Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | meryl-wright |
View: | 217 times |
Download: | 1 times |
Secure Your Risk.Increase Your Bottom Line.™
www.fischerinternational.com
Leda McNairDatabase AdministratorCoppin State University
Brian VinaccoDirector of Consulting Services
Fischer International Corporation
Agenda
• What is Identity Management?• Project Scope / Timeline• Technology Selection • Phase I: Password Management• Phase II: Provisioning• Phase III and Beyond• Summary: Critical Factors• Q & A
What is Identity Management?
• Password Management / Access Management
• Provisioning / Authorization
• Compliance
A Are you who you say you are?
A What permissions do you have?
A What permissions are you SUPPOSED to have?
When did you have those permissions?
Who approved those permissions?
What is Identity Management?
• Password Management
PasswordAuthentication
EMPLOYEES
STUDENTSDISTANCE LEARNERS
CONTRACT
PASSWORDS
PASSWORDS
PASSWORDS
PASSWORDS
What is Identity Management?
Extranet
BusinessApps
Oracle-Peoplesoft
SupportApplications
ActiveDirectory
PasswordAuthentication
PASSWORDS
EMPLOYEES
STUDENTSDISTANCE LEARNERS
CONTRACT
PASSWORDS
PASSWORDS
PASSWORDS
• Provisioning / Authorization
Directories
DataBases
Servers
StudentApps
APPROVAL
APPROVAL
What is Identity Management?
ExtranetStudentApps
PasswordAuthentication STUDENTSDISTANCE LEARNERS
CONTRACT
PASSWORDS
PASSWORDS
PASSWORDS
PASSWORDS
• Provisioning / Authorization
EMPLOYEES
Servers
SupportApplications
Oracle-Peoplesoft
Directories
BusinessApps
EmailActive
Directory
DataBases
What is Identity Management?
ExtranetStudentApps
PasswordAuthentication STUDENTSDISTANCE LEARNERS
CONTRACT
PASSWORDS
PASSWORDS
PASSWORDS
PASSWORDS
• Compliance
EMPLOYEES
DataBases
Servers
SupportApplications
Oracle-Peoplesoft
Directories
BusinessApps
EmailActive
Directory
• Continuous• Gap Analysis
• Policy vs. Reality• Audits (3 types for Coppin)• Excessive Permissions• Orphan Accounts• Separation of Duties• Password Policies
Critical Success Factor: Identify the Right Goals
• Half-Empty– Pain Points
• Time/labor/cost reset passwords• Time/labor/cost to provision accounts• Poor productivity
• Half-Full– University Goals
• Improve Service Levels to Students• Increase Enrollment• Generate Revenue• Stronger Protection• Operational Excellence
FOCUS ON IMPROVING
BUSINESS PROCESSES
Critical Success Factor: Biggest Bang
Phase Business Process IdM Technology
Phase I(Fall '05)
Student Registration Distance Learning
Password Management/Self- Service
Phase II - A(Fall '05 - Win 06)
Timekeeping Human Resources Generic: Faculty Access "Request to Fill" – Adjunct
Professors
Provisioning(employees)
Phase II – B(Spring 06)
Students Self Service Student Registration
Provisioning(students)
Phase III(Summer 06)
HR - Hire Provisioning
Phase IV(TBD)
Additional business processes Password Management & Provisioning
We are here
Technology Selection
• All the capabilities (holistic suite)
• Technology to meet unforeseen needs
• Business partnership vs. vendor
Critical Success Factor: Buying Criteria: Take the long view.
Fischer Identity Suite™
• Focus on business processes, not programming
• Only solution that proved it was simple (even provisioning)
Fischer Identity Suite™The Best Practice Approach
PRODUCTIVITY & SIMPLICITY• Drag & Drop workflow creation
increases productivity, lowers cost
INTEGRATION TECHNOLOGY• Integration technology enables
unlimited connectivity: out-of-the-box and on-the-fly
• ETL: any-to-any synchronization across all applications
CONTINUOUS COMPLIANCE• Integrate compliance across
business processes• Automate SoD enforcement• Central audit database with robust
reporting
INVESTMENT PROTECTION• All core IdM technologies• Java, SOA, Standards, Services• Integrates to all systems
SAMLSAML
Password Management Implementation
Overview
• Focus on business processes, not programming
• Only solution that proved it was simple (even provisioning)
Activities:
• Two weeks (door to door)
• Remote deployment was key• Quick access to on-site experts• Faster Time to Value: Eliminated 4 days• Cost Avoidance: Removed $20K+ from T/E
• Install / Customize / Enhance / Train / Deploy(includes time to debug former provisioning system)
Duration:
CriticalSuccessFactors:
Scope: • 8000 Users• Access to Network Resources (email, shares, drives, etc.)
