Penn State Identity and Access Management - https://iam.psu.edu/ Identity & Access Management Update Non Student Lifecycle and Relationships Meeting March.

Slides:



Advertisements
Similar presentations
CLIQ-ing through Banner: Employee Profile presented by Terry Beard and Brad Smith Library and Information Services Institutional Systems.
Advertisements

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Division of Student Affairs and Enrollment Management Supporting Student Success and Retention.
Everything you wanted to know, but were afraid to ask……..
Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity.
1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”
FERPA: Family Educational Rights and Privacy Act.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Student Portal An introduction and demo. The Portal Team 2 Frank Feagans – Executive Sponsor Nikolas Glazier-Hodge –Project and Services Success Office,
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Process Management Robert A. Sedlak, Ph.D Provost and Vice Chancellor, UW-Stout Education Community of Practice Conference At Tusside in Turkey September.
 January 27, 2003 UCD and UCHSC Consolidation Study Presentation to the Faculty Assembly.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
ECM Project Roles and Responsibilities
Student Information system
1 MAIS & ITSS FY09 Priorities Joint UL Meeting October 27, 2008.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Boston College Three Best Practice Models for for Student Service Delivery Student Service DeliveryEDUCAUSE October 3, 2002 Rita R. Owens Associate Academic.
© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Beyond the Campus Gates: Bringing Alumni, Parents, and Prospects into the Campus Portal William P. Wilson Mark R. Albert John C. Duffy Gettysburg College.
Peer Information Security Policies: A Sampling Summer 2015.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Enterprise IT Decision Making
Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.
Provost’s IT Task Force January – March Objectives Assess the information technology organizational requirements to support cost effective infrastructure.
Institutional Implementation: The Penn State Journey Nicola Kiver Executive Assistant to the Dean College of the Liberal Arts Cheryl Seybold Director of.
IAM Overview and Self-assessment Exercise Keith Hazelton, UW-Madison & Internet2 MACE Renee Shuey, Penn State & InCommon TAC Co- chair InCommon CAMP, Columbus,
INSTITUTE FOR DISTANCE AND DISTRIBUTED LEARNING Virginia Tech A Holistic Approach to eLearning The Institute for Distance and Distributed Learning.
Submitted by: Sara Jones, Jenny Martinez, & Christie Medina Florida State University Higher Education Program MyEU A Portal for Ellingsburg University.
Integrated Marketing and Communications Workshop Part I: Web Site Structure and Development Where excellence and opportunity meet.™ Presented by: Integrated.
Roles and Responsibilities
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
IT Governance Purpose: Information technology is a catalyst for productivity, creativity and community that enhances learning opportunities in an environment.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
PRESENTATION TO FACILITIES INFORMATION SYSTEM USERS OCTOBER 2013 CORPORATE CONTROLLER’S OFFICE JODY MURAWSKI COST ANALYSIS BEVERLY LIPSKI, BILL RIDGWAY.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
University of Idaho Successful External Program Review Archie George, Director Institutional Research and Assessment Jane Baillargeon, Assistant Director.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.
Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Non-Student Digital Life Cycle 3/23/2010. Topics Data Life Cycle Affiliations Hershey Medical Center 3/23/20102Non-Student Digital Lifecycle.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
Ellingsburg University Eagle Portal System Kathy Van Steenis Adrien Wright.
SharePoint and Active Directory Update March 18, 2010.
Evaluator Training Workshop March 1, 2012 Jeff Jordan Vice President for Student Life Seattle Pacific University.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Making Cross-campus, Inter-institutional Collaborations Work
PASSHE InCommon & Federated Identity Workshop
Shibboleth as Attribute Delivery for Authorization
Identity & Access Management
Identity Management at the University of Florida
Data, Policy, Stakeholders, and Governance
MIT Case Study Notes Paul B. Hill
Information Technology Organization Overview RFP #220-05
Presentation transcript:

Penn State Identity and Access Management - Identity & Access Management Update Non Student Lifecycle and Relationships Meeting March 2, 2010

Penn State Identity and Access Management - IAM Non Student Lifecycle and Relationships Level Set on IAM Penn State IAM Use Cases Next Steps

Penn State Identity and Access Management - “An administrative process coupled with a technological solution which validates the identity of individuals and allows owners of data, applications, and systems to either maintain centrally or distribute responsibility for granting access to their respective resources to anyone participating within the IAM framework.” - NYS Forum It’s about aligning University policies and processes with the technologies to support management of identities and access to information Definition of IAM

