1 / 34

Orchestrating an Identity and Access Management Implementation

Orchestrating an Identity and Access Management Implementation. Bruce Taggart Vice Provost, Library & Technology Services Lehigh University Tim Foley Director, Client Services, Library & Technology Services Lehigh University Aaron Perry President APTEC, LLC

claral
Télécharger la présentation

Orchestrating an Identity and Access Management Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Orchestrating an Identity and Access Management Implementation

  2. Bruce Taggart Vice Provost, Library & Technology Services Lehigh University Tim Foley Director, Client Services, Library & Technology Services Lehigh University Aaron Perry President APTEC, LLC Moderator: Sara Rodgers Team Leader, Identity & Access Management Lehigh University Panel Bruce Taggart Vice Provost, Library & Technology Services Lehigh University Tim Foley Director, Client Services, Library & Technology Services Lehigh University Aaron Perry President APTEC, LLC Moderator: Sara Rodgers Team Leader, Identity & Access Management Lehigh University

  3. Q & A Getting in tune with Identity and Access Management

  4. What is Identity and Access Management? Q & A What is Identity and Access Management?

  5. Lehigh’s Focus Knowing who you are (Identity) and providing access to what you need (Access) • Who • Relationship, Affiliation or Role • Multiple Roles • Transitions/Changes • What • Electronic Resources • Computing Services

  6. Campus Identity & Access Management (“IAM”) External Internal SOA Applications Delegated Admin Alumni/ Customers Affiliates Faculty & Staff Students SOA Applications Identity Management Service • Access Management • Authentication & SSO • Authorization & RBAC • Identity Federation • Identity Administration • Delegated Administration • Self-Registration & Self-Service • User & Group Management Auditing and Reporting Monitoring and Management Workflow and orchestration • Directory Services • LDAP Directory • Meta-Directory • Virtual Directory • Identity Provisioning • Who, What, When, Where, Why • Rules & access policies • Integration framework Applications Systems & Repositories Hosted By The University of Mary Washington Fac/Staff Student ERP CRM OS (Unix) HR Mainframe NOS/Directories

  7. Q & A How important is Identity and Access Management? • Administrative/ERP/information systems • Disaster Recovery/business continuity • Funding IT • Identity/access management • Infrastructure • Security

  8. 2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Strategic Importance • Security (2) • Administrative/ERP/information systems (3) • Funding IT (1) • Infrastructure (7) • Identity/access management (4) • Disaster recovery/business continuity (5) 2007 ranking in parentheses

  9. 2008 EDUCAUSE Current Issue Survey Ranking from All Institutions on Potential to Become More Significant • Identity/access management (2) • Security (1) • Funding IT (3) • Disaster recovery/business continuity (4) • Administrative/ERP/information systems (5) • Infrastructure (8) 2007 ranking in parentheses

  10. Q & A To what extent is your institution considering or implementing an identity and access management solution? • Not considering • Currently evaluating • Planned, but won’t start within the next 12 months • Plan to start within the next 12 months • Implementation is in progress • Partially operational • Fully operational

  11. Q & A Do you have a dedicated Identity and Access Management team/department? What is the scope of responsibilities for your IAM team/dept.? (computing accounts, library systems, ID cards, building access, parking access)

  12. Prelude • Drivers and Objectives • Planning and Procedures Case Study CaseStudy Prelude Drivers and Objectives Planning and Procedures Lehigh University

  13. Current Environment • Homegrown system • Developed & supported by staff with 20+ years of service • Adapted & patched over many years

  14. What we typically see at Higher Education Institutions

  15. Typical HE Challenges and Issues Challenges and Issues • Data • No single view of identity data across applications • Inconsistent user identity data • Multiple repositories of user identity data • Lack of defined standards for user attributes • Many identity owners & sources • Supportability • Administration performed both centrally and locally • Manual, paper-driven processes work, but lack audit ability • IT staff is stretched, especially as new projects are defined and started • Infrastructure support team has a wide range of responsibility with limited means • Growth • Use of web-based applications continues to grow • Increasing demands for new services • Need to support within current spending levels • Affiliate community is always growing • Institutional Culture • Priorities may vary on a per school or campus basis • Varied and complex user populations • Many institutions “bend over backwards” to provide the highest levels of service to their students 15

  16. Changing Landscape • Expansion – users and resources • Portal Implementation (2002) • Complexity • Changing roles • Reduce role inflation • Self service options • Single sign-on • Federated identity management • Compliance • Federal Acts (FERPA, HIPAA, GLB) • Privacy (under attack!)

