Presentation is loading. Please wait.

Presentation is loading. Please wait.

PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED

Published byIrene Atkins Modified over 5 years ago

Similar presentations

Presentation on theme: "PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED"— Presentation transcript:

1 PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED
Management of Information Systems Information Technology

2 Why do we need Identity Management?
Today, every change in employee status requires involvement by IT. New hires need access to be granted to the data and apps they need to do their jobs. Separations require access revocation and security changes. Job moves mean shifting status and access changes from one group to another.

3 Why do we need Identity Management?
Identity management solutions help shift that responsibility away from IT. These solutions often place employee status changes back in the hands of those tied most closely to them — HR and sometimes even the employees themselves. Additionally, it provides tighter security and access control measures over the daily tasks of employees. 

4 P S J A PSJA AT A GLANCE 5000 staff 43 campuses/ Support Sites
32,000 students 5000 staff 43 campuses/ Support Sites Micrsoft Active Directory/Office 365 Google

5 PROBLEMS AND INCONSISTENCIES
PSJA CREDENTIALS INFORMAL PROCESS MULTIPLE SOURCES MULTIPLE BATCH IMPORTS LENGTHY PROCESS NOT REAL TIME (MANUAL PROCESS) INEFFICIENT USE TIME

6 AUTOMATION SOFTWARE CHOICES
2010 & 2012 NOVELL Microsoft Active Directory Servers 1 – DSS server (automation) 2 – ARMS server group mgmt & password 1 – Database server Microsoft Active Directory Server breakdown 1 – App server (automation) 2 – web front ends group mgmt 1 – SQL Database server Azure Active Directory Premium for self service password (staff & students) 2018

7 VERSION 1 & 2 OF THE MATRIX 2010 – Version 1 (NOVELL)
Identity Automation software Used primarily with our Novell tree 2012 – Version 2 (AD & STUDENT S) Upgraded and improved logic with Identity Automation Created all accounts in Microsoft Active Directory tree fully automated for student accounts Staff accounts remained on-premise

8 OLD LOGIC AND NEW DEMANDS
2018 – Version 3 Philosophy and needs had changed since 2012 Outgrew old logic…no longer made sense Powershell scripts were running 40% of the process to meet our demands Migration of on-premise accounts to the cloud broke existing logic (Exchange accounts) Single sign on (SSO) to internal systems created instant demand for end users

9 What is Microsoft Identity Manager?
Microsoft Identity Manager is a tool that… Helps you manage the users, credentials, policies, and access within your organization. Additionally, MIM 2016 adds a hybrid experience, privileged access management capabilities, and support for new platforms.

10 What does Microsoft Identity Manager do?
Fundamentally MIM synchronizes identity data between various systems. It’s very flexible in what it can connect to (like Active Directory, other directories, HR systems, ERP systems, systems etc.), and what objects it synchronizes (always users, often groups, and maybe roles, permissions, computers etc.). It can provision and de-provision, enable and disable, move, and generally synchronize all types of attributes – even passwords (though passwords are not handled like other attributes – being propagated in real time, while regular attributes are synchronized on a schedule).

11 GENERAL WORK FLOW - STAFF
HR Employee hired (professionals, clerks, Name, Job code, Building, Status AD OU location Sub containers Permissions O365 Account sync (Azure AD Connect) License Activation based on group membership Global groups for SIS Teacher info (First name, Last Name) Building

12 GENERAL WORK FLOW - STUDENT
SIS Student enrolls Name, Grade, Building, Status AD OU location Sub containers O365 Account sync License Activation Global groups for

13 CONTROL POINT IS WITH HUMAN RESOURCES
EMPLOYEE HIRED NAME LOGIC JOB CODE BUILDING STATUS PASSWORD LOGIC PLACED IN ACTIVE DIRECTORY PERMISSIONS GRANTED Group Membership on AD Attributes Account is Active Single Sign On Ready

14 ONE USERNAME AND PASSWORD TO RULE THEM ALL
PSJA CREDENTIALS TEACHER ACCESS CENTER EMPLOYEE ACCESS CENTER WEB RESOURCES STUDENT INFO SYSTEM INTRANET SHAREPOINT OFFICE 365 And MANY MORE…

15 Deprovision and Account – Staff member
EMPLOYEE RETIRES REMOVED FROM CAMPUS OU REMOVED FROM GROUP MEMBERSHIP ACCOUNT BECOMES DISABLED PLACED IN FINAL PAY LOCATION DELETED AFTER 180 DAYS

16 Deprovision Account - Student
STUDENT GRADUATES REMOVED FROM CAMPUS OU REMOVED FROM GROUP MEMBERSHIP ACCOUNT BECOMES REMAINS ACTIVE FOR 2 YEARS DELETED AFTER 180 DAYS (AFTER 2 YEARS)

17 LESSONS LEARNED Where does your information live? eSchool (students)
eFinance (staff) GIGO – Garbage In, Garbage Out Flowcharts of what you want done Complete life-cycle Understanding your organization procedures Who? What? How? Why? Working with others to facilitate the needed changes Change is hard for organizations/departments

18 LESSONS LEARNED…..continued
Name logic was difficult to include everyone De la Garza, double last names, nick names, etc. Promotions, titles, pictures & renames – O my! Time sensitive and controlled at HR without notice Constant troubleshooting at the beginning Where did it break, what broke it Document your processes and procedures Handling all of the special exceptions Sometimes automation can’t fix everything

19 How much time would that take? Coordination and Communication
Budget $$$ How many individuals would it take to keep up with all data input and changes in the different systems? 2? 3? Or more… What would that cost? How much time would that take? Coordination and Communication

20

Download ppt "PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
What’s FIM all about?. Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current.

What’s FIM all about?. Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.

Kentico CMS 5.5 R2 What’s New. Highlights Intranet Solution Document management package – WebDAV support – Project & task management – Document libraries.
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
1111 Superior Avenue Suite 310 Cleveland Ohio 44114 Tel: 216.589.9626 Fax: 216.589.9639 Identity Management.

1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Identity Management.
02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
Identity and Access Management

Identity and Access Management
IDENTITY PROBLEM Too Many User Names and Passwords Across Multiple Systems.

IDENTITY PROBLEM Too Many User Names and Passwords Across Multiple Systems.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
SharePoint External Login Access – Forms Authentication vs Azure ACS.

SharePoint External Login Access – Forms Authentication vs Azure ACS.
Managing Active Directory Domain Services Objects

Managing Active Directory Domain Services Objects
Chapter 7: WORKING WITH GROUPS

Chapter 7: WORKING WITH GROUPS
Deploying Chromebooks RICK NICHOLAS A.

Deploying Chromebooks RICK NICHOLAS A.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.

A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.

Similar presentations

Ads by Google