University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

Slides:

Advertisements

Similar presentations

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Advertisements

SciVal Experts & SciVal Funding Information Sessions.

5/24/ Planning an enterprise Drupal CMS at Princeton University.

Security Controls – What Works

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

MCommunity Sponsor System & MCommunity Directory and Human Resources Data HRMS UL Meeting 10/21/11.

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

MCommunity Directory www-sig June 11, What We’ll Cover Today A quick preview of the new directory. Changes in modifying your entry, privacy options,

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

Maintaining and Updating Windows Server 2008

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

The LOOK, the FEEL, the CONTENT: The Web site for Student Life A case for a better student-centered Web site for the Western Idaho College Student Life.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

The UF Directory Project Project Leader: Warren Curry, Information Systems Project Project Web Site:

Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

Managing time-driven entitlement policies with Identity Manager E. Axel Larsson Drew University 20 July 2005.

View in Presenter Mode for Discussion Points & Transition Control 1 December 2014 v9.1 Security Framework Dan Gallagher Hewlett-Packard Project & Portfolio.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

From Directory Steering to Identity Governance Experiences at CU-Boulder.

RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

IT ISSUES & TRENDS, 2015 Faculty Technology Day Wednesday, August 19, 2025.

Eric Holtel.  Introduction  Project Description  Demonstration  Deliverables  Conclusion.

NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.

University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.

the University of Michigan Merle Rosenzweig Taubman Health Sciences Library ORCID:

UNITED STATES. Understanding NDS for Directory- Enabled Solutions Ed Shropshire, NDS Developer Program Manager Novell, Inc.

Protecting Privacy of Institutional Data Being aware of and respecting student, faculty and staff requests for privacy of personal data in LAN/NOS environments.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Using NMI Components in MGRID: A Campus Grid Infrastructure Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.

Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

GLOCO – Integrated Corporate Portal Final Presentation Presented by Team 3 1 Team 3 Members: Joyce Torres Kenneth Kittredge Pamela Fisher Ruzhena Saltisky.

System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.

Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.

Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.

Maintaining and Updating Windows Server 2008 Lesson 8.

OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.

University of Southern California Identity and Access Management (IAM)

Your Presenters Andrea Beesing Assistant Director, IT Security, Cornell University Liz Salley Product Manager, Identity.

New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.

OpenRegistry Initiative

ESA Single Sign On (SSO) and Federated Identity Management

University of Southern California Identity and Access Management (IAM)

What are IAM Key Processes.

Managing Enterprise Directories: Operational Issues

Office of Sponsored Programs

PLANNING A SECURE BASELINE INSTALLATION

UF Directory Coordinator Training

Data, Policy, Stakeholders, and Governance

Presentation transcript:

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy MCommunity Co-Technical Lead, Information Technology Central Services 1

Project Overview Who’s in, who’s out. MCommunity will allow the University to know who is and is not a member of the U-M community so that central University offices, departments, schools, colleges, and campuses can grant and remove access to online resources as needed and appropriate. Managed data for managed access. It will provide identity management, roles management, data sharing and reconciliation, and directory services for U-M. It will bring together data from multiple institutional sources and will organize, present, and secure the data in a way that is particularly well suited to managing access to University resources. A collaborative effort. Planning for, and development of, MCommunity is a collaborative effort across U-M IT units and across the many units that will use the new system. 2

Project Overview One-stop directory shop. MCommunity will provide units and end users with a "one-stop directory shop" for provisioning of services, access control, and directory-enabled applications. Robust tools. It will provide a robust set of tools that include/enable: –Identity and life-cycle management –Real-time provisioning of central IT resources –Real-time provisioning of local IT resources –Clearly defined and documented programming interfaces –Auditing system –Integrated workflow 3

MCommunity Project Architecture 4

Live data feed from Human Resources and main campus Student System of Record. Nightly updates from remote campus Student Systems of Record. Nightly updates from Development/Alumni System of Record. New Sponsor System for creating and managing identities for sponsored affiliates, people who are affiliated with the University but who do not appear in any of the official University Systems of Record. –Sponsored affiliates include, for example, conference attendees, contractors, incoming faculty who need access to U-M resources before the hiring process is complete, and others. –Support for both strong and weak identities. All person data from above systems fed into a secure person registry. 5

MCommunity Project Architecture Inside the person registry. Real-time identity matching and reconciliation, institutional data precedence rules, data normalization, regulatory privacy policy, and identity lifecycle processing occurs in the person registry. Exception handling. Workflow system is utilized for exception handling. In real time. Distilled identities are populated and maintained in the directory in real-time. In the directory. Institutional Roles, User Groups, Departmental Roles, and departmental attributes exist in the directory. One stop for IT provisioning. Directory functions as the one-stop directory shop for IT provisioning. 6

MCommunity Project Architecture Real-time bi-directional provisioning tools facilitate central and departmental IT provisioning. Full LDAP access provided through a replica of the directory to facilitate business-rule verification prior to committal to directory. All components of MCommunity are instrumented for central auditing and logging, enabling event correlation and incident response. 7

MCommunity 2009 Timeline Early 2009 The new MCommunity online directory will be made available Programmatic access to the Sponsor System LDAP access to MCommunity for U-M system administrators Uniqname self-registration for sponsored affiliates Mid 2009 MCommunity departmental roles management Late 2009 ITCS will begin to use MCommunity to provision its Basic Computing Package 8

MCommunity 2009 Timeline Early 2009 (con’t) The new MCommunity online directory will be made available. For most members of the U-M community, this will be the visible debut of MCommunity. There will be changes in how people look up people and group entries, how they modify their own entries, and how they create and manage groups. There will also be changes in what information is available to the general public and to members of the University community. The U-M Online Directory will remain available behind the scenes for some time so that departments can transition their systems to access MCommunity instead. 9

MCommunity 2009 Timeline Early 2009 (con’t) Programmatic access to the Sponsor System will allow units to begin to transition their applications that interact with uniqname now to working with MCommunity. This access will likely be provided via a consumable web service. Command-line access will also be provided. LDAP access to MCommunity will be made available to U-M system administrators. 10

MCommunity 2009 Timeline Early 2009 (con’t) Uniqname self-registration for sponsored affiliates will be added to the Sponsor System. This will allow sponsored individuals to select a uniqname and password themselves via a web interface. This will be similar to the uniqname self-registration process already available to new staff, new Ann Arbor students, and alumni. Minor changes to the uniqname self-registration process for staff and students may be required. 11

MCommunity 2009 Timeline Mid 2009 MCommunity will introduce a tool that departments can use for departmental role management in MCommunity. Late 2009 ITCS will begin to use MCommunity to provision its Basic Computing Package, as well as some other campus services. After that, MCommunity will offer a way for departments to do their own service provisioning through MCommunity. 12

Questions? 13