© University of Reading 2007 www.reading.ac.uk Go to View > Master > Slide Master to put your unit name here 20 April 2014 IT Services Identity Management.

Slides:

Advertisements

Similar presentations

Click to edit Master title style ManageEngine ADManager Plus 6 What's New? ADManager Plus offers: AD Automation | AD Management | AD Reporting | AD Delegation.

Advertisements

ADManager Plus Simplify Your Active Directory Management.

© University of Reading Finance and Corporate Services 20 April 2014 Purchase To Pay Phil Southwell – Head of Financial and HR Systems.

© University of Reading 2006www.reading.ac. uk 20 April 2014 Network Infrastructure IT Supporters Update – 26 June 2007.

© University of Reading Centre for Career Management Skills April 25, 2014 Career-informed degree programmes: How might they look.

Version 2.0 © Copyright 2008 ANB Software Ltd. ActivMan 2.0 Scenarios Basic Features Templates Mass Manipulation Importing Auto Importing Extracting from.

EMu New Features 2013 Bernard Marshall KE Software.

SITE INTERNET DE LA CONFEDERATION CONSTRUCTION RUBRIQUE TRANSPORT ET MOBILITE.

What’s FIM all about?. Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current.

 Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Chap 2 System Structures.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.

Reference and Instruction Automated Statistics Gathering and Reporting System Members: Patrick Chen (pyc7) Soo-Yung Cho (sc444) Gregg Herlacher (gah24)

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Exchange 2010 Recipient and Mailbox Management IT:Network:Applications.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

Web Server Administration Chapter 5 Managing a Server.

Mandatory Annual ACE Training Fiscal Year 2011 – 2012.

1 Secure Internet browsing and Support for staff in schools.

SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.

Mandatory Annual ACE Training Fiscal Year 2010 – 2011.

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

Welcome to a brief overview of the upgraded Education Maintenance Allowance system. This presentation will give you a quick look at the system and will.

Agenda Overview of Seneca Computer System –File Servers / Student Computer Accounts –Telnet application –How to Logon to Learn / Phobos accounts How to.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Plenary meeting 2015 – Chania - Crete CASCADE Data Services Yusuf Yigini, Panos Panagos, Martha B. Dunbar Joint Research Centre - European Commission.

The FIM Team User Group Proudly sponsored by November 2014.

Capstone – Team C Project: Sisters Of The Road

Module 9 Planning a Disaster Recovery Solution. Module Overview Planning for Disaster Mitigation Planning Exchange Server Backup Planning Exchange Server.

Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions

FSUID & AD Integration Partnering with the College of Human Sciences Jeff Bauer, AIS

Virtual techdays INDIA │ august 2010 virtual techdays INDIA │ august 2010 Moving/Co-existing your messaging platform to the cloud with Exchange.

MIIS in the Real World - MIIS at Centrica Mathew Rawlings Designer.

1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.

UAB Windows 2000 Active Directory Project NMI Workshop 8 April 2003 Dave Green UAB Electrical & Computer Engineering Dept.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 7 Planning and Deploying Messaging Compliance.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Five Managing Addresses.

Agenda Overview of Seneca Computer System File Servers / Student Computer Accounts Telnet application How to Logon to Learn / Phobos accounts How to Change.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

Secure . is a means of exchanging digital messages from an author to one or more recipients – it is instant with no delay or postal costs.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

Staff Module and Summary of Changes 1. Icon Changes: Page 3 Signing In and Password/Pin Changes: Page 4 Logging Out: Page 8 Staff Module Changes: Page.

Securing and Sharing Workbooks Lesson 11. The Review Tab Microsoft Excel provides several layers of security and protection that enable you to control.

Agenda Overview of Seneca Computer System File Servers / Student Computer Accounts Telnet application How to Logon to Learn / Phobos accounts How to Change.

Yarra Hills Secondary College ©2015 Bulk creation of parent accounts MoodleMoot Australia 2015.

Santa Clara School of Law Case Study: Class Roster, and Seating Chart.

A software development company especially related with development of software in education sector. DEN has a highly interactive and user friendly interface.

SAP R/3 User Administration1. 2 User administration in a productive environment is an ongoing process of creating, deleting, changing, and monitoring.

Al Lilianstrom and Dr. Olga Terlyga NLIT 2016 May 4 th, 2016 Under the Hood of Fermilab’s Identity Management Service.

