated via the ITS Status Page at http://www.nyu.edu/its/status/. Operating Level Agreement for NYU Login Service 2

Communications directed specifically to end-users of the Partner Service are the responsibility of the Partner Service Team. Communications to the broad NYU end-user community will be initiated by the NYU Login Service Team if a significant issue applies to the system infrastructure and affects service to all partner services. Subsequent to reporting an issue direct communications between the NYU Login Service and the Partner Service may be required and may be initiated by the technical contacts of either team. 3. Service Availability, Maintenance, and Monitoring a. Availability The NYU Login Service is available 24 hours per day, 365 days per year. Exceptions are listed in the Maintenance section below. b. Maintenance Regularly scheduled maintenance may, on an exceptional basis, render systems covered by this OLA to be unavailable. Advance notice and updates will be communicated via the ITS Status Page at http://www.nyu.edu/its/status/. Location(s): Timeframe(s): all locations First Friday of the Month, 8:00pm - 8:00am EST. All other Fridays, 10:00pm - Midnight EST. c. Monitoring The NYU Login Service is automatically monitored 24 hours per day, 365 days per year. The monitoring system will automatically notify the NYU Login Service Team in the event of potential service issues. 4. Staff Member Responsibilities a. NYU Login Service Team The NYU Login Service Team agrees to provide the service and support listed in this OLA. Additional responsibilities include the following: Central infrastructure management, modifications and/or updates, including availability of development and test instances of the NYU Login Service infrastructure. Consulting with the Partner Service Team to provide technical guidance in support of the Partner Service developer. All modifications and configurations outside of the Login Service server are the responsibility of the Partner Service Team. b. Partner Service Team The Partner Service Team agrees to abide by the service and support requirements listed in this OLA. Additional responsibilities include the following: Collaboration with the NYU Login Service Team in development/technical work in support of the Partner Service. Operating Level Agreement for NYU Login Service 3

A minimum of six weeks advanced notification to the NYU Login Service Team of planned upgrades or modifications to the Partner Service that may affect the single signon functionality and which may require testing and/or development work. Partner Service application modifications that support the single sign-on functionality, as well as testing to ensure proper functionality after Partner Service maintenance, updates, or upgrades. Communication with Partner Service end-users and documentation for them of login/logout functionality with respect to the Partner Service. When requested by the Login Service team to make changes necessary to sustain the availability and security of the Login Service, the Partner Service must implement such changes within six months of official notification. This may include updating SSL certificates, updating SSO Agent software, or changing configuration parameters that affect the performance of the Login Service. This work and its funding are the responsibility of the Partner Service and are necessary to facilitate the continued reliability and security of the shared Login Service environment. The Partner Service must pay particular attention to the eventual expiration of any signing certificate used as part of the SSO integration: (1) tracking upcoming certificate expiration dates, (2) maintaining a test environment where a new certificate can be tested, (3) performing such testing 3-6 weeks in advance of an upcoming expiration, and (4) making a new certificate operational in production 2-3 weeks in advance of expiration. 5. OLA Terms and Conditions a. Agreement period This Agreement is valid from the effective date on the attached addendum and remains in effect throughout the life span of the services and/or applications supported. b. Agreement review process A representative of any of the parties may request a review of the OLA at any time. The Agreement should be reviewed at least annually. In the absence of the completion of a review, the current Agreement will remain in effect. The NYU Login Service administrative contact will incorporate revisions into the Agreement if all parties mutually agree to the proposed changes. Operating Level Agreement for NYU Login Service 4

Addendum - Single Sign-On (OLA) Agreement Application: Effective Date: This is the addendum agreement between the following parties: Contact Information NYU Login Service Technical Contacts Tracy Edappara Department: ITS/.edu Services E-mail: tracy.edappara@nyu.edu Phone: +1 212 992 7796 Partner Service Technical Contact Department: E-mail: Phone: NYU Login Service Administrative Contact David Basson Department: ITS/.edu Services E-mail: david.basson@nyu.edu Phone: +1 212 998 3509 Partner Service Administrative Contact Department: E-mail: Phone: Service Director: Gary Chapman Email: gary.chapman@nyu.edu Phone: 212-998-3054 Mobile: Client Contact: Title: Email: Phone: Mobile: Approvals The signatures below indicate approval of the contents of this SLA. Service Director Client Signature Date Signature Date Gary Chapman Title: Sr. IT Architect & Program Director Title: Contact gary.chapman@nyu.edu with any questions. Operating Level Agreement for NYU Login Service 5

Version history Version Date Revision Description By 1.0 November 29, 2011 1.1 July 22, 2012 Small typographical fixes; contact information update Gary Chapman Operating Level Agreement for NYU Login Service 6

Operating Level Agreement for NYU Login Service 7