Presentation is loading. Please wait.

Presentation is loading. Please wait.

GatorLink Password Management Policy March 31, 2004.

Published byBridget Atkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "GatorLink Password Management Policy March 31, 2004."— Presentation transcript:

1 GatorLink Password Management Policy March 31, 2004

2 What is GatorLink? Under development since 1996 Conceived as a single sign on solution – the electronic equivalent of the Gator 1 card “GatorLink” is an adjective – used to describe a collection of services: –Email –Web hosting –Dial-up –Authentication services for web servers –Kerberos authentication services –Username and password

3 PeopleSoft PeopleSoft will be the system of record for information about people (directory information). Directory services will be implemented in PeopleSoft Campus Community by 2006 PeopleSoft will be the system of record for identity management PeopleSoft will be the system of record for authorization information

4 PeopleSoft and GatorLink GatorLink usernames and passwords adopted as the university standard for enterprise authentication GatorLink used to authenticate access to the portal, and all portal-based services GatorLink used to authenticate access to Cognos and Enterprise Reporting GatorLink used to authenticate access to ISIS and Admin Menu Single sign-on via GLAuth – cookie-based system developed at UF

5 Password Policy Needs One size does not fit all. The same password policy used for undergraduate students would not be appropriate for central payroll. Simultaneously heard that GatorLink password policy was too “strict” and “not strict enough” 75% of all Help Desk calls involve GatorLink passwords General need to improve security Need to recognize diversity of use of GatorLink user base (>100,000)

6 The Idea Have multiple GatorLink password policies Tie GatorLink password policy to the authorizations of a user. –If a user is authorized to do work requiring high levels of security, have a highly secure password policy. –If a user is not authorized to do such work, do not require a highly secure password policy In all cases, insure strong passwords and best practices for password management

7 The Process Define a password policy as a collection of attribute/value pairs (eg, Expiration in days = 90) Create a sufficient number of password policies, each with the same attributes to span the needs from casual to highly secure ITAC-DI&ADM and ITAC-ISM recommend attributes and values Refine, review, present, discuss, refine, review, present, finalize

8 The Policy The University of Florida (UF) is committed to a secure information technology environment in support of its missions. With the implementation of new integrated, real-time computer systems and single sign-on accessibility via the myUFL portal, the need for a strong password policy is greater than ever. The GatorLink username and password is the University standard username and password for authentication for all new information systems. The University uses a role-based approach for providing access to these systems. Each person affiliated with UF has one or more security roles. Each security role has an associated password policy. If an individual has several roles, with conflicting password policies, the “strongest” policy applies. This policy is guided by the following principles: Five levels of password policy are necessary, each with a different set of requirements for password creation and reset. (See Attachment A). The assignment of a password policy is based on an individual’s security role(s) and is not an automatic result of an affiliation or staff position. Passwords must include three of the following four elements—upper case letters, lower case letters, digits and punctuation. Passwords may not contain words found in a dictionary. Passwords will expire during UF Help Desk business hours. GatorLink passwords and security roles—and the resulting association of password policy to a user—are held in the PeopleSoft Enterprise Portal system (myUFL) and managed by UF Bridges

9 The Matrix

10 Authentication Architecture

11 Implementing the Policy Software analysis and design began in January Development of code for self-service reset, management of questions, Help Desk functionality in Feb Active Directory synch in Feb Additional coding in March Testing of software in April Production go-live May 5, 2004

12 The Go-Live On May 5, GatorLink users with P4 and P5 will have their passwords expire and will come under the new policy All other users will be grandfathered in. Passwords will expire under current policy. When password expires, password will come under new policy. Password changes will be done through the portal (“My Account/Change Password”) Live password synchronization will be in place – a password updated at myUFL will update in Kerberos, AD and NDS Self-service password reset will be strongly encouraged

13 Future Work By November 5, all GatorLink accounts will be under the new policy LDAP will no longer be used to authenticate the portal 2-factor authentication standards for LAN, web and enterprise authentication

14 Managing the Policy ITAC-ISM and ITAC-DI&ADM will continue to have a strong role in the management of the policy. ITAC makes final recommendation Dr. Frazier chooses final policy

15 Effect of the Policy Users will have strong passwords User password policy will be determined by user’s security roles Users at P4 and P5 will be required to have security training Users will be able to use their single GatorLink credential for authentication to enterprise, web and LAN services Users will have consistent password policy across services GLAuth services will be unaffected

16 More Information Subscribe to the IT News pagelet in the portal Subscribe to the UF Bridges pagelet in the portal Additional information sessions for department administrators, support personnel in April Policies are posted at http://www.it.ufl.edu/policies http://www.it.ufl.edu/policies

Download ppt "GatorLink Password Management Policy March 31, 2004."

Similar presentations

Omni eControl: Unified management console for multiple applications

Omni eControl: Unified management console for multiple applications
ADManager Plus Simplify Your Active Directory Management.

ADManager Plus Simplify Your Active Directory Management.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Planning: Project Readiness and Costs Mike Conlon Director of Data Infrastructure University of Florida Copyright Michael Conlon, 2004. This work is the.

Planning: Project Readiness and Costs Mike Conlon Director of Data Infrastructure University of Florida Copyright Michael Conlon, This work is the.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
STREAMLINING DATA INPUT FOR HRMS USING ROBOT Session Number 1027 presented by Sandra Hurlburt and Alice Pelkman.

STREAMLINING DATA INPUT FOR HRMS USING ROBOT Session Number 1027 presented by Sandra Hurlburt and Alice Pelkman.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
MyUIdaho Orientation Darren Kearney. Agenda What is a portal? How does this fit into our web strategy? Why this portal product? Who is this for? What.

MyUIdaho Orientation Darren Kearney. Agenda What is a portal? How does this fit into our web strategy? Why this portal product? Who is this for? What.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.

Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Similar presentations

Ads by Google