Presentation is loading. Please wait.

Presentation is loading. Please wait.

Orchestrating an Identity and Access Management Implementation.

Published byReanna Chapple Modified over 9 years ago

Similar presentations

Presentation on theme: "Orchestrating an Identity and Access Management Implementation."— Presentation transcript:

1 Orchestrating an Identity and Access Management Implementation

2 Panel Bruce Taggart Vice Provost, Library & Technology Services Lehigh University Tim Foley Director, Client Services, Library & Technology Services Lehigh University Aaron Perry President APTEC, LLC Moderator: Sara Rodgers Team Leader, Identity & Access Management Lehigh University Bruce Taggart Vice Provost, Library & Technology Services Lehigh University Tim Foley Director, Client Services, Library & Technology Services Lehigh University Aaron Perry President APTEC, LLC Moderator: Sara Rodgers Team Leader, Identity & Access Management Lehigh University

3 Q & A Getting in tune with Identity and Access Management

4 What is Identity and Access Management? Q & A

5 Lehigh’s Focus Knowing who you are (Identity) and providing access to what you need (Access) –Who Relationship, Affiliation or Role Multiple Roles Transitions/Changes –What Electronic Resources Computing Services

6 Campus Identity & Access Management (“IAM”) Hosted By The University of Mary Washington NOS/DirectoriesOS (Unix) Systems & RepositoriesApplications ERPCRMHRMainframe Auditing and Reporting Workflow and orchestration StudentsFaculty & Staff SOA Applications Affiliates External Delegated Admin SOA Applications Alumni/ Customers Internal Identity Management Service Access Management Authentication & SSO Authorization & RBAC Identity Federation Directory Services LDAP Directory Meta-Directory Virtual Directory Identity Provisioning Who, What, When, Where, Why Rules & access policies Integration framework Identity Administration Delegated Administration Self-Registration & Self-Service User & Group Management Monitoring and Management StudentFac/Staff

7 Q & A How important is Identity and Access Management? Administrative/ERP/information systems Disaster Recovery/business continuity Funding IT Identity/access management Infrastructure Security

8 2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Strategic Importance 1.Security (2) 2.Administrative/ERP/information systems (3) 3.Funding IT (1) 4.Infrastructure (7) 5.Identity/access management (4) 6.Disaster recovery/business continuity (5) 2007 ranking in parentheses

9 2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Potential to Become More Significant 1.Identity/access management (2) 2.Security (1) 3.Funding IT (3) 4.Disaster recovery/business continuity (4) 5.Administrative/ERP/information systems (5) 6.Infrastructure (8) 2007 ranking in parentheses

10 Q & A To what extent is your institution considering or implementing an identity and access management solution? 1.Not considering 2.Currently evaluating 3.Planned, but won’t start within the next 12 months 4.Plan to start within the next 12 months 5.Implementation is in progress 6.Partially operational 7.Fully operational

11 Q & A Do you have a dedicated Identity and Access Management team/department? What is the scope of responsibilities for your IAM team/dept.? (computing accounts, library systems, ID cards, building access, parking access)

12 Case Study Prelude Drivers and Objectives Planning and Procedures Lehigh University Case Study Prelude Drivers and Objectives Planning and Procedures

13 Current Environment Homegrown system Developed & supported by staff with 20+ years of service Adapted & patched over many years

14 What we typically see at Higher Education Institutions

15 Challenges and Issues 15 Supportability Administration performed both centrally and locally Manual, paper-driven processes work, but lack audit ability IT staff is stretched, especially as new projects are defined and started Infrastructure support team has a wide range of responsibility with limited means Growth Use of web-based applications continues to grow Increasing demands for new services Need to support within current spending levels Affiliate community is always growing Institutional Culture Priorities may vary on a per school or campus basis Varied and complex user populations Many institutions “bend over backwards” to provide the highest levels of service to their students Typical HE Challenges and Issues Data No single view of identity data across applications Inconsistent user identity data Multiple repositories of user identity data Lack of defined standards for user attributes Many identity owners & sources

16 Changing Landscape Expansion – users and resources –Portal Implementation (2002) Complexity –Changing roles –Reduce role inflation –Self service options –Single sign-on –Federated identity management Compliance –Federal Acts (FERPA, HIPAA, GLB) –Privacy (under attack!)

