Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Southern California Identity and Access Management (IAM)

Published byEmily Erika Bridges Modified over 6 years ago

Similar presentations

Presentation on theme: "University of Southern California Identity and Access Management (IAM)"— Presentation transcript:

1 University of Southern California Identity and Access Management (IAM)
Brendan Bellina Identity Services Architect Mgr, Enterprise Middleware Development Information Technology Services University of Southern California Los Angeles, California, USA Copyright Brendan Bellina This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 University of Southern California
Private research university, founded 1880 33,500 students (16,500 undergraduate, 17,000 graduate and professional) 3,200 full-time faculty, 8,200 staff $1.9 billion annual budget, $432 million sponsored research Two major LA campuses; six additional US locations; four international offices

3 Definition of Identity and Access Management
Identity and Access management (IAM) is a broad administrative function that identifies individuals in a system (in this case, USC), and controls and facilitates their access to resources within that system by associating user rights and restrictions with the established identity.

4 Evolution of IAM Program
2001 – Eliminate/Suppress US Government assigned Social Security Numbers from non-financial systems 2002 – Commit to unified identifier – USC ID number 2003 – Build data governance structure 2005 – Enable authentication and authorization 2007 – Support affiliates and visitors

5

6

7 Responsibilities of the Person Registry
Prevent duplicate identities by matching Collect person attributes from SORs for matching and provisioning to GDS (Enterprise Directory Service) Generate University Identifier (USCID) Reject invalid data from SORs Merge functions Respond to queries for specific users from SORs to prevent duplicates Provide reports on partial identity matches for SORs

8 Responsibilities of the Metadirectory
Update GDS content based on: Person information - Person Registry Account information - Account System (“MU”) Affiliate services - Guest/Affiliate System (“iVIP”) Generate Directory Identifiers “uscPvid” Maintain GDS groups based on attributes and discretionary group memberships Populate entitlements based on group memberships

9 Responsibilities of the GDS Global Directory
Public LDAP interface for White Pages, clients, and other LDAP clients Master of groups Aggregates account information for use with Shibboleth SSO Attribute and Identity source for Shibboleth SSO Authentication services (via Kerberos plug-in) Authorization services (via service accounts and aci’s)

10 Policy and Governance

11 Data Governance Data Governance brings together cross- functional teams to make interdependent rules or to resolve issues or to provide services to data stakeholders. These cross-functional teams - Data Stewards and/or Data Governors - generally come from the Business side of operations. They set policy that IT and Data groups will follow as they establish their architectures, implement their own best practices, and address requirements. Data Governance can be considered the overall process of making this work.

12 Data Governance Committees
Directory Services Steering Committee – policy development committee meets every 3 weeks focuses on policy regarding data acquisition and release, integration, and communication attendees include senior management representatives from academic schools, administrative departments, major IT units, General Counsel GDS Executive Committee - management committee every other week focuses on technical and staffing issues affecting direction and prioritizations attendees include management representatives from SOR’s and GDS team Data Team - technical committee meets monthly focuses on operational issues affecting SOR’s and PR/GDS attendees include representatives from SOR’s and GDS team Working Groups

13

14 Data Team

15 GDS Executive Committee

16 Directory Services Steering Committee

17 Attribute Access Request Process
Required for all data requests to GDS content Directory Steering Committee reviews all new AAR submissions Data Stewards must also approve requests Requests must be reauthorized every 2 years Changes in data requirements require submission of a new AAR

18 Links USC: http://www.usc.edu GDS Website: http://www.usc.edu/gds
Brendan Bellina,

Download ppt "University of Southern California Identity and Access Management (IAM)"

Similar presentations

Culture Change: What IT Takes to Create a Quality Customer Service Environment Presented By: Anne Agee, Executive Director, Division of Instructional and.

Culture Change: What IT Takes to Create a Quality Customer Service Environment Presented By: Anne Agee, Executive Director, Division of Instructional and.
Copyright Kathy J. Lang and Ed Mahon, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Copyright Kathy J. Lang and Ed Mahon, This work is the intellectual property of the authors. Permission is granted for this material to be shared.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Applying Data Governance in Identity Management: To Serve and Protect Brendan Bellina Identity Services Architect Information Technology Services University.

Applying Data Governance in Identity Management: To Serve and Protect Brendan Bellina Identity Services Architect Information Technology Services University.
© Copyright Computer Lab Solutions 2006. All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.

© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Copyright Princeton University 2004. This work is the intellectual property of Princeton University. Permission is granted for this material to be shared.

Copyright Princeton University This work is the intellectual property of Princeton University. Permission is granted for this material to be shared.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity.

Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
ECM Project Roles and Responsibilities

ECM Project Roles and Responsibilities
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, 2007. This work is the intellectual property of the author.

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.
Copyright Anthony K. Holden, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.
Using Shibboleth as Your WebSSO Authentication System CAMP Shibboleth: Enabling Campus and Federated Single Sign-On June 27, 2006 Brendan Bellina Identity.

Using Shibboleth as Your WebSSO Authentication System CAMP Shibboleth: Enabling Campus and Federated Single Sign-On June 27, 2006 Brendan Bellina Identity.

Similar presentations

Ads by Google