UW System Identity & Access Management (IAM) Recommended Strategic Roadmap



Similar documents
Identity and Access Management Memorial s Strategic Roadmap

Customer Cloud Architecture for Mobile.

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Guideline on Implementing Cloud Identity and Access Management

HOL9449 Access Management: Secure web, mobile and cloud access

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Identity and Access Management (IAM) Roadmap DRAFT v2. North Carolina State University

Azure Active Directory

SAML SSO Configuration

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Identity and Access Management Technical Oversight Committee

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Interoperate in Cloud with Federation

Identity and Access Management PI-1 Demo. December 2, 2014 Tuesday 10:00 A.M. 6 Story Street

Three Case Studies in Access Management

Identity and Access Management for the Hybrid Enterprise

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Cloud Computing. Mike Bourgeois Platform as a Service Point of View September 17, 2015

The Case For InCommon Not Just for the Big Guys

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Three Campus Case Studies: Managing Access with Grouper

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers

Identity & Access Management: Strategic Roadmap. April 2013

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

OPENIAM ACCESS MANAGER. Web Access Management made Easy

SINGLE & SAME SIGN-ON ASPECTS

Interoperability & Portability for Cloud Computing: A Guide.

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Microsoft Azure Multi-Factor authentication. (Concept Overview Part 1)

Identity & Access Management in the Cloud: Fewer passwords, more productivity

CAS s IDP system and resources in Education Cloud

EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS

Axway API Portal. Putting APIs first for your developer ecosystem

Addressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA

HOW MICROSOFT AZURE AD USERS CAN EMPLOY SSO

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

NCSU SSO. Case Study

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

Glinda Cummings World Wide Tivoli Security Product Manager

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Egnyte Single Sign-On (SSO) Installation for OneLogin

Project Charter. Identity & Access Management Strategy. Executive Summary. Business Need and Background. Document Version 1.

1 Introduction Product Description Strengths and Challenges Copyright... 5

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Planning your Microsoft Application Strategy in a Cloud Crazy World. Steve Soper Senior Managing Partner

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Single Sign On. SSO & ID Management for Web and Mobile Applications

Enterprise Identity Management Reference Architecture

CAMPUS EXPERIENCES USING NET+ TRUST, IDENTITY, AND SECURITY SERVICES

Andrej Zdravkovic Regional Vice President, Platform Solutions Intellinet

Microsoft Enterprise Mobility Suite

Project Charter IDENTITY AND ACCESS MANAGEMENT. Project Information. Project Overview. Project Purpose and Benefits to Campus. Project Scope Statement

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

JumpCloud is your Directory-as-a-Service. A fully managed directory to rule your infrastructure whether on-premise or in the cloud.

The Top 5 Federated Single Sign-On Scenarios

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Federated Identity Management

SAP HANA Cloud Portal Overview and Scenarios

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

Why Cloud Platforms are the Secret Weapon to Make Your Business More Agile and Competitive

Security Best Practices for Microsoft Azure Applications

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

Identity Management Managed Service Monitor Element

Request for Proposals. Statewide Two Factor Authentication Solution. Addendum #2 October 5, Questions and Responses

Azure Active Directory Solutions for Identity and Access Management. February 2015

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Extend and Enhance AD FS

Transcription:

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap Fall 2015 ITMC (Rev 1/11)

Our challenge CIOs charged IAM-TAG with recommending an IAM strategy that would: Establish an identity that s honored by all UW System institutions Ensure that campuses could brand that identity Ensure that campuses could define their own populations and access control requirements Integrate with cloud providers and other external entities Leverage infrastructure, staff resources and expertise wherever possible

Today s Infrastructure Campus SIS Campus Supplemental Data Campus-Hosted IdP Authentication Employee Data Student Data Campus IdM System / Process Person Registry Campus Directory Attributes Attributes Campus Identity Provider Discovery Service Hosted Identity Provider Reverse Proxy Attribute Authority External Service Providers HRS Student Data Campus IdM System / Process Campus Directory Campus SIS Campus Supplemental Data Campus Identity Provider System-Hosted IdP

Our Methodology Environment Scans Campus Surveys Design Sessions Membership expansion Campus consultations

Additional Improvements Needed Strong authentication Sensitive data policies Audit and deprovision Loosely affiliated populations Improve identity data quality Directory interop (AD and others) Integration governance

External Benchmarks US Higher Education University of California System UCTrust Federation University of Texas System UTFed University of Nebraska System NU Federation Project Penn State - Central Person Registry Indiana University Common ID University of North Carolina Onyen (Common ID) University of Minnesota Common ID MNSCU StarID Internet2 - TIER Sustainable Federation IAM Infrastructure for HE

External Benchmarks Identity Federations Internationally

External Benchmarks Industry Trends Greater support for federated / external authentication from key vendors Azure AD Authentication Library (ADAL) Greater adoption of open standards (SAML2, OAuth) Other standards eroding in favor of cloud lock-in (XMPP federation, CalDav, etc) Tremendous variability in vendor ability to integrate with external authentication / authorization Organizations need a rich toolkit to provide integration to meet varied application needs and capabilities

Summary Findings Federation can achieve some of what s asked, but there are limitations Federation will always be part of our strategy Common UW System Credential is the most straightforward way to meet most of CIOs request Value of a common credential is greatly diminished at < 100% adoption There are things we can do now to improve interoperability Metcalfe s Law:

Risk / Benefit Matrix Alternative Benefits Risks / Complications Identity Federation between campuses Much infrastructure exists today Required for federation with external partners Preserves independent campus infrastructure / direction Service Provider Complexity Application compatibility Some 3 rd party integration scenarios not possible

Risk / Benefit Matrix Alternative Benefits Risks / Complications Common UW System Credential Increased application compatibility (system-wide apps) Less service provider complexity Pushes common infrastructure direction Pushes common business process definition Increased mobility between campuses Increased collaboration opportunities between campuses Major infrastructure change Major business process change not just for IT Tight coupling between campuses Implies closer coordination for other systems Implies standardization or centralization of other business processes (SIS) Possible restrictions with individual campus software implementations InCommon certification complications

Graphic Roadmap YEAR 1 YEAR 2 YEAR 3 YEAR 4 UW System Internet2 TIER Component Integration Two Factor Auth MFA for Pilot Campuses Directory Interop (AD and others) Campus Management UI Research Connector Self-service credentialing Person Registry TIER Provisioning MFA for All Campuses Extend IdP Hosting to Support Local Apps Metadata Governance Enhance Person Data Delivery Services to Applications Standard Attribute Release Policy Establish Identity Integration Center Of Excellence (CoE) Promote CommIT / External ID Master Data Management (MDM) Pilot Decision Point Common UW System Credential? Pilot external / self-servicecreds Provisioning Service Pilot Master Data Management (MDM) Deployment External / Self-Managed ID Provisioning Service Deploy

Current Status Definition / early stages of Y1 Y2 Strategic Projects Multi-Factor for Pilot Campuses Directory Interoperability Exploration of IdP Hosting Options Enhancing Person Data Delivery (PICH and others) Integration Standards / Guidelines for Applications Metatdata / App Onboarding Technical Governance / Operations Foundational work with I2 TIER Initiative Integration architecture through CIFER / TIER API

Questions? For additional information: Tom Jordan, IAM-TAG Chair tom.jordan@wisc.edu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information