1. Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World

2. Introductions Lehigh University Sara Rodgers – Team Lead Identity & Access Management Tricia Wilson – Banner Senior Analyst APTEC, LLC Aaron Perry - President

3. General Announcements: Please remember to silence all cell phones/pagers Please hold all questions to the end of the presentation. Thank you for your cooperation

4. Agenda Overview of Campus Identity and Access Management (IAM) Identity in Higher Education Banner Identity Management Reference Architecture Lehigh University Case Study Use Case: Banner Faculty Provisioning / On-Board Process High Level Oracle Identity Management Architecture Project & Technical Considerations Implementing Identity Management in a Banner Environment 4

5. Campus Identity & Access Management (IAM) Hosted By The University of Mary Washington5 NOS/DirectoriesOS (Unix) Systems & RepositoriesApplications ERPCRMHRMainframe Auditing and Reporting Workflow and orchestration StudentsFaculty & Staff SOA Applications Affiliates External Delegated Admin SOA Applications Alumni/ Customers Internal Identity Management Service Access Management Authentication & SSO Authorization & RBAC Identity Federation Directory Services LDAP Directory Meta-Directory Virtual Directory Identity Provisioning Who, What, When, Where, Why Rules & access policies Integration framework Identity Administration Delegated Administration Self-Registration & Self-Service User & Group Management Monitoring and Management StudentFac/Staff

6. IAM Solutions Address Top Issues faced by Higher Education Institutions IAM can improve security, reduce costs, and protect privacy Security breaches / business disruptions Operating costs / budgets Data protection / privacy Large and growing number of Institutions have experienced IT Security Breaches in last 12 months. Unauthorized access to sensitive institutional data Research database hacked Breaches of Student & Facility SSNs 6

7. What we typically see at Higher Education Institutions Manual Processing Workflow Provisioning Home Grown Solutions Good at provisioning Inefficient or non-existent de-provisioning and transfers Inability to scale to meet growing demands Inconsistent/ineffective auditing and reporting Lack of Security Policies and Enforcement In many cases, still reliant on Open Source solutions OpenLDAP, CAS, Pubcookie 7

8. Identity Requirements in Higher Education Are Complex Many roles with different access requirements Users often have multiple roles Frequently changing roles for most constituents Multi-campus environment Legacy of multiple, fragmented identity stores Integration with Higher Education specific applications; SunGard Banner, BlackBoard, R25, Library and Parking Systems. 8

9. 9 Banner Identity Management Reference Architecture

10. Case Study: Lehigh University Current Environment Homegrown system Developed and supported by staff w/20+ years Adapted & patched over many years New constituent groups Networking and server changes Compliance requirements New applications and systems

11. Case Study: Lehigh University Project Background Enterprise Level Solution Identified Implementation Team Formed Phase I: Discovery, Documentation, Design Phase II: Development, Testing, Deployment Business Drivers Compliance ( auditors, FERPA, GBL, HIPAA) Complexity (new roles, more granularity)

12. Case Study: Lehigh University

13. Technical Drivers Sustainability – standardized, documented solution Scalability Easier to extend the solution to other key applications and infrastructure Incrementally add functionality such as workflow, approval processes, and attestation Federation Security - foundation for enterprise application security framework Additional and more secure authentication methods Rich auditing and reporting capability OID

14. Project Consideration Implementing IdM with Banner Formation of IdM Steering Committee Focus on business process and policy Dedicated resources from the University Project Manager Technical Resources 14

15. 15 Use Case: Auto On-Board Faculty

16. Architecture: Lehigh IdM 16

17. Technical Considerations Implementing IdM with Banner Customs Views vs. Sungard Banner IDM Offering Real-time vs. batch oriented reconciliation. Requires Oracle Access Manager which Lehigh is not prepared to implement at this time. Requires Banner 8, which some of our applications are not certified for at this time (EM). Sungard IDM offerings could be a future upgrade. Substantial number of constituents that need to be defined and maintained inside of Banner. This is done using GORRSQL and GORIROL and is the main driver of IDM.

18. Questions & Answers 18