  17. Sustainability – standardized, documented • Scalability • Easier to extend the solution to other key applications and infrastructure • Incrementally add functionality such as workflow, approval processes, and attestation • Federation • Security • Foundation for enterprise application framework • Additional/more secure authentication methods • Rich auditing and reporting capability Objectives • Sustainability – standardized, documented • Scalability • Easier to extend the solution to other key applications and infrastructure • Incrementally add functionality such as workflow, approval processes, and attestation • Federation • Security • Foundation for enterprise application framework • Additional/more secure authentication methods • Rich auditing and reporting capability

  18. Planning and Preparation • Buy vs. Build • Determine total cost of ownership • Select the vendor, consultants • Determine staffing and consulting needs • Form internal implementation team

  19. Buy vs. Build • Availability of products – does something already exist that meets our needs? • Long-term strategic goals – scalable solution • Robust - added functionality • Integration with expanding enterprise system (Banner, Luminis, Enrollment Management) • Sustainable, standardized solution • Documented and supported • Software quality assurance • Tested, proven

  20. Total Cost of Ownership • Software • Hardware • Training • Consulting • Internal Staff • Staff Dedicated to IAM • Systems Installation/Maintenance • Programming • Data stewards

  21. Why Oracle? • Compatibility • System features in line with our needs • Oracle to Oracle (Banner) • OIM can complement our existing IdM. • Auditing features were appealing • "Adapter Factory" and out-of-the-box connectors

  22. IdM Solution Approach Risk Avoidance • Small, easy to define projects • Defined success criteria and requirements • Use of proven “off the shelf” products and technologies where appropriate • Each project provides immediate value and results, which can be leveraged by other institutional initiatives Rapid Value Realization Pragmatism • Leverage institution’s existing technology base and skills • Recommend a solution that is easily expandable to meet future requirements Cost Containment • Recommend products that have predictable licensing and support costs • Recommend institution’s internal team take ownership and perform tasks where possible

  23. Case Study - Our Experience

  24. Case Study OIM Implementation in Two Movements Lehigh University

  25. Implementation • Phase I • Discovery • Documentation • Design • Role-based provisioning • Interface with authoritative source • Phase II • Development • Testing • Deployment

  26. Case Study Concurrent Harmonies & Dissonance Lehigh University

  27. Resistance to change • Trust Issues • Data Stewards/Managers • Programmers and Systems Analysts • Cleaning up our act • Improve accuracy, completeness & timeliness of data in Banner – our authoritative source • Distributed responsibility • Analyze business practices & policies • Create customized input forms • Improve interpretation of data (work with data stewards, stakeholders) • Begin attestation (periodic access audits) Challenges • Resistance to change • Trust Issues • Data Stewards/Managers • Programmers and Systems Analysts • Cleaning up our act • Improve accuracy, completeness & timeliness of data in Banner – our authoritative source • Distributed responsibility • Analyze business practices & policies • Create customized input forms • Improve interpretation of data (work with data stewards, stakeholders) • Begin attestation (periodic access audits)

  28. Lessons Learned • Communication is key • Involve stakeholders & data stewards • Consensus building • Make sure everyone who will be involved with the implementation has input on the decision. • Involve early • You won’t believe what we found • Trace/Document problems • Explain and re-train • Push-pull with those you need most • Monday morning quarterbacks

  29. What’s Next? • Expanding the scope of our IAM to include systems outside of LTS • Multifactor authentication • Federated identity management

  30. Contact Information Lehigh University: Bruce Taggart – bmt2@lehigh.edu Tim Foley – tjf0@lehigh.edu Sara Rodgers – skr5@lehigh.edu APTEC, LLC: Aaron Perry - aaron@aptecllc.com

  31. Use Case

  32. Lehigh Dev and Testing Environment

  33. Production Environment Recommendation Weblogic 10.3 Weblogic 10.3

  34. Changes

More Related