FSUID & AD Integration Partnering with the College of Human Sciences Jeff Bauer, AIS

Slides:



Advertisements
Similar presentations
automated single login access to Novell storage resources
Advertisements

ADManager Plus Simplify Your Active Directory Management.
Yammer Technical Solutions Overview
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
Module 5: Configuring Access for Remote Clients and Networks.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Publishing on the Princeton Web May 10, An Overview of the Princeton University Web - Publishing 2 Two Scenarios for Web Hosting At Princeton 
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Introduction To Windows NT ® Server And Internet Information Server.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Identity and Access Management
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Microsoft Identity and Access Solutions Market Trends and Futures
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
OU Passwords What they all mean. What is a password Webster’s Online Dictionary describes a password as “a sequence of characters required for access.
Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
FSU’s Portal Project Secure Applications in Blackboard Jeff Bauer Office of Technology Integration 5/24/2005.
© 2011 IBM Corporation Air India Ltd. Fileserver Friday September 23, 2011.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
UNITED STATES. Understanding NDS for Directory- Enabled Solutions Ed Shropshire, NDS Developer Program Manager Novell, Inc.
Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
Web Authentication at Iowa Ed Hill Software Developer The University of Iowa.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
EE 418 Software Engineering Term Project Objective : Departmental Software Collection Management Software.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
FSU’s Portal Project Secure Login in Blackboard Jeff Bauer Office of Technology Integration 4/26/2005.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
FSU Metadirectory Project The Issue of Identity Management Executive Overview
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
Introduction to Active Directory
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.
For integration with Aptify/Sitefinity
Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
July 12, 2012 Tier I Meeting Identity Management.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
AD Sync Service V2.0 NEIL CHONG-KIT | PRODUCT MANAGER 1 INTRANET CONNECTIONS You Are Here.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Nassau Community College
Module Overview Installing and Configuring a Network Policy Server
ACTIVE DIRECTORY ADMINISTRATION
Novell Account Management Introduction and Overview
Creating Novell Portal Services Gadgets: An Architectural Overview
Rapid Connect® Getting Started
{ Security Technologies}
Use this presentation with Section 2 of the Deployment Workbook.
Presentation transcript:

FSUID & AD Integration Partnering with the College of Human Sciences Jeff Bauer, AIS

FSUIDs – Quick Overview Combined identity from CARS, OTI Win, etc.CARS, OTI Win, etc. FSUID authentication used to access PeopleSoft Financials and HR (i.e.: your paycheck information!) FSUID authentication used to log into Secure Login FSUID authentication used to log into Blackboard FSUID authentication used for other projects in OTI: VPN access, BlueSocket, RADIUS, PAM/LDAP UNIX logins FSUID used to access FSUID personal and Helpdeskpersonal Helpdesk FSUID used to build “CAS ring”

FSUID Architecture Novell’s eDirectory housed on RedHat servers Five servers in three physical locations Same schema, local databases Auto-syncs value changes across ring

FSUID Schema Expressed in standard LDAP terms as a set of attributes and values. Combination of a new class called “fsuEduPerson” and existing standard classes (such as “inetOrgPerson”, “Person” and “organizationPerson”) Attributes are updated from various sources (PeopleSoft HR feed, DB2 tables on NWRDC, existing LDAPs, etc.) One attribute exists to handle “associations” with known Windows servers (fsuEduAdSamaAccountName)

“Associate a Windows Account” Creates a link between an FSUID and a Windows account Used for one-way password sync and directory attribute updating on the OTI-managed Exchange domains WinAD communication is through LDAPS – LDAP protocol over an SSL connection using a single “proxy” administrative Win account (no requirement for a department to have an official “Windows trust” relationship, with all that entails)

FSUIDs and CHS CHS approached us interested in doing quasi- automated account management Established a Windows administrator proxy account & punched firewall hole for port 636 (ldapssl) traffic to their server Worked over account creation & updating details and who would be responsible for which attributes for which types of users

FSUIDs and CHS Arrived at this: –New employees and new grad students are created by an FSUID daily script using a “first initial + last name” algorithm for SAM account name –Many attributes are set and the association between the faculty/staff FSUID and SAM account is made (for future updates of attributes) –Daily is sent to CHS systems staff, telling them what happened (updates & creates)

FSUIDs and CHS Arrived at this: –Accounts are created in a CHS-specified container, depending on type of person and which department they are in; CHS is free to move the account around –Account is disabled, with a random password –CHS will enable account and perform some other initialization (home directory, ACLs, etc.) and handle informing end user –End user will be told to go to their FSUID web page to set their Win AD password

FSUIDs and CHS Arrived at this: –An FSUID script is being developed that will scan daily for former CHS employees or students; if found, the Win account will be disabled and the Win systems staff ed –Push password management to end user using FSUID web page, CHS FSUID helpdesk and User Services helpdesk staff –End result is a nice blend of “grunt work” done by automatically central IT, with full autonomy retained by the College (either side can “pull the plug” in case of emergency)

Win-win for CHS Win! FSUID project got a boost from College’s requests for refinements (Helpdesk advanced search; “Courtesy” attribute) CHS Win staff didn’t have to manually create some ~200 Win accounts after bringing up a new AD Once in place it’s “hands-free” and can be easily tweaked Heavy lifting done with a 600 line Perl script A departmental Perl script does “local-side” tasks, too

Future Directions Interested in developing more custom Win or even non-Win account management for departments (e.g., College of Medicine, etc.) A “Blackboard as university Portal” project is starting up Attempt to tie in more university enterprise data (e.g., FSUCard door security system) Bring more systems under “native” FSUID authentication (CARS, mailer, garnet, etc.)

Thanks! OTI is ready to assist other departments with their own Windows-based auto-account management needs, tailored to your specific department rules Thanks to the “eDir Team”: Ethan Kromhout, Dongmei Gao, Donny Shrum & others Special thanks to Jeanne Pecha, College of Human Sciences for trusting central IT Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.