ACTIVE DIRECTORY ADMINISTRATION

Office 365 and Calendaring Migration Project

CAR Phase 23 Release Notes

PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED

Managing Digital Identity

SharePoint Online Authentication Patterns

Managing Enterprise Directories: Operational Issues

University of Northern Colorado

Presentation transcript:

© University of Reading Go to View > Master > Slide Master to put your unit name here 20 April 2014 IT Services Identity Management

To put your footer here go to View > Header and Footer2 What is identity management? The management of data that relates to an individuals identity Use of that data – Data is created – Data is shared – Data is used to determine an individuals access to resources

To put your footer here go to View > Header and Footer3 Why manage it better? Improved accuracy and consistency of data Improved efficiency of processes Reduced security risks

To put your footer here go to View > Header and Footer4 How do we plan to do this? Using Microsoft Identity Lifecycle Manager Phased Identity Management Project

To put your footer here go to View > Header and Footer5 How ILM works ILM connects multiple data sources. These do not have to be compatible with one another Data from these sources is combined into a single unified view within ILMs metadirectory For each item of data the authoritative source is determined ILM imports that data from its authoritative source and using pre- defined rules updates other connected systems Data can change in its authoritative source at any time ILM checks for changes at pre-determined intervals Can also be triggered to perform an immediate run

To put your footer here go to View > Header and Footer6 Example ILM Metaverse RISIS BB Student no Name Dept Course Username Student no Name Course Username Student no Name Dept Course Username

To put your footer here go to View > Header and Footer7 First phase project goals Unique identifier per individual Propagation of identity data Increased automation of user account provisioning and de-provisioning More timely, accurate provision and removal of access Role based access control Content free usernames Web accessible communications directory

To put your footer here go to View > Header and Footer8 Solution overview

To put your footer here go to View > Header and Footer9 Unique identifier Generated by ILM for each individual Links staff and student information 8 digits

To put your footer here go to View > Header and Footer10 Propagation of identity data Authoritative source Self service Replacement of existing batch data feeds

To put your footer here go to View > Header and Footer11 ILM provisioning ILM detects & imports data from RISIS, HR or Remedy ILM either generates unique UoR id or joins to existing metaverse object ILM generates username and address ILM provisions record into AD Attributes passed to Exchange which provisions the mailbox and GAL entry (staff) ILM passes mail address and other attributes to the UNIX mail ADAM from where mailboxes are created (student and external) A home drive is created with filestore quota set according to user status ILM provisions record into Remedy (staff & student) ILM provisions record into the communications directory ADAM (staff) If a member of academic staff ILM provisions record into the tutor table in RISIS Username and address exported back to originating system

To put your footer here go to View > Header and Footer12 ILM deprovisioning ILM has a delayed action provisioned for leave-date + 1 When leave-date + 1 is reached – ILM disables AD account – Users home drive permissions updated by removing windows permissions and writing Windows Administrator permissions. – Remedy updated and in grace period begins – User removed from communications directory – If academic employee then RISIS tutor record set to not in use – Second delayed action provisioned for leave-date + grace period When leave-date + grace period is reached – AD account deleted – Remedy status set to deleted – User removed from UNIX mail ADAM – Home directory removed – Username and removed from originating system – Third delayed action provisioned for leave-date + 1 year + 1 week When leave-date + 1 year + 1 week is reached – Remedy record is deleted

To put your footer here go to View > Header and Footer13 More timely provision / removal of access Enabling and disabling of accounts happens on an individual basis rather than as a batch process Staff accounts created earlier Automation forces the University to define rules Rules are then applied more accurately and consistently Auditors are happier

To put your footer here go to View > Header and Footer14 Role Based Access Control A copy of attributes relating to role, such as dept, status, year of entry etc, can easily be maintained by ILM in a connected ADAM. Client systems connecting to this ADAM can use this role data to determine an individuals access rights in their own system.

To put your footer here go to View > Header and Footer15 Content free usernames Inconvenient to change username when dept or status changes. These changes are becoming increasingly common. An individuals username will no longer change. Information contained in the current username structure will be made available through an ADAM. New usernames will consist of 6 randomly generated chars, aannnn. Existing usernames will remain unchanged but should be regarded as content free. A new employee will only be given 1 staff username. A new student will only be given1 student username. Where an individual is both an employee and a student they will be given 1 for each role. A web based equivalent of the PERSON command will be created before ILM is implemented.

To put your footer here go to View > Header and Footer16 Communications directory A web accessible communications directory will be created This will always be as up to date as the HR system Employee self service will enable staff to maintain name and telephone number data themselves

To put your footer here go to View > Header and Footer17 Timescales Most of the development work has been done Next step is data cleansing and testing Plan to go live in April 08

To put your footer here go to View > Header and Footer18 Future Developments Use of ILM to gradually replace batch data feeds between systems Development of more refined role based access control Consider having 1 username per individual Consider more frequent data synchronisations if demand for it