Phase I
Password Management
Password Management: Before
• No remote password resets for network resources
• Users must go on-campus to use password kiosk
• University reset policy: at least every 120 days
• Extending existing IdM solution not an option (fragile)
Password Management: Before
StrategicImpact:
TacticalImpact:
PreviousState:
• Slows/Prohibits Business Processes – Student Registration, Distance Learning, etc.
• Inconsistent Image: Coppin is a Technology Leader
• Disruptive / Reduced Productivity– Resets performed by application groups ($$) & Help Desk ($)
• Expensive– Over 500/month at beginning of semester
– avg. 10 min/reset x $35.00/hr
Password Management: Goals
• Improve student service levels and satisfaction• Increase revenue & “bottom line” by removing barriers
– Increase online registration (Student Registration)– Increase enrollment (Distance Learning)
• Enable critical business processes
• Improve functional department efficiency and productivity
• Reset passwords from any location (self-service)• In place before Fall Semester• Reduce password reset calls by 90%• Improve internal resource utilization• Reduce operational costs
Strategic
Tactical
Password Management: After
Productivity
Gained / day
34 resets
x 10 min
5 hr. 40 min.
Password Management: After
EMPLOYEES
STUDENTS
DISTANCE LEARNERS
CONTRACT
On / Off Campus Password Reset
Goals: • Achieved
• 34 resets / day
Results
OnlineRegistration
DistanceLearning
Reset CallsAvoided
ProductivityGains
• Doubled
• 11% Increasein enrollment
• 5 hr. 40 min./day
• ~1 FTE / week
Time to Value • 2 weeks
Goals:
Results
OnlineRegistration
DistanceLearning
Reset CallsAvoided
ProductivityGains
Time to Value
Phase II
Provisioning
Phase II: Provisioning
• Oracle-PeopleSoft: Employees
• Oracle-PeopleSoft: Students
First RoundFall - Winter ‘05
Provisioning Implementation
Second RoundSpring ‘06
Provisioning: Goals
• Increase enrollment – Admissions: Leverage network services as
“marketing tool”
• Improve service to students, staff– Hire: “Request to Fill” / Adjunct Professor
• Enable new business processes and services
• Reduce provisioning time from days to hours• Eliminate manual, paper-driven processes • Improve resource utilization for IT and
Application organizations
Strategic
Tactical
Admissions Provisioning: Before
Fees Paid? Matriculated?
Prospective “New Student”Population
Old Provisioning Solution
Email Disk etc.
sqr
Potentially 1000’s of“New Students”• Too much work to provision
unless they’re confirmed• Risk of not deprovisioning
Manual Activation• July (peak) • 1500 – 1800 Actual
Person-hours: 4-6 hoursTurnaround: 24-48 hours
Occurs 50-60 times in peak
Annual Hours: 500 - 600(12 – 15 person-weeks)
studentfile
To functionalDepartments
Records
Registration
Add/Drop Date: Manually deprovision Inactive“New Student” Accounts
Provisioning Network Resources: After
Prospective “New Student”Population Potentially 1000’s of
“New Students”
Provisioning triggered by “Matriculation” in PS
• Provisioning time reduced from 24 - 48 hours to 1.
• Prospective student engaged in January vs. July/August.
• 6-9 months of free resource access vs. 1-3
• All IdM events recorded
• Deprovisioning automatically occurs at Add/Drop date
• No labor• Frees-up 4 people• Avoids 500-600 hours labor
Scheduled Deprovision after Add/Drop Date: Revoke access
Financial Aid App. Apply for Admission.
Matriculated?
RequestApplication
Expected Process / Results
Email Disk etc.
Policies/Groups/Roles
Workflow
Audit
Phase III and Beyond
• Oracle-PeopleSoft Upgrade
• Other Business Processes and Outlying Applications
• Mobile: Provisioning approval, password resets, etc.
Phase IIISummer ‘06
Phase III and Beyond
Phase IVTBD
Summary: Critical Success Factors
• Identify the Right Goals.• Look for Biggest Bang First.• Take a Phased Approach• Buying Criteria: Take the Long View.• Look at the Business Process - Not the Pain.• Simple is Good. (TCO)
• More to come in June at the next Conference
Q & A
Leda McNairDatabase AdministratorCoppin State University [email protected]
Brian VinaccoDirector, Support ServicesFischer International [email protected]
Stop by Fischer Exhibit
- IDC Case Study
- Giveaway
- Access to IdM White Papers
“Request to Fill:” After
EalgeLINKSHR/SA
Entry inPersonal &
JobData
RequestToFill
FacultyAssignedClasses
AutomatedProvisioning of
Accounts,Access, & Services
Entry in ID
system
Best Lock Entry
Faculty Class/
Section Assign
Adjunct Faculty
Doorwith
Card Reader-----------------
Assigned Classroom
for Adj Faculty
Ad Astra