Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Slides:

Advertisements

Similar presentations

automated single login access to Novell storage resources

Advertisements

ADManager Plus Simplify Your Active Directory Management.

…and a natural peer-to-peer platform!. Jabber as P2P Platform Agenda Why spend time in this session? What is Jabber? Who cares about Jabber? How does.

© University of Reading Go to View > Master > Slide Master to put your unit name here 20 April 2014 IT Services Identity Management.

PRODUCTVIEWS USERPROGRAMS with Colleen Alber Design & Implement a DKT Solution.

Enterprise Architecture 2013 ITLC & ITAG Leadership Meeting Discussion Points April 9, 2013.

Dave Kearns Business Layers, Inc. Unlocking Directory Services.

GETS Transformation Kick Off Active Directory and Blackberry Migration Firewall and Network Changes 04/21/

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.

Active Directory: Final Solution to Enterprise System Integration

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Peter Deutsch Director, I&IT Systems July 12, 2005

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Identity and Access Management

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution

Module 2 Creating Active Directory ® Domain Services User and Computer Objects.

BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,

By N.Gopinath AP/CSE. Why a Data Warehouse Application – Business Perspectives  There are several reasons why organizations consider Data Warehousing.

Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Module 8 Configuring and Securing SharePoint Services and Service Applications.

Web Developer’s Meeting July 29, 2004 Web Developer’s Meeting July 29, 2004.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

USM Regional PeopleSoft Conference

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

Using Novell iChain ® 2 to Deliver Internal Network Access without a VPN Brian Six Technical Account Manager Novell, Inc.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Identity on Force.com & Benefits of SSO Nick Simha.

Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions

FSUID & AD Integration Partnering with the College of Human Sciences Jeff Bauer, AIS

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.

Erie 1 BOCES / WNYRIC eBOCES applications Visit us at:

Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.

FSU Metadirectory Project The Issue of Identity Management Executive Overview.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Five Managing Addresses.

Virtual techdays INDIA │ august 2010 ENTERPRISE CONTENT MANAGEMENT WITH SHAREPOINT 2010 Naresh K Satapathy │ Solution Specialist, Microsoft Corporation.

FSU Metadirectory Project The Issue of Identity Management Executive Overview

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.

Identity Management and Enterprise Single Sign-On (ESSO)

Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV

Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.

MyOhio.gov Agency HR Staff Go-Live Prep September 16, 2011.

Quarterly Customer Meeting Office 365 License Activation and Office 365 Cloud Services Assessment Status April 2014.

July 12, 2012 Tier I Meeting Identity Management.

Building and Implementing An Identity Management Roadmap John Taylor Manager, IT Security & Service Continuity Phil Hall Security Consultant Apologies.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Storage Trends: DoITT Enterprise Storage

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 What is Identity Management Identity management deals with identifying individuals in a system and controlling their access to resources within that system throughout their employment by associating user rights and restrictions with the established identity. It is the core of what is termed “Employee Lifecycle Management.” In an enterprise setting, identity management is used to increase security and productivity, while decreasing cost and redundant effort. Includes: –Password synchronization (reduced sign-on) –Automated password resets –Provisioning and authorization to systems –De-provisioning users when they are no longer in the agency

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 What is Identity Management? Standard components of Identity Management: Authentication Access Management User Registration Maintenance Termination SSO/Federation Framework ProvisioningIdentity & Policy Administration Directory Services Virtual Directory Directory Repositories: LDAP, AD, eDirectory Meta Directory

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Today’s Enterprise LDAP The City Meta-Directory

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Project Overview The citywide Lightweight Directory Access Protocol (LDAP) project officially launched in January 2004 with a Citywide Employee Contact Directory as the end-product. lookups through agency mail clients has been available since July Novell’s eDirectory is the base of this LDAP enabled meta-directory. It resides on a Unix platform with an active-active redundancy. Agencies are connected to the LDAP directory via either a dynamic or manual batch connector that pulls identities from their agency’s directory. Windows servers are used for LDAP connector services as well as proxy appliances for the iChain web access control product. DoITT worked with over 45 agencies to create a meta-directory of employee contact information—totaling over 160,000 employees and growing.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Current Architecture Load balanced, fault tolerant, and scalable Foundation for future identity vault

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Security and Uniqueness Agencies define what information is visible through the Citywide Employee Contact Directory. Agencies have a variety of means of hiding or removing data from the system. The biggest challenge and most important element of the project was to determine a preexisting unique identifier for each employee. Name and agency, address, and even combinations of these aren’t sufficient since none of these are truly unique in NYC. Current unique identifier: Surname + Given name, Organizational Unit (s), Organization (nycnet) Future unique identifier: PMS Employee I.D.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Employee White Pages The web front-end for LDAP is the Citywide Employee Contact Directory. It is available through the City’s intranet, The directory has advanced filtering options. Data appearing in the directory or through client lookups is based on what the agency feeds LDAP and what is defined as being visible to the public. Therefore, LDAP participating agencies need to keep data clean and sensitive accounts hidden. As part of the long-term identity management strategy, we encourage every agency to put every employee’s PMS ID and active code into the agency directory. DoITT is piloting a script to help agency LDAP liaisons provide this data along with the help from their HR Departments.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Simple Employee Lookup A more simple Employee Search that ties into LDAP and displays the same data is globally available within CityShare.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Next Steps Moving from White Pages to Identity Vault

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 High-level Plan LDAP meta-directory building block is in place for the next step in establishing a citywide identity management plan. Critical milestones will have to take place for successful implementation: –DoITT, FISA and NYCAPS are working together to use the PMS ID as the unique identifier, which will populate every City employee in a large citywide identity vault. NYCAPS will be established as the sole identity source of employee data in the future. –Establishment of an identity management policy board to guide the LDAP project team on key identity management issues found throughout the Employee Management Lifecycle. –Determining the best products and approaches for authentication and authorization will enable enterprise applications and agency directories to utilize one citywide meta directory for authorization. The long-term goal is to eventually have reduced sign-on, provisioning capabilities, and digital signature capability for enterprise applications and participating agencies.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Key Considerations Work with agencies to identify their requirements and IM needs as well as bring currently non-participating ones into LDAP. Convert all batch connected agencies to dynamic connections. This will be instrumental with future user provisioning and de-provisioning in the Employee Management Lifecycle. Create a policy board consisting of multiple agencies to make decisions on: –Technologies –Timeframes –Functionality –Policies –Standards Determine the structure of the identity vault and all dependencies. Receive buy-in from agencies.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 Interested in Learning More? Contact: Dominic Pisciotta Sr. Project Manager, ETD OR Teri Moore Director of Enterprise Technology Development