Penn State Identity and Access Management - IAM - The Big Picture

Penn State Identity and Access Management - What is IAM? Access to Protected Library Resources Library Staff Access to Integrated Library System Access to Library Public Workstations HMC Affiliate Access to Library Resources Access to Alumni Library Resources Access to Electronic Theses and Dissertations Web Site Graduate School Exit Survey Federating to blogging hosted Services Prospective students applying for financial aid Employee Confidentiality Provisioning of an employee's digital Identity Student early access to residence hall requests and immunization records submissions Grouper Auditing Use Case Continuing Education and Adult Students New Students Applying for Admissions and Oncampus Housing Prospective Students Visiting Penn State New Kensington New Faculty and Access to ANGEL and Other Class Resources Adjunct Faculty Activating Access Account New Faculty & Staff Selecting Benefits Terminated Faculty Member Maintains Access Physicians at the Hershey Medical Center and Access to Library Resources Patients, Family Members, and Visitors at the Penn State Hershey Medical Center Alumni Donors Alumni Association Local Community Member and Short Term Access Accounts Registrar Relationships Student Lifecycle New Students Applying for Undergraduate Admissions Provision of Access to Course Work For Students at a Distance Library Resources ITS Computer Store Access CIC CourseShare Deprovision User content after graduation or resignation Google Cache Updates Access to user content after graduation and or resignation Access to directory data Emergency Rehire Mulitple IDs Deceased Employee Outreach Registration process Updating ISIS Security Profile Multiple Security Realms, Same Userids but Different Passwords ROTC Instructor Affiliation Instructor with Independent Contractor Status Name change switching in the directory Special Affiliates (for example Religious Affiliates) Father and son who is a JR Cloning ISIS Security Profiles New PSUid assigned for new PSU affiliation Student Football Tickets Department Identity DSL Use Case Interview Police Services Use Case Interview Police Services Use Case Police Log

Penn State Identity and Access Management - Penn State IAM IAM Stakeholder Committee Student Lifecycle Committee IAM Governance IAM Technical Architect Group Non-student Lifecycle Committee IAM Hershey Taskforce

Penn State Identity and Access Management - IAM Strategic Planning Committee Auxiliary and Business Services College of Agricultural Sciences Commonwealth Campuses Development and Alumni Relations Information Technology Services Intercollegiate Athletics International Programs Office of Human Resources Office of Sponsored Programs Office of Student Aid Office of the Corporate Controller Office of the Physical Plan Office of the University Bursar Office of the University Registrar Outreach and Cooperative Extension Penn State Great Valley Penn State Milton S. Hershey Medical Privacy Office The Graduate School Undergraduate Admissions Office Undergraduate Education University Libraries University Police Services

Penn State Identity and Access Management - IAM Strategic Recommendations 1. Create Central IAM Policy and Governance 2. Develop plan for formal Risk Assessment 3. Create a Single Central Person Registry 4. Add Level of Assurance Component to Credentials 5. Promote Single Sign-on, Federated Identity, and control of University digital identity 6. Streamline Vetting, Proofing, and Issuance of Digital Credentials 7. Streamline and Automate Provisioning/De- provisioning of Services 8. Promote Awareness and Education of IAM

Penn State Identity and Access Management - IAM Student Life Cycle Team ITS - Consulting & Support Services Auxiliary & Business Services ITS - Security Operations & Services Undergrad Admissions Eberly College of Science Student Affairs - Health Services Dickinson School of Law Undergrad Education - Registrar ITS - Digital Library Technology Undergraduate Education - Student Aid ITS - Administrative Service Graduate School Smeal College of Business University Outreach Corporate Controller - Bursar

Penn State Identity and Access Management -

Student Lifecycle Recommendations Expand the lifecycle for student’s digital identities and accounts that enable access to online services and resources—issuing the identities earlier on in the relationship and extending them beyond what are our current normal practices.

