GatorLink Password Management Policy March 31, 2004.

Slides:



Advertisements
Similar presentations
Omni eControl: Unified management console for multiple applications
Advertisements

ADManager Plus Simplify Your Active Directory Management.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Planning: Project Readiness and Costs Mike Conlon Director of Data Infrastructure University of Florida Copyright Michael Conlon, This work is the.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
STREAMLINING DATA INPUT FOR HRMS USING ROBOT Session Number 1027 presented by Sandra Hurlburt and Alice Pelkman.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
MyUIdaho Orientation Darren Kearney. Agenda What is a portal? How does this fit into our web strategy? Why this portal product? Who is this for? What.
Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
KEAS K-State Enterprise Authentication System CITAC April 26, 2002.
Identity and Access Management
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Page 1 CITS Active Directory Implementation UMass Dartmouth.
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
UF Directory Training Project Leader: Warren Curry, Information Systems Project Directory Web Site:
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
The UF Directory Project Project Leader: Warren Curry, Information Systems Project Project Web Site:
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
ROUND 3 User Security Set Up Presented by: Shirley Criscillis, Frank Green and Mollie Alberts.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
HAKA project HAKA User administration inside Finnish Higher Education Institutes results from the KATO project Barbro Sjöblom EDS 2003 Uppsala.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Identity Management in the Environment of Mendel University in Brno Milan Šorm.
PubCookie Strategy and Tactics Mike Conlon Director of Data Infrastructure University of Florida.
NYCDOE Division of Instructional and Information Technology Oren Hamami Chief Information Security Officer New York City Department of Education.
Erie 1 BOCES / WNYRIC eBOCES applications Visit us at:
Identity and Access Management Roadmap Presentations for Committee on Technology and Architecture March 21, 2012 Amy Day, MBA Director of GME IAM Committee.
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
FSU Metadirectory Project The Issue of Identity Management Executive Overview
1 Pinnacle Telephone Billing System Upgrade Open Forum I February 27, 2009.
Page 1 of 42 To the ETS – Create Client Account & Maintenance Online Training Course Individual accounts (called a Client Account) are subsets of the Site.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
Identity Management and RIAS November 2010 Don Smith OIT, Rutgers University.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Al Lilianstrom and Dr. Olga Terlyga NLIT 2016 May 4 th, 2016 Under the Hood of Fermilab’s Identity Management Service.
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Welcome! To the ETS – Create Client Account & Maintenance
Data and Applications Security Developments and Directions
Identity Management at the University of Florida
UF Directory Coordinator Training
Presentation transcript:

GatorLink Password Management Policy March 31, 2004

What is GatorLink? Under development since 1996 Conceived as a single sign on solution – the electronic equivalent of the Gator 1 card “GatorLink” is an adjective – used to describe a collection of services: – –Web hosting –Dial-up –Authentication services for web servers –Kerberos authentication services –Username and password

PeopleSoft PeopleSoft will be the system of record for information about people (directory information). Directory services will be implemented in PeopleSoft Campus Community by 2006 PeopleSoft will be the system of record for identity management PeopleSoft will be the system of record for authorization information

PeopleSoft and GatorLink GatorLink usernames and passwords adopted as the university standard for enterprise authentication GatorLink used to authenticate access to the portal, and all portal-based services GatorLink used to authenticate access to Cognos and Enterprise Reporting GatorLink used to authenticate access to ISIS and Admin Menu Single sign-on via GLAuth – cookie-based system developed at UF

Password Policy Needs One size does not fit all. The same password policy used for undergraduate students would not be appropriate for central payroll. Simultaneously heard that GatorLink password policy was too “strict” and “not strict enough” 75% of all Help Desk calls involve GatorLink passwords General need to improve security Need to recognize diversity of use of GatorLink user base (>100,000)

The Idea Have multiple GatorLink password policies Tie GatorLink password policy to the authorizations of a user. –If a user is authorized to do work requiring high levels of security, have a highly secure password policy. –If a user is not authorized to do such work, do not require a highly secure password policy In all cases, insure strong passwords and best practices for password management

The Process Define a password policy as a collection of attribute/value pairs (eg, Expiration in days = 90) Create a sufficient number of password policies, each with the same attributes to span the needs from casual to highly secure ITAC-DI&ADM and ITAC-ISM recommend attributes and values Refine, review, present, discuss, refine, review, present, finalize

The Policy The University of Florida (UF) is committed to a secure information technology environment in support of its missions. With the implementation of new integrated, real-time computer systems and single sign-on accessibility via the myUFL portal, the need for a strong password policy is greater than ever. The GatorLink username and password is the University standard username and password for authentication for all new information systems. The University uses a role-based approach for providing access to these systems. Each person affiliated with UF has one or more security roles. Each security role has an associated password policy. If an individual has several roles, with conflicting password policies, the “strongest” policy applies. This policy is guided by the following principles: Five levels of password policy are necessary, each with a different set of requirements for password creation and reset. (See Attachment A). The assignment of a password policy is based on an individual’s security role(s) and is not an automatic result of an affiliation or staff position. Passwords must include three of the following four elements—upper case letters, lower case letters, digits and punctuation. Passwords may not contain words found in a dictionary. Passwords will expire during UF Help Desk business hours. GatorLink passwords and security roles—and the resulting association of password policy to a user—are held in the PeopleSoft Enterprise Portal system (myUFL) and managed by UF Bridges

The Matrix

Authentication Architecture

Implementing the Policy Software analysis and design began in January Development of code for self-service reset, management of questions, Help Desk functionality in Feb Active Directory synch in Feb Additional coding in March Testing of software in April Production go-live May 5, 2004

The Go-Live On May 5, GatorLink users with P4 and P5 will have their passwords expire and will come under the new policy All other users will be grandfathered in. Passwords will expire under current policy. When password expires, password will come under new policy. Password changes will be done through the portal (“My Account/Change Password”) Live password synchronization will be in place – a password updated at myUFL will update in Kerberos, AD and NDS Self-service password reset will be strongly encouraged

Future Work By November 5, all GatorLink accounts will be under the new policy LDAP will no longer be used to authenticate the portal 2-factor authentication standards for LAN, web and enterprise authentication

Managing the Policy ITAC-ISM and ITAC-DI&ADM will continue to have a strong role in the management of the policy. ITAC makes final recommendation Dr. Frazier chooses final policy

Effect of the Policy Users will have strong passwords User password policy will be determined by user’s security roles Users at P4 and P5 will be required to have security training Users will be able to use their single GatorLink credential for authentication to enterprise, web and LAN services Users will have consistent password policy across services GLAuth services will be unaffected

More Information Subscribe to the IT News pagelet in the portal Subscribe to the UF Bridges pagelet in the portal Additional information sessions for department administrators, support personnel in April Policies are posted at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.