17 Sustainability – standardized, documented Scalability Easier to extend the solution to other key applications and infrastructure Incrementally add functionality such as workflow, approval processes, and attestation Federation Security Foundation for enterprise application framework Additional/more secure authentication methods Rich auditing and reporting capability Objectives Sustainability – standardized, documented Scalability –Easier to extend the solution to other key applications and infrastructure –Incrementally add functionality such as workflow, approval processes, and attestation –Federation Security –Foundation for enterprise application framework –Additional/more secure authentication methods –Rich auditing and reporting capability

18 Planning and Preparation Buy vs. Build Determine total cost of ownership Select the vendor, consultants Determine staffing and consulting needs Form internal implementation team

19 Buy vs. Build Availability of products – does something already exist that meets our needs? Long-term strategic goals – scalable solution –Robust - added functionality –Integration with expanding enterprise system (Banner, Luminis, Enrollment Management) Sustainable, standardized solution –Documented and supported Software quality assurance –Tested, proven

20 Total Cost of Ownership Software Hardware Training Consulting Internal Staff –Staff Dedicated to IAM –Systems Installation/Maintenance –Programming –Data stewards

21 Why Oracle? Compatibility –System features in line with our needs –Oracle to Oracle (Banner) –OIM can complement our existing IdM. Auditing features were appealing "Adapter Factory" and out-of-the-box connectors

22 IdM Solution Approach Small, easy to define projects Defined success criteria and requirements Use of proven “off the shelf” products and technologies where appropriate Risk Avoidance Leverage institution’s existing technology base and skills Recommend a solution that is easily expandable to meet future requirements Pragmatism Recommend products that have predictable licensing and support costs Recommend institution’s internal team take ownership and perform tasks where possible Cost Containment Rapid Value Realization Each project provides immediate value and results, which can be leveraged by other institutional initiatives

23 Case Study - Our Experience

24 Lehigh University Case Study OIM Implementation in Two Movements

25 Implementation Phase I –Discovery –Documentation –Design –Role-based provisioning –Interface with authoritative source Phase II –Development –Testing –Deployment

26 Lehigh University Case Study Concurrent Harmonies & Dissonance

27 Resistance to change Trust Issues Data Stewards/Managers Programmers and Systems Analysts Cleaning up our act Improve accuracy, completeness & timeliness of data in Banner – our authoritative source Distributed responsibility Analyze business practices & policies Create customized input forms Improve interpretation of data (work with data stewards, stakeholders) Begin attestation (periodic access audits) Challenges Resistance to change Trust Issues –Data Stewards/Managers –Programmers and Systems Analysts Cleaning up our act –Improve accuracy, completeness & timeliness of data in Banner – our authoritative source –Distributed responsibility –Analyze business practices & policies –Create customized input forms –Improve interpretation of data (work with data stewards, stakeholders) –Begin attestation (periodic access audits)

28 Lessons Learned Communication is key –Involve stakeholders & data stewards –Consensus building –Make sure everyone who will be involved with the implementation has input on the decision. –Involve early You won’t believe what we found –Trace/Document problems –Explain and re-train Push-pull with those you need most Monday morning quarterbacks

29 What’s Next? Expanding the scope of our IAM to include systems outside of LTS Multifactor authentication Federated identity management

30 Contact Information Lehigh University: Bruce Taggart – bmt2@lehigh.edubmt2@lehigh.edu Tim Foley – tjf0@lehigh.edutjf0@lehigh.edu Sara Rodgers – skr5@lehigh.eduskr5@lehigh.edu APTEC, LLC: Aaron Perry - aaron@aptecllc.comaaron@aptecllc.com

31 Use Case

32 Lehigh Dev and Testing Environment

33 Production Environment Recommendation Weblogic 10.3

34 Changes

Download ppt "Orchestrating an Identity and Access Management Implementation."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Pennsylvania BANNER Users Group 2007 Structuring a reporting environment for success.

Pennsylvania BANNER Users Group 2007 Structuring a reporting environment for success.
Campus Security and Identity Management in a Banner World

Campus Security and Identity Management in a Banner World
Global Congress Global Leadership Vision for Project Management.

Global Congress Global Leadership Vision for Project Management.
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.

Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Wireless Directions University of California, Davis Wireless Technology Team February, 2001.

Wireless Directions University of California, Davis Wireless Technology Team February, 2001.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
A simpler way to manage identities across multiple services Aldo Zanoni, CEO 408.675.5015 ext. 232

A simpler way to manage identities across multiple services Aldo Zanoni, CEO ext. 232

Similar presentations

Ads by Google