Identity and Access Management Technical Oversight Committee



Similar documents
Identity and Access Management Technical Oversight Committee

Identity and Access Management PI-1 Demo. December 2, 2014 Tuesday 10:00 A.M. 6 Story Street

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Active Directory Integration twitter.com/onelogin ONELOGIN WHITEPAPER

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Identity & Access Management: Strategic Roadmap. April 2013

UW System Identity & Access Management (IAM) Recommended Strategic Roadmap

Building Secure Applications. James Tedrick

NCSU SSO. Case Study

Identity and Access Management IAM Lifecycle Committee. October 1, 2014 Wednesday 11 a.m. 1 p.m. 6 Story Street

Active Directory Integration WHITEPAPER

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Documentation. CloudAnywhere. Page 1

Project Charter for ITPC-0375

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Assertion Markup Language (SAML) Site Manager Setup

Google Identity Services for work

MY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps

Note: There is no downgrade path from GMM v8.3 (SQL version) to v8.0.

Current Environment Assessment Specification. Single Sign On Customer Relation Management Workstation Support

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Three Campus Case Studies: Managing Access with Grouper

The New Grouper: Its New User Interface and More

ABFAB and OpenStack(in the Cloud)

Work Together Tools Social Collaboration with Novell Vibe Cloud

Network Information Center, University of Chinese Academy of Sciences Dr. Zha Daren

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Evaluation of different Open Source Identity management Systems

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Ellucian CRM: platform overview

Cloud Services ADM. Agent Deployment Guide

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Protect Everything: Networks, Applications and Cloud Services

Getting Started with Clearlogin A Guide for Administrators V1.01

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

Enterprise Portal Built by and for Higher Education

VMware Identity Manager Administration

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

[BSU Mobile] [Version Number 1.2] Project Charter. Bridgewater State University Information Technology. BSU Mobile. Project ID:

Single Sign On. SSO & ID Management for Web and Mobile Applications

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

USING FEDERATED AUTHENTICATION WITH M-FILES

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Adding Stronger Authentication to your Portal and Cloud Apps

F-Secure Messaging Security Gateway. Deployment Guide

Multi-Factor Authentication, Assurance, and the Multi-Context Broker

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Introduction to Directory Services

Cloud & DevOps Program Vision and Strategy. Jason Snyder, Steve Martino, and Erica Bradshaw

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers

SWISSVBS LEARNING CLOUD (SLC)

IAM, Enterprise Directories and Shibboleth (oh my!)

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Top. Reasons Legal Firms Select kiteworks by Accellion

TABLE OF CONTENTS. Introduction 3 OTP SMS Two-Factor Authentication 5 Technical Overview 9 Features 10 Benefits 11 About MobiWeb 12 Quality 13

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

LDAP Authentication Configuration Appendix

Authentication Integration

Three Case Studies in Access Management

InCommon Affiliates Webinar May 21, 2014

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

Centrify Identity Service and Mac - Online Training

Implementing Business Intelligence at Indiana University Using Microsoft BI Tools

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Trust but Verify: Best Practices for Monitoring Privileged Users

Open Source Identity Management

Encore Software Solutions (V3) Identity Lifecycle Management and Federated Security Suite (ILM/FSS) Overview and Technical Requirements

qliqdirect Active Directory Guide

DESIGN BUILD TEST TRAIN/DEPLOY MAINTENANCE. This project is part of the Identity and Access Management Roadmap.

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

SAML-Based SSO Solution

Transcription:

Identity and Access Management Technical Oversight Committee June 18, 2015 Thursday 1:00-2:00 p.m. 6 Story Conference Room

Agenda Meeting Purpose and Intended Outcomes Approval of Previous Minutes (5 min) Chair s Report & Executive Committee Summary (10 min) Shared Topics of Interest: HarvardKey Authentication (10 min) Shared Topics of Interest: Grouper (20 min) General Discussion (15 min) 2

Meeting Purpose and Intended Outcomes Purpose Present the latest status of the IAM Program Plan Provide update on refinement of HarvardKey authentication scope Provide update on Grouper implementation Intended Outcomes Describe essential updates to HarvardKey authentication Bring everyone up to date on intended implementation of Grouper 3

