Identity and Access Management Program Update CIO Council Update September 19th Monday 2:40 – 3:00 Smith 561

Purpose and Intended Outcome To provide the IAM Executive Committee with an update on developments since our last program review. Intended Outcome Provide an update on the overall Program goals and progress Feedback on the FY’17 Goals

Rollout planning with HLS, HKS, HMS IAM Program Objectives – Review and Status Strategic Objective Status Launched Completed Goal 1: Simplify and improve access to applications and information inside and outside of the University HarvardKey and Persons of Interest Complete FY’14 FY’16 Goal 2: Make it easier for faculty, staff, and students to research and collaborate within the University and with other institutions Data Integration, Group Management and Federation In Progress FY’17 Goal 3: Improve the security profile of the University Duo and Directory Strategies FY’15 Goal 4: Establish a strong foundation for IAM to enable user access regardless of new and/or disruptive technologies School Provisioning and Operational Transition Rollout planning with HLS, HKS, HMS

Progress Against FY17 Goals KEY Done Risk Identified No significant Concerns Major Risk Goal Program Goal Status Update Goal 1: Increase adoption of Two Step Verification across the University #3 Security Release schedule set for two-step functionality to be brought into Key Communication plan developed Goal 2: Implement centrally managed groups to enable distribution lists, access control and authorization to web-based applications #2 Collaboration Work underway to promote initial functionality to production to validate architecture Goal 3: Provision identities into a school Active Directory (HKS) #4 Foundational HKS has hired a resource to assist on project Planning with HUIT UC underway Goal 4: Enable users to opt-in and personalize email services via HarvardKey self-service #1 Simplification Development effort targeted for next quarter to allow for O365 opt-in by FAS, DCE and SEAS affiliates Goal 5: Partner with HMS to define IAM elements for a retirement strategy of eCommons Conversations with HMS ongoing Goal 6: Establish the FY'18 funding model and transition to operational steady state Official planning effort kicked off to coordinate IAM and Finance team partnership

Two-Step Expansion: Adoption (as of Friday) 8/28/2015 The schools with red Done happened since last mtg Where are the non user accounts? What is the difference in DCE: 8,335 student who have not claimed Actions: Break CADM into pilot and non pilot groups

Two-Step Expansion: Professional Schools (as of Fri) 8/28/2015 The schools with red Done happened since last mtg Where are the non user accounts? What is the difference in DCE: 8,335 student who have not claimed Actions: Break CADM into pilot and non pilot groups

Group Service: The Challenge

What challenges does the CIO Council hope to address with Grouper? Group Service: Assumptions Single repository (registry) of groups -- managed in one place -- but with flexible ownership options IAM will create groups directly and delegate authority to create groups API architecture allows for systems to automatically create groups, and manage memberships Web UI supports end user updates; while some institutions write their own front end, Harvard will use the delivered UI and wait to get deeper insight into true business needs Delegation to: Other authoritative systems: AcTS, ATS, PS, etc. Schools and High-Level Departments, approved for this responsibility Individuals Follow-up meeting will be scheduled to discuss Grouper strategy with CIO Council What challenges does the CIO Council hope to address with Grouper?