View
215
Download
0
Category
Tags:
Preview:
Citation preview
Pennsylvania Banner Users Group 2008 Fall Conference
Campus Identity Management in a Banner World
Introductions
Lehigh University Sara Rodgers – Team Lead Identity & Access
Management Tricia Wilson – Banner Senior Analyst
APTEC, LLC Aaron Perry - President
General Announcements:
Please remember to silence all cell phones/pagers
Please hold all questions to the end of the presentation.
Thank you for your cooperation
Agenda
Overview of Campus Identity and Access Management (IAM)
Identity in Higher Education Banner Identity Management Reference
Architecture Lehigh University Case Study
Use Case: Banner Faculty Provisioning / On-Board Process
High Level Oracle Identity Management Architecture Project & Technical Considerations Implementing
Identity Management in a Banner Environment4
Campus Identity & Access Management (“IAM”)
Hosted By The University of Mary Washington 5NOS/DirectoriesOS (Unix)
Systems & RepositoriesApplications
ERP CRM HR Mainframe
Auditingand
ReportingWorkflow and orchestration
StudentsFaculty &
Staff
SOA Applications
Affiliates
External
Delegated Admin
SOA Applications
Alumni/
Customers
Internal
Identity Management Service
Access Management• Authentication & SSO• Authorization & RBAC• Identity Federation
Directory Services• LDAP Directory• Meta-Directory• Virtual Directory
Identity Provisioning• Who, What, When, Where, Why• Rules & access policies• Integration framework
Identity Administration•Delegated Administration•Self-Registration & Self-Service•User & Group Management
Monitoringand
Management
StudentFac/Staff
IAM Solutions Address Top Issues faced by Higher Education Institutions
IAM can improve security, reduce costs, and protect privacy Security breaches / business disruptions Operating costs / budgets Data protection / privacy
Large and growing number of Institutions have experienced IT Security “Breaches” in last 12 months. Unauthorized access to sensitive institutional data Research database hacked Breaches of Student & Facility SSN’s
6
What we typically see at Higher Education Institutions Manual Processing
Workflow Provisioning
Home Grown Solutions Good at provisioning Inefficient or non-existent de-provisioning and transfers Inability to scale to meet growing demands Inconsistent/ineffective auditing and reporting
Lack of Security Policies and Enforcement In many cases, still reliant on Open Source solutions
OpenLDAP, CAS, Pubcookie
7
Identity Requirements in Higher Education Are Complex Many roles with different access requirements Users often have multiple roles Frequently changing roles for most constituents Multi-campus environment Legacy of multiple, fragmented identity stores Integration with Higher Education specific
applications; SunGard Banner, BlackBoard, R25, Library and Parking Systems.
8
9
Banner Identity Management Reference Architecture
Case Study: Lehigh University
Current EnvironmentHomegrown systemDeveloped and supported by staff
w/20+ yearsAdapted & patched over many years
New constituent groups Networking and server changes Compliance requirements New applications and systems
Case Study: Lehigh University
Project Background Enterprise Level Solution Identified Implementation Team Formed Phase I: Discovery, Documentation, Design Phase II: Development, Testing, Deployment
Business Drivers Compliance ( auditors, FERPA, GBL, HIPAA) Complexity (new roles, more granularity)
Case Study: Lehigh University
Case Study: Lehigh University
Technical Drivers Sustainability – standardized, documented solution Scalability
Easier to extend the solution to other key applications and infrastructure
Incrementally add functionality such as workflow, approval processes, and attestation
Federation
Security - foundation for enterprise application security framework
Additional and more secure authentication methods Rich auditing and reporting capability
OID
Project ConsiderationImplementing IdM with Banner Formation of IdM Steering Committee Focus on business process and policy Dedicated resources from the University
Project Manager Technical Resources
14
15
Use Case: Auto On-Board Faculty
Note that data entry into Banner causes appropriate role to be created on the GORIROL table.
Architecture: Lehigh IdM
16
OIM Main Banner View Recon
Missing from view
Dead? OIM Updates
Yes
Check Inactive Views based on role from OIM
No
IA Faculty
IA Staff IA Student
Role(s) Changed
Removed? Added?
Yes
Check Active Views based on roles added
A Student A Staff A Faculty
A Alumni
Nightly batch attribute changes. No Role
changes
Technical ConsiderationsImplementing IdM with Banner Customs Views vs. Sungard Banner IDM Offering
Real-time vs. batch oriented reconciliation. Requires Oracle Access Manager which Lehigh is not
prepared to implement at this time. Requires Banner 8, which some of our applications are
not certified for at this time (EM). Sungard IDM offerings could be a future upgrade.
Substantial number of constituents that need to be defined and maintained inside of Banner. This is done using GORRSQL and GORIROL and is the main driver of IDM.
Questions & Answers
18
Recommended