Approval of Previous Minutes April 16 Meeting Topics POI Sponsored Affiliations HarvardKey Design User Experience Action Items Committee members to use HarvardKey UX links and provide feedback on design 4

Previous Minutes: Action Items Any feedback on the new HarvardKey design and UX? Welcome/Options Screen: http://tinyurl.com/harvardkey-welcome Login Screen: http://tinyurl.com/harvardkey-login Setup (User Type): http://tinyurl.com/harvardkey-usertype Set Password: http://tinyurl.com/harvardkey-setpassword 5

Chair s Report: Executive Committee Welcome to Tim Vaverchak, our new chair! See the latest dashboard at iam.harvard.edu/executive-dashboard Program Status: Green Key points: Collapsing instances of IAM databases; HarvardKey design; lower-environment cloud migration 6

Shared Topics: HarvardKey Authentication Passphrase implementation will be delayed Passphrase implementation introduced complexity in local system implementations; if improperly implemented, could result in weak password management practices Security review and possible future inclusion Multifactor authentication Selected Duo Security for web authentication enhancements PIN applications move to HarvardKey Outreach to application owners: The vast majority of applications will not need any alterations, and we have already contacted systems that need work HarvardKey test platform available this summer 7

Shared Topics: Grouper Access Management: Current State Some web applications use AuthZProxy, a centrally managed access management service that works in conjunction with the PIN2 authentication protocol Some web applications take care of access management by getting attributes about authenticated users from HU-LDAP or other sources Currently, we do not have a comprehensive access management strategy that works for all/most web applications and other systems 8

Shared Topics: Grouper Access Management: Challenges Harvard has a highly distributed management environment, making it extremely difficult to manage access control by a single central team Harvard has a heterogeneous technology environment, so a common service like access management must support multiple integration schemes in order to be useful Unlike the corporate world, access management does not follow any organizational rules ad-hoc teams are quite common (such as a research team where members do not follow any statically defined rules to be part of the team), and an access management framework must be flexible enough to support this 9

Shared Topics: Grouper Access Management System: Internet2 s Grouper An enterprise-scale access management system that manages groups and group memberships Built by the higher education community for higher-ed institutions Best suited for a highly distributed management environment and heterogeneous technology environment Supports delegated administration of groups departments or teams can manage access control for their applications/resources, eliminating the need for central IT team to be involved in everyday group and group membership management Many successful deployments in higher-education institutions around the globe 10

Shared Topics: Grouper Grouper s core concept: Diagrams courtesy Internet2 s Grouper team 11

Shared Topics: Grouper How delegation works: Diagrams courtesy Internet2 s Grouper team 12

Shared Topics: Grouper Grouper integration: 13

Shared Topics: Grouper Grouper Integration Highlights The identity registry is Grouper s identity source; group membership will be created by applying business rules in identity attributes A IIQ connector will be configured for Grouper to get the groups IIQ will use the groups for provisioning, as well as provision the groups to Harvard LDAP Other systems or applications can access groups in different ways: As part of a SAML or CAS authentication assertion As a multivalued attribute in LDAP (memberof or edupersonentitlement) As a service (using REST API) 14

Thank you!

Appendix A Technical Oversight Committee Members

Technical Oversight Committee Members Chair: Tim Vaverchak, Director of IAM Engineering Name School/Group Indir Avdagic SEAS Carolyn Brzezinski SIS Steve Duncan Harvard Kennedy School David Faux HUIT Admin Tech/FAS & College Dan Fitzpatrick Partners Eileen Flood Campus Services Tim Gleason HUIT IAM/AD Sherif Hashem Harvard Law School Ken Ho GSE Yadhav Jayaraman Harvard Business School Name School/Group Tyson Kamikawa Harvard Medical School Colin Murtaugh HUIT Academic/TLT Micah Nelson HUIT Security Rich Ohlsten HUIT Admin Tech/Alumni Brian Pedranti HSPH Jonah Pollard Unified Communication/Cloud Sara Sclaroff HUIT Admin Tech/HR Randy Stern Library IT 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information