1 / 35

Identity & Access Management

A Fresh Look At Penn State’s Processes, Policies, & Technologies Renée Shuey, Information Technology Services Vince Timbers, Undergrad Admissions Steve Selfe, Office of Human Resources. Identity & Access Management. IAM Update - Agenda. What is IAM Goals

MikeCarlo
Télécharger la présentation

Identity & Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Fresh Look At Penn State’s Processes, Policies, & Technologies Renée Shuey, Information Technology Services Vince Timbers, Undergrad Admissions Steve Selfe, Office of Human Resources Identity & Access Management

  2. IAM Update - Agenda • What is IAM • Goals • Who is Directly Involved • Five Areas of Focus • Deliverables • Next Steps • IAM and Undergrad Admissions • IAM and Office of Human Resources

  3. IAM Defined IAM is an administrative process coupled with a technological solution which validates the identity of individuals and allows owners of data, applications, and systems to either maintain centrally or distribute responsibility for granting access to their respective resources to anyone participating within the IAM framework.

  4. IAM Goals – Goal #1 Establish a community of people and organizations who understand each others pressures, needs, and desires in identity and access management for the purposes of maintaining and developing as nimble a set of infrastructures possible to facilitate academic, business, and collaborative processes

  5. IAM Goals – Goal #2 Develop a Penn State roadmap for Identity and Access Management that can be used to help marshal the energy necessary to get to where we all need to go

  6. Who is Involved Penn State Great Valley Development and Alumni Relations Auxiliary and Business Services University Police Services Undergraduate Admissions Office University Libraries Office of the University Registrar Information Technology Services International Programs Office of Physical Plant Office of Sponsored Programs College of Agricultural Sciences Office of the University Bursar Undergraduate Education Office of the Corporate Controller The Graduate School Commonwealth Campus Penn State Milton S. Hershey Medical Center Office of Student Aid Intercollegiate Athletics Office of Human Resources Outreach and Cooperative Extension

  7. Five Areas of Focus • Life Cycles and Affiliations • Vetting, Proofing, and Registration Authorities • Levels of Assurance • Risk Assessment • Governance and Policy

  8. Life Cycles and Affiliations • The goal of this group is to define the many affiliations (customers, employees, etc) the University currently has and that can be envisioned in the future. • This group will also make recommendations regarding when each affiliation officially begins and ends; identifying the various stages of the life cycle, as well as the current processes for creating identities, along with recommendations on process improvement.

  9. Process for New Employee

  10. Example of Affiliations • Staff (may include attributes such as leave of absence, pending, current, postdoc, future, recent) - [is future the same as pending? kgf '9-7-2007'] • Faculty (may include attributes such as leave of absence, pending, current', future, recent) - [is future the same as pending? kgf 9-7-2007] • Student (may include attributes such as withdrawn, military withdrawn, leave of absence', future, recent') • Former Student • Visiting Staff • Visiting Faculty (also includes visiting scholars and fellows?) • Visiting Student • Furloughed Employee

  11. Vetting, Proofing, and RA’s • This group will identify all registration authorities, evaluate the current processes, and make recommendations to align the processes with recommendations of the federal government's guidelines for levels of assurance while adding value to the business processes of the University. • This group will also recommend vetting and proofing processes for both in person and remote registration of individuals.

  12. Vetting, Proofing, and RA’sRecommendations • Provide a Web based, self serve, password reset website for all. • Eliminate multiple passwords at Penn State University. • Merge FPS/Access Accounts into one identity domain • Tightly couple proofing and distribution of id and password • Process and information required for vetting at various levels • Process required for proofing

  13. Level of Assurance (LoA) • Level of Assurance (LoA) describes the degree of certainty that the user has presented an identifier (a credential in this context) that refers to his or her identity. In this context, assurance is defined as: • the degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued, and the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued.

  14. LoA Organized Around… • Organizational Maturity • Registration and Identity Proofing • Authentication Protocol • Token Strength • Status Management • Delivery Confirmation

  15. Recommended Penn State LoA’s • Level 0: No confidence in the asserted identity’s validity • Level 1: Little confidence in the asserted identity’s validity. • Level 2: Some confidence in the asserted identity’s validity. • Level 3: High confidence in the asserted identity’s validity • Level 4: Very high confidence in the asserted identity’s validity.

  16. LoA Matrix

  17. Risk Assessment

  18. Risk Assessment This group will work closely with the data classification and IPAS group to make recommendations on using levels of assurance, vetting and proofing, etc. to recommend the process for assessing risk associated with transactions and data.

  19. Risk Assessment • Possible Data Categories • Public • Internal/Controlled • Restricted

  20. Risk Assessment • Each data category would have a minimum level of assurance assigned to it for authentication and authorization requirements. It is likely that sub-categories or differing levels of assurance would be assigned to a data classification level, but a minimum level for the category must be assigned.

  21. Governance and Policy This group will evaluate current policies related to identity and access management at Penn State making recommendations to changes or creation of policy and/or governance.

  22. Governance and Policy • Gap Analysis • Penn State Policies • ITS guidelines, Policies • Federal and State regulations and laws

  23. Deliverables

  24. Undergraduate Admissions Office Identity and Access Management is critical for connecting the appropriate people to the appropriate data!

  25. Who Accesses Admissions Systems? • Prospects • Applicants • High School Guidance Counselors • Alumni Volunteers • Staff • Parents?

  26. Prospects/Applicants • 350,000 Prospects Each Year • Over 95,000 prospects created FPS accounts to access My Penn State • In 2007 52,830 (82%) applications were submitted on My Penn State • Thousands of visits scheduled • Application status check • Accept offer of admissions • Access admissions decisions online

  27. High School Counselors • 350 High Schools with 1225 Counselors • Check application status of students • Submit credentials • Verify graduation

  28. Alumni Volunteers • Over 500 Alumni Volunteers • Receive lists of applicants to contact • Provide information on applicant contacts

  29. Office of Human Resources Why Identity and Access Management? …Why not?

  30. Who are all these people and why do they want access to our systems? • Prospective Employees (Risk Low) • Job Vacancy/Bidding System for external candidates

  31. Who are all these people and why do they want access to our systems? • Current Employees (Risk High) • Employee Self-Service Information System (ESSIC) • Benefits/W-4/Paycheck/Salary Deposit/Savings Bond • Attendance System • Human Resource Development Center Course Registration • Job Vacancy/Bidding System for internal candidates • IBIS/ISIS functions • Workflow • WebIBIS • Employee Reimbursement System (ERS) • Travel/Transportation Services • eBuy • Penn State Portal

  32. Who are all these people and why do they want access to our systems? • Retirees (Risk Low) • Email

  33. Affiliations and Roles • Prospective Employees • New/Current Employees • Retirees • Human Resource Representatives • Financial Officers

  34. What can IAM do for you (and more importantly….us)? • Allow for faster more efficient creation of Access Accounts and, subsequently, access to systems • Applications will potentially be more secure by enforcing LoAs • More applications for our various affiliations

  35. Contact Information • Renée Shuey • Information Technology Services • rshuey@psu.edu • Vince Timbers • Undergraduate Admissions Office • vlt@psu.edu • Steve Selfe • Office of Human Resources • srs1@psu.edu

More Related