1 / 14

Sub Heading And Date

Identity Management University of Limerick Experience. Presented By Eugene Murnane Eamonn T Fitzgerald Technology Solutions Group Information Technology Division University of Limerick. Sub Heading Date. Sub Heading And Date.

yazid
Télécharger la présentation

Sub Heading And Date

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity ManagementUniversity of Limerick Experience Presented By Eugene Murnane Eamonn T Fitzgerald Technology Solutions Group Information Technology Division University of Limerick SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  2. Agenda • Common Problems • Provisioning Student Accounts (UL Experience) • Provisioning Students E-Mail Accounts • Provisioning Staff AD accounts • International Equine Institute Case Study • Future Plans • Questions SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  3. Using Active Directory Credentials SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  4. Definitivedata source Merging data from different sources Access to files & Printers Managing AD & e-mail accounts Ownershipof data Common Problems with Identity Management Single sign-on SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  5. ProvisioningStudent Active Directory Accounts • Data source: Student Records System • Accounts updated nightly • Accounts created via ID Card • Disable non current student accounts • Graduate student accounts are deleted manually once a year • Reset Password using ID card or web • Password expiry e-mail alert SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  6. Student Account Attributes AD Attributes updated: cn proxyAddresses userPrincipalName samAccountName Mail givenName sn AD Attributes used to populate dynamic distribution groups in Microsoft Live@Edu: extensionAttribute1 = “Student” extensionAttribute2: Course Code(s) extensionAttribute3: Year(s) of study extensionAttribute4: Advisor group extensionAttribute5: Registered Modules SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009 HEAnet & 13 Nov 2009

  7. Provisioning Student E-mail Accounts • Microsoft Live@Edu Outlook Live Accounts • Data Source: Active Directory • Microsoft GALSync 2010 on ILM 2007 creates and updates Outlook Live accounts. SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  8. Provisioning Student E-mail Accounts • AD => Outlook Live One-way Password Synchronisation (PCNS) • Startsync runs every 10 minutes • Single Sign-on access on-campus SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  9. Provisioning Staff Active Directory Accounts • Data sources: HR database; logged information • ITD Service Desk create and update accounts • Requests for new accounts are logged in RMS • Inactive accounts automatically disabled after 180 days • Inactive accounts automatically deleted after 400 days • Reset password via web page www.ul.ie SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  10. International Equine Institute Case Study • TheInternational Equine Institute wanted restricted access to videos uploaded onto HEAnet hosted site (http://media.heanet.ie) • Use UL credentials to access videos • Use Shibboleth to authenticate UL users • Build Identity Provider Server SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  11. Server Configuration • Virtual server running on VMware ESX 4.0 clustered platform • Shibboleth 2.0 • Red Hat Linux ES 4.0 • Apache Tomcat 5.5 • Apache 2.2 • Apache Tomcat (JK) Connector (config files to update /etc/httpd/conf.d/jk.conf and /etc/httpd/conf.d/ssl.conf) • SSL certificate obtained from Globalsign via HEAnet SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  12. Managing Accounts – Future Plans • Use Microsoft Identity Lifecycle Manager to provision accounts (instead of programming) • Staff Accounts to be provisioned from HR database • Student Accounts to be provisioned from Student Records Database • Use ILM to integrate Student Records System with: • Student ID Card System • Door Lock System • Implement Single Sign-on for Student Records System SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  13. Links http://Media.heanet.ie http://EduGate-Pilot.heanet.ie/rr SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

  14. Questions ? SubHeadingDate Sub Heading And Date HEANet National Networking Conference – 12th November 2009

More Related