IAMUSF. Identity and Access Management at the University of South Florida

Transcription

1 IAMUSF Identity and Access Management at the University of South Florida

2 Pg 2 IdM: What is it? Identity Management The set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities. The Burton Group (a research firm specializing in IT infrastructure for the enterprise)

3 Pg 3 IAMUSF Program IAMUSF is not a single project but a program composed of a series of projects Enterprise Directory Account Provisioning Federated Identity Establishing Identity IAMUSF Single Sign-On Authentication Authorization

4 Pg 4 IAM Big Picture (source: pubs/ is-mw.pdf)

5 Pg 5 Program Goals ( Establish a trusted, global identification system that includes the entire USF community. Enable Service Providers to automatically grant and revoke access to University resources based on the user s identity and role. Integrate multiple access mechanisms into one set of credentials, minimizing the need for multiple IDs and multiple passwords used on different systems. Create federated systems that will allow cooperation and enhance research opportunities between USF and other Universities around the world.

6 Pg 6 Supports USF Strategic Goals Establish a unified institutional structure to facilitate and promote community engagement, social enterprise, and global collaborations in education, research and service learning, including mechanisms for managing fiscal and human resources Encourage and reward student engagement in the community Refine business practices to ensure a strong and sustainable economic foundation at USF Promote and sustain a positive working environment, significantly improve service quality, and improve staff support through building cross-functional teams Build a sustainable environment to support an expanded and improved teaching and research mission, a more engaged residential community, and a university-based global village

7 Pg 7 Central Identification System Goals Consistent process for reconciling/feeding identities between Systems of Record (SoRs) OASIS and GEMS, as well as Service Providers like NAMS, AD/ , PeopleAdmin, Parking, ID-Card, Building Also collect metrics and report data quality issues Confirm USFID (e.g. U ) as primary ID for everyone at USF, and establish a central source for it Consistent process for entry and management (especially expiration) of guests, including building a stand-alone VIP system to maintain them Take opportunities to integrate with additional SoRs (e.g. HSCDirectory, DSOHR)

8 Pg 8 One Set of Credentials (SSO) Goals Establish USF NetID as Single Sign-on standard Enhance security of NetID password (e.g. aging) Stop letting new systems (e.g. Careers@USF, DgW) require new IDs and passwords, unless absolutely necessary Take opportunities to convert existing systems (e.g. Parking, OASIS) to NetID Consolidate PW resets (e.g. GEMS self-service) whenever possible Participate in federated ventures (e.g. InCommon)

9 Pg 9 Automatically Grant and Revoke Access to USF Resources Goals Take opportunities to improve speed and consistency of existing processes, e.g. Adding NetIDs, AD/ , FAST-IDs for future employees and POI/Guests Revoke roles as jobs terminate Implement commercial-grade system (Sun IdM) for programmatically adding/removing access to select services based on user s affiliations (e.g. new faculty member; terminated employee)

10 Started 2009 with: Pg 10

11 Pg 11 Major Milestones so far 2008 and Spring 2009 SSO for GoogleApps, Blackboard, eballot Standard ID: USFID (U#) for silver rule identities Standard username: NetID (jdoe) see Joined InCommon for more federation opportunities Automated creation of GoogleApps and BB accounts Summer 2009 SSO for SW-downloads, Parking, PeopleAdmin, IT- Communications-Mart Future hires can get EmplIDs and NetIDs Internal standard for guest identities (GEMS POI before NetID, NetID before AD/ ) NetID password expiration

12 Pg 12 Future Major Milestones (pg 1 of 2) Throughout SSO to TBD new (e.g. NIH via InCommon) and existing (e.g. services, as opportunities occur Improve metrics and provide data quality reports Fall 2009 Deploy the central identity person registry (CIMS-PR), including integration with PeopleAdmin Spring 2010 SSO to DegreeWorks, OASIS (depending on B8 upgrade), Library Summer 2010 Implement Guest/VIP identity system (replacing POI ) Reengineer ID-Card processes

13 Pg 13 Future Major Milestones (pg 2 of 2) Fall 2010 Automated grant/revoke of 1 st set of services using Sun IdM Spring 2012 Automated grant/revoke of access to all central business applications (using Sun IdM suite)

14 Goal: Pg 14

15 Pg 15 Never stop looking for more improvements