Penn State Identity and Access Management - Student Lifecycle Recommendations Expand Use of Student Affiliations and Add Defining Attributes - Expanded affiliations and attributes will help to more finely identify the relationship a student has with the University; such as applicant, student, or former student. Allowing access to services according to the student’s affiliation to the University will help ensure students have access to all the services they need, but only those that apply to their affiliation or combination of affiliations. Implement Levels of Assurance with Student Accounts - Levels of Assurance (LoA) will classify the level of certainty the University has that a given digital identity matches a specific individual. The LoA needed to access a given service will vary across services. For example, the assurance of user identity needed for prospective students scheduling campus visits is much lower than for users accessing their transcripts or for faculty reporting grades.

Penn State Identity and Access Management - Student Lifecycle Recommendations Implement a Single Authentication Realm – Phasing out the distinction between Friends of Penn State accounts (FPS) and Access Accounts and moving to single authentication realm will avoid confusion between the two different types of accounts and help eliminate some of our current problems that occur when students are migrated back and forth between realms. Streamline Registration Process – The above recommendations, if put into practice will provide opportunities for streamlining our current registration processes—enabling better customer service, reducing required staff time and resources, and reducing redundant registration activities.

Penn State Identity and Access Management - IAM Governance Council Rob Pangborn VP and Dean of Undergrad Admissions Kevin Morooney Vice Provost of Information Technology VP for Student Affairs, Director University Police Services CIO Hershey Medical Center Sr., VP Research & Dean Grad. School Assoc.VP of Auxiliary and Business Services Assoc.VP for Human Resources Co Sponsored by: Vice President of Outreach Assoc. Dean of Tech - Dickinson School of Law VP of Commonwealth Campuses Dean of University Libraries & Scholarly Communications

Penn State Identity and Access Management - IAM Technical Architect Group Formed in July 2009 Charged with furthering Penn State's vision for a comprehensive and cohesive IAM solution. Support the University's goal to expand access and opportunities while preserving privacy for the Penn State community. Evaluate, prototype and recommend identity and access management solutions that provide the appropriate access to enterprise resources.

Penn State Identity and Access Management - IAM Technical Architect Group Two primary areas of focus in year one Single Central Person Registry Access Management

Penn State Identity and Access Management - Newly Formed(forming) Committees Non Student Relationships and Lifecycle IAM Hershey Taskforce

Penn State Identity and Access Management - IAM Community Site

Penn State Identity and Access Management - IAM Use Cases

Penn State Identity and Access Management - Use Case Deceased Employee Use Case: If an employee is deceased and the spouse has benefits through the deceased employee, the spouse must now maintain the benefits. Some records have been changed to now show the spouse's name, as well as provide access to the deceased employee's Penn State Access Account. This then changes all identity linked to the Access Account but without proper records or signatures. IAM Opportunity: Create a comprehensive IAM policy for managing all University relationships. Exploring federating identities as a solution for spousal access to benefits.

Penn State Identity and Access Management - Use Case Emergency Rehire Use Case: A person retires from Penn State. If their position has not been filled and there is a need for that person’s skills, the retiree may be requested to work temporarily as a emergency rehire. This causes problems because when checking IBIS records (OHR), the employee’s status is retired yet their AIS account is still active. In addition, the emergency rehire may also be prohibited from accessing services necessary to do their job because their affiliation is not faculty/staff, but retiree. IAM Opportunity: Create a comprehensive IAM policy for managing all University relationships. Different levels of access may need to be defined for the emergency rehire.

Penn State Identity and Access Management - Use Case Name Switching in the Directory Use Case: When a student comes to Penn State their biographical data is stored in the Integrated Student Information System (ISIS). That information is fed to the CACTUS system for updating information in the Penn State Directory. Basic information about the student is displayed in the directory, like their name, and contact information. Post graduation the student may accept a position at Penn State. Their biographical data along with other information about them will not reside in the Integrated Business Information System (IBIS). Like ISIS data, IBIS data is also fed to CACTUS for directory updates. If the employee decides to marry and change their name, IBIS will be updated with the new name which will be propagated to CACTUS and finally the directory. A problem arises if the employee decides to take a class. Now information from both ISIS and IBIS will be fed to CACTUS. If the employee did not update ISIS with their new name, it will flip back and forth between their "maiden" name and their new married name. This will continue until the employee changes their name in ISIS. IAM Opportunity: To reduce the number of authoritative sources for names and other key data elements.

Penn State Identity and Access Management - “If we get this right, there isn’t a unit or constituency that doesn’t benefit. We have to try to get it right. Continuing on the old trajectories make us more brittle at a time when we need to be more agile.” Kevin Morooney

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.