Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity and Access Management Services

Published byStewart Cameron Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity and Access Management Services"— Presentation transcript:

1 Identity and Access Management Services
Tom Jordan Presented to Infrastructure Technical Advisory Group (ITAG) November 20, 2017

2 Identity and Access Management Services
Agenda Overview of Campus IAM services Who’s using IAM services? IAM Populations Gaps / Campus Needs Current Initiatives Future Initiatives Forums for campus feedback How ITAG can help II 11/20/2017

3 IAM on Campus The IAM Problem Space
IAM On Campus (from IT Services Survey) 17 campus services for Identity Management 38 campus services for Access Management 7 campus services for Directory Services Major campus providers: Identity Registration Directory Services Account Management Grouping / Provisioning Person Data Delivery Access Management DoIT Business Athletics AIMS Computer Science SMPH Engineering 11/20/2017

4 Overview of DoIT IAM Services and Infrastructure
SIS Identity Registry Authentication Services On-Premise WebSSO Apps NetID Login Hosp Madison Data Sources Cloud Apps for UW Madison WI Fed SpecAuth IDM/PASE Credential Management Common Systems Apps (on-prem and in the cloud) MFA etc PHEXPORT (Customer Data Views) Directory Services UW Madison Directory-based apps and Infrastructure LDAP Active Directory HRS Office365 UWM Google Apps UW System Provisioning (OIM) Cloud Directories UW System Data Sources UWW Cisco Spark UWGB etc UW Madison Provisioning (Regsync) Enterprise Group Management (Manifest / Grouper) Ad-hoc and data-driven grouping for authorization Person APIs SOAP / REST Person data APIs for developers Messaging Identity Sources Identity Reconciliation Identity Data Management Identity Data Integration Identity Consumers 11/20/2017

5 Who uses IAM services? Principal Customers By IAM Service
UW Madison application owners / providers UW Madison business process owners By IAM Service Person Data Views – about 300 data views* Person Web Services – about 25 customers* Directory Services – about 200 departments / subunits Manifest – about 300 departments / subunits SAML / NetID Login – about 1,500 applications 11/20/2017

6 UW Madison IAM Populations
Students (including SOAR, applicants and former students) Faculty / Staff Affiliates Special Authorizations UW Foundation Visiting Staff / Researchers Partner Agencies on campus (Forest Products Lab, USGS, etc) UW Health / UW Medical Foundation Pre-College Program Summer Research Opportunities Program (SROP) Lifelong Learners Manifest-Invited Populations UW System populations (students, facstaff, affiliates) 11/20/2017

7 Gaps / Issues / Campus Needs
Gaps in current infrastructure offerings Scalable provisioning and deprovisioning for compliance and audit Scalable support for Unix integration with directory services Scalable automation by departments Support for modern development tools and processes (REST APIs, ORM-friendly data models) Support for stronger authentication types (MFA) Technical debt in some IAM components Gaps in populations / account types Additional ‘affiliate’ populations Social / External Identity integration Non-person and Privileged Accounts 11/20/2017

8 Current Initiatives Initiative Gap Addressed Duo Deployment
Strong Authentication (MFA) SpecAuth retirement Technical Debt REST-based Person API Support for modern development toolsets Message queueing for person data change notification 11/20/2017

9 Future Initiatives Initiative Gap Addressed
Self-Service attribute release Scalable automation for departments API-based access to group information Unix integration with NetID authentication Services for Unix environments Person Hub refactor / replacement Technical Debt Service / privileged account management Compliance and Audit Improved provisioning / deprovisioning capability 11/20/2017

10 Service Feedback Individual Services
NetID Login – Campus Active Directory – Manifest - Measuring Service Effectiveness / Customer Satisfaction Meetings with campus departments in 2016 Customer Survey of IAM Needs – Early 2018 General IAM Feedback – 11/20/2017 blah

11 How ITAG could help Are we offering the right IAM services to campus?
How do we reach those units that are not engaged? What other feedback venues should we be using to get feedback from our customers? What are you hearing? 11/20/2017

Download ppt "Identity and Access Management Services"

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Oracle IDM at First National Bank

Oracle IDM at First National Bank
Outsourcing IAM in North Carolina

Outsourcing IAM in North Carolina
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.

Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.
UW Windows Infrastructure: Delegated OUs Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management,

UW Windows Infrastructure: Delegated OUs Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management,
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

Similar presentations

Ads by Google