1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Identity Management Services using Microsoft FIM 2010: Lessons Learned School: Marshall University Presenter: Jon B. Cutler, MS CISSP, Chief Information Security Officer
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Product / Service Product / Service Description CampusEAI Implementation of Identity Management Services using Microsoft Forefront Identity Manager 2010 CampusEAI Support Agreement for FIM to provide additional technical support to MU team
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Profile / Fast Facts Profile of Member Institution / Fast Facts Marshall University is a West Virginia Public Higher Education located in Huntington, WV and is a Masters – Large university Enrollment: 13,900 (72% undergrad/28% graduate) Employment: 2,100 staff and faculty Programs: 2 Assoc., 52 Baccalaureate, 45 Graduate, 2 Ed.S., 5 Doctoral Administrative system: Ellucian Banner® IT Infrastructure: Microsoft Active Directory, Exchange 2010 / SharePoint, FIM, Blackboard Learn 9, CampusEAI myCampus 7, Cisco wired and wireless network.
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Problem Statement / Pain Points Replace home-grown Account Management System with a commercially-supported solution Establish a common credential to enable single-sign- on (SSO) across all applications Provide self-service password management facility Enable select SIS/HR attributes to be available to identity and directory systems Create, update, and withdraw services, access and distribution group memberships based on changes in the role of an individual
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Implementation Steps / Approach Assessment of identity management process Identify available resources Design identity management solution Implement design in test/development environment Migrate test/dev configuration into production Review production results; compare to legacy Discontinue legacy system
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Implementation Steps / Approach Outcome Implement Forefront Identity Management 2010R2 Enable self-service password management Automate creation of user accounts in AD, Exchange and Automate creation/update of AD groups which map to default Banner roles (i.e. STUDENT, EMPLOYEE, FACULTY, ALUMNI, etc.) Automate creation of ad-hoc security/distribution groups via Banner ‘pop-sel’ Develop internal expertise to utilize FIM as a solution for other IT integration challenges
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Implementation Steps / Approach Lessons Learned Identify and review accuracy of data sources GIGO Understand IdM processes You can’t automate what you don’t fully understand or where desired outcome is subjective FIM is ‘ruthlessly effective’ in synchronization Insert, update and removal of objects and attributes Test EVERY process in test/dev environment Time spent testing is time saved in production
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Role CampusEAI Value Add Provided architectural design expertise so MU team not ‘reinventing-the-wheel’ Provided technical implementation expertise in the FIM product Provided project management services to keep team on task and on schedule Role of Member Institution Provided internal replica of key systems in a virtualized test/dev environment Requirement that MU team understand, implement, and support production services
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Next Steps / Roadmap for the School Register existing users for self-service password reset services Add additional sync services for Emergency Notification Service, IT Billing System, etc. Review FIM/BHOLD suite for use in analytics Design and implement process to review access and de-provision services after role change Explore additional self-service workflows Management of AD security and distribution groups Management vanity, group alias, and mail forwarding services
1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Q & A