Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Developments in Central Directory Service and Account Provisioning Dan Menicucci (dan@pitt.edu) Enterprise Architect - University of Pittsburgh.

Published byAngel Page Modified over 6 years ago

Similar presentations

Presentation on theme: "New Developments in Central Directory Service and Account Provisioning Dan Menicucci (dan@pitt.edu) Enterprise Architect - University of Pittsburgh."— Presentation transcript:

1 New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh

2 Who are we? Founded in 1787 One of the oldest universities in the U.S.
Five campuses (Pittsburgh, Bradford, Greensburg, Johnstown and Titusville) Figures taken from 2009 University Fact Book

3 Students, Faculty, and Staff at Pitt
All campuses Figures taken from 2013 University Fact Book 52,953 Applicants 89,298 Accounts 8,527 Groups

4 Central Directory Service
Everything from our system’s of record down Identity Registry Provisioning Engine Authentication Services Other identity services

5 History 2000 Built an identity registry on top of an Oracle DB
Implemented Novell DirXML1.0 Provisioning for users in e-Directory, Active Directory, OpenLDAP and a Kerberos 4 Realm Provisioning for IMAP, AFS, and Unix Time Sharing Built a custom user account portal

6 Later Enhancements Spam and Virus Filtering
Enterprise Active Directory Exchange Groups Emergency Notification Guest Wireless Password Enhancements Box Office 365

7 Challenges System built in an NT/Novell era
Limits on group membership sizes Difficulty managing multi-valued attributes Stable, but aging

8 Current Focus Upgrade the hardware and software of the registry
Replace provisioning engine with a new solution Remove redundant authentication directories Standardize non-Windows authentication Multifactor Authentication

9 Account Provisioning Implemented Microsoft Forefront Identity Manager 2010 R2 More supportable solution Easier integration Solves scalability issues in previous architecture 52,953 Applicants 89,298 Accounts 8,527 Groups

10 52,953 Applicants 89,298 Accounts 8,527 Groups

11 Remove Redundancies Two Enterprise AD environments, Novell eDirectory, Kerberos 4 realm and two open LDAP systems. ~40 remaining departmental authentication systems Move to a single domain Active Directory forest (Pitt)

12 Standardize Non-Windows Auth
Site license for Centrify Direct Control Authenticate and apply policy from Active Directory Replace Kerberos 4 Realm Replace NIS+ Replace Open Directory

13 Multifactor Authentication
Implemented multiple solutions Certificate Based Authenticators from Safenet OTP from Deepnet Security Rolled out to Central IT Now Focus on applications in future, including the addition of customers

14 Looking Ahead Extend Role Based Account Provisioning
Authentication Assurance True Web SSO Bring Your Own Credentials

15 Thank you for attending
Dan Menicucci Enterprise Architect

Download ppt "New Developments in Central Directory Service and Account Provisioning Dan Menicucci (dan@pitt.edu) Enterprise Architect - University of Pittsburgh."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.

Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Collaboration and Unified E-Mail Dennis Schmidt, Director, OIS.

Collaboration and Unified Dennis Schmidt, Director, OIS.
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Email Infrastructure Mark Rosenberg UCCSC. UCCSC – August 9, 2005 What is LBNL? A Department of Energy National Laboratory, operated by the University.

Infrastructure Mark Rosenberg UCCSC. UCCSC – August 9, 2005 What is LBNL? A Department of Energy National Laboratory, operated by the University.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Teamcenter™ Security Services SSO

Teamcenter™ Security Services SSO
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity & Access Management / Oracle Unified Directory

Identity & Access Management / Oracle Unified Directory
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.

Similar presentations

Ads by Google