(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

Slides:

Advertisements

Similar presentations

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Advertisements

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

SWITCHaai Team Federated Identity Management.

Enterprise IT Decision Making

Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece Workshop.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.

5 | Microsoft Confidential 6 | Microsoft Confidential.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Microsoft Exchange POC Evaluation Results and Recommendations.

Internal Communication Team Task  Identify better communication methods for university internal audiences  Evaluate construction of internal communication.

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting.

HRS Project Overview November 17, Agenda Project Retrospective Project Progress To Date Project Tools Relevant Items for Grants Managers 2.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

Identity and Access Management Roadmap Presentations for Committee on Technology and Architecture March 21, 2012 Amy Day, MBA Director of GME IAM Committee.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows

Are cybersecurity threats keeping you up at night? Your people go everywhere with devices, do the apps and data they need go with them? Can you adopt.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

Identities and Azure AD Premium

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Quarterly Customer Meeting Office 365 License Activation and Office 365 Cloud Services Assessment Status April 2014.

ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Digital Asset Management & Storage Program Program Summary

BI Coordinators and Executive Sponsors March 3, 2017

CoCo and R&S in the UK federation

Reduce Risk Across Hybrid IT

Jill Forrester and David Kelly| October 20, 2011

Identity & Access Management Services

LIGO Identity and Access Management

Welcome! BI Executive Sponsors May 5, 2016

eduTEAMS platform for collaboration Niels Van Dijk

California State University CSUconnect Federation

Identity and Access Management Services

Reduce Risk Across Hybrid IT

Next Steps to Value 11/8/2018.

Azure AD Application Proxy

ESA Single Sign On (SSO) and Federated Identity Management

Proposal to Create IAM Working Group

UWBI Coordinators and Executive Sponsors April 28, 2017

Some data about the CBIC Federation

Production URLs Pod Institutions URL PLNUWNE Green Bay, Stevens Point,

Next Steps to Value 7/9/2019.

Presentation transcript:

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January, 2015

Where IAM Fits Strategically Identity is fundamental to flexible sourcing, both for customers and for services. “Gone is the black-and-white, all-or-nothing fantasy of the early days of IT outsourcing: in those days, either you continued to perform a function internally or you threw it over the transom, pocketed the savings, and washed your hands of it. Sourcing today is a discipline—a set of practices, competencies, tools, and nuanced choices made over a range of possible configurations for a variety of reasons.” Michael R. McPherson Associate Vice President and Deputy CIO University of Virginia

Today’s Agenda 1.Background and Governance 2.Current Infrastructure 3.Campus Visits and Findings 4.Open Discussion

UW System IAM Background IAA MoU established with campuses IAA Registry Created IAA Working Group Formed Auth Hub Developed Federated Authentication for UW System-wide Apps Cross-System Identity Reconciliation Wisconsin Identity Federation Created Transition from Auth Hub to Shibboleth OIM Deployed for HRS Automated Provisioning, Access Request Mgmt IAA MoU updated IAM Steering Committee Formed IAM-TAG Formed UWS Reverse Proxy Deployed OIM10g Upgrade OIM11g Upgrade Multi-Factor AuthN Deployed for HRS & SFS IAM Steering CommitteeIAM Support TeamIAM-TAG Representation: -CIO -Campus -ERPs -Library -Legal -Security Charter: -Data Governance -Budget / Resource Governance -Strategic Oversight of Infrastructure Representation: -Campus IAM Technologists -ERP Technologists -IAM Support Team Members -SME’s as needed Charter: -Technical analysis and recommendation -Advise on UWS IAM Policy -Outreach and Awareness Composition: -Infrastructure Engineers -Support Technicians -PM / BA as needed Responsibilities: -Operate and maintain UWSA IAM Infrastructure -Coordinate with Campus and Common Systems customers

UW System IAM Current Infrastructure Campus Infrastructure UWS IAM Infrastructure Common Systems Campus Student Information Systems Campus Authentication Services HRSUW System Person Hub Wi-Fed Discovery Service Hosted Identity Providers (9) Campus Identity Providers (4) Campus Credentialing / Provisioning Processes Student DataEmployee Data D2L SFS Libraries etc WAYF? Login Process Validate Credentials Attribute Delivery

IAM Campus Visits Discussions with: –UW Oshkosh –UW Green Bay –UW Platteville –UW La Crosse –UW Stout –UW Eau Claire IAM-TAG Member participation included: –UW Madison –UW Milwaukee –UW Whitewater –UW Parkside –IAM Support Team –Common Systems Applications – D2L, Libraries More to do, but some trends emerging..

IAM Campus Visits Main points covered with each campus: –User account provisioning / deprovisioning –Local directory environment – infrastructure –Local authentication infrastructure –Federation / Cloud Services –Multi-Factor Authentication –Mobile Authentication –Support Model –Future Projects / Initiatives –Current and future needs for UW System IAM Infrastructure

IAM Campus Trends Use of UW System IAM Infrastructure –Most campuses use centrally hosted Identity Providers (IdPs) for common systems applications (70%), but each campus we’ve talked to so far is running or experimenting with a local IdP. –Most have cited inability to integrate centrally hosted IdP with 3 rd party providers as a reason to run their own. –Campuses are requesting that IAM Support Team customize hosted IdPs –Look & feel –Contextual information –Integration with cloud services

IAM Campus Trends Active Directory and Office 365 –Most campuses migrating or exploring migration to Office 365 –MS Student Advantage is a driver for all campuses –Drivers for Active Directory / Office 365 interoperability between campuses: Active Directory integration for Common Systems applications that support / require it Interoperability for hosting agreements between campuses (ImageNow, Lync, etc) Possible federation of Office 365 instances to enable cross- campus calendaring, resource sharing –Campus Active Directory installations vary

Wisconsin Federation Trends Managing Federated Applications –Most campuses engaged in some form of identity federation –Increased need to federate campus applications Federated Application Support –At least three parties involved in login problems: Common Systems Application Provider IAM Support Team Local Campus IAM Team / Helpdesk –Need improved coordination between groups, including improved tools and service agreements Wisconsin Federation Administration –Increased engagement by federation operators –Onboarding process for federating campus apps –Service provider commitment

Recommended Activities Explore a new support model for currently hosted IdPs that allows for customization / 3 rd party integration –Encourage campuses to explore options for managing their IdPs –Expand IAM Support Team offering for hosted IdPs –Explore contracted service / 3 rd party options Explore directory integration through virtual directories or other means Create a federated application support tool Engage with Flex and others to explore future cross- campus AuthN and AuthZ needs

Open Discussion