Presentation is loading. Please wait.

Presentation is loading. Please wait.

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

Published byRosamund Hines Modified over 8 years ago

Similar presentations

Presentation on theme: "(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,"— Presentation transcript:

1 (Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January, 2015

2 Where IAM Fits Strategically Identity is fundamental to flexible sourcing, both for customers and for services. “Gone is the black-and-white, all-or-nothing fantasy of the early days of IT outsourcing: in those days, either you continued to perform a function internally or you threw it over the transom, pocketed the savings, and washed your hands of it. Sourcing today is a discipline—a set of practices, competencies, tools, and nuanced choices made over a range of possible configurations for a variety of reasons.” Michael R. McPherson Associate Vice President and Deputy CIO University of Virginia

3 Today’s Agenda 1.Background and Governance 2.Current Infrastructure 3.Campus Visits and Findings 4.Open Discussion

4 UW System IAM Background 20012015 IAA MoU established with campuses IAA Registry Created IAA Working Group Formed 2002200320042005200620072008200920102011201220132014 Auth Hub Developed Federated Authentication for UW System-wide Apps Cross-System Identity Reconciliation Wisconsin Identity Federation Created Transition from Auth Hub to Shibboleth OIM Deployed for HRS Automated Provisioning, Access Request Mgmt IAA MoU updated IAM Steering Committee Formed IAM-TAG Formed UWS Reverse Proxy Deployed OIM10g Upgrade OIM11g Upgrade Multi-Factor AuthN Deployed for HRS & SFS IAM Steering CommitteeIAM Support TeamIAM-TAG Representation: -CIO -Campus -ERPs -Library -Legal -Security Charter: -Data Governance -Budget / Resource Governance -Strategic Oversight of Infrastructure Representation: -Campus IAM Technologists -ERP Technologists -IAM Support Team Members -SME’s as needed Charter: -Technical analysis and recommendation -Advise on UWS IAM Policy -Outreach and Awareness Composition: -Infrastructure Engineers -Support Technicians -PM / BA as needed Responsibilities: -Operate and maintain UWSA IAM Infrastructure -Coordinate with Campus and Common Systems customers

5 UW System IAM Current Infrastructure Campus Infrastructure UWS IAM Infrastructure Common Systems Campus Student Information Systems Campus Authentication Services HRSUW System Person Hub Wi-Fed Discovery Service Hosted Identity Providers (9) Campus Identity Providers (4) Campus Credentialing / Provisioning Processes Student DataEmployee Data D2L SFS Libraries etc WAYF? Login Process Validate Credentials Attribute Delivery

6 IAM Campus Visits Discussions with: –UW Oshkosh –UW Green Bay –UW Platteville –UW La Crosse –UW Stout –UW Eau Claire IAM-TAG Member participation included: –UW Madison –UW Milwaukee –UW Whitewater –UW Parkside –IAM Support Team –Common Systems Applications – D2L, Libraries More to do, but some trends emerging..

7 IAM Campus Visits Main points covered with each campus: –User account provisioning / deprovisioning –Local directory environment –Email infrastructure –Local authentication infrastructure –Federation / Cloud Services –Multi-Factor Authentication –Mobile Authentication –Support Model –Future Projects / Initiatives –Current and future needs for UW System IAM Infrastructure

8 IAM Campus Trends Use of UW System IAM Infrastructure –Most campuses use centrally hosted Identity Providers (IdPs) for common systems applications (70%), but each campus we’ve talked to so far is running or experimenting with a local IdP. –Most have cited inability to integrate centrally hosted IdP with 3 rd party providers as a reason to run their own. –Campuses are requesting that IAM Support Team customize hosted IdPs –Look & feel –Contextual information –Integration with cloud services

9 IAM Campus Trends Active Directory and Office 365 –Most campuses migrating or exploring migration to Office 365 –MS Student Advantage is a driver for all campuses –Drivers for Active Directory / Office 365 interoperability between campuses: Active Directory integration for Common Systems applications that support / require it Interoperability for hosting agreements between campuses (ImageNow, Lync, etc) Possible federation of Office 365 instances to enable cross- campus calendaring, resource sharing –Campus Active Directory installations vary

10 Wisconsin Federation Trends Managing Federated Applications –Most campuses engaged in some form of identity federation –Increased need to federate campus applications Federated Application Support –At least three parties involved in login problems: Common Systems Application Provider IAM Support Team Local Campus IAM Team / Helpdesk –Need improved coordination between groups, including improved tools and service agreements Wisconsin Federation Administration –Increased engagement by federation operators –Onboarding process for federating campus apps –Service provider commitment

11 Recommended Activities - 2015 Explore a new support model for currently hosted IdPs that allows for customization / 3 rd party integration –Encourage campuses to explore options for managing their IdPs –Expand IAM Support Team offering for hosted IdPs –Explore contracted service / 3 rd party options Explore directory integration through virtual directories or other means Create a federated application support tool Engage with Flex and others to explore future cross- campus AuthN and AuthZ needs

12 Open Discussion

Download ppt "(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,"

Similar presentations

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.

Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Enterprise IT Decision Making

Enterprise IT Decision Making
Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece www.intelligence.tuc.gr Workshop.

Software to Data model Lenos Vacanas, Stelios Sotiriadis, Euripides Petrakis Technical University of Crete (TUC), Greece Workshop.
AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.

A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.

Similar presentations

Ads by Google