Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bridget-Anne Hampden | Nov. 2012 U.S. Department of Education 2012 Fall Conference Enterprise Identity Management – Leveraging Participation Management.

Published byTrevor Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "Bridget-Anne Hampden | Nov. 2012 U.S. Department of Education 2012 Fall Conference Enterprise Identity Management – Leveraging Participation Management."— Presentation transcript:

1 Bridget-Anne Hampden | Nov. 2012 U.S. Department of Education 2012 Fall Conference Enterprise Identity Management – Leveraging Participation Management (PM) to Provide Single Sign-On for COD Session 29

2 Contents Current State Objectives of the Enterprise Identity Management Service (EIMS) Project – Phases 1 and 2 Approach EIMS Target State Changes Important Dates Next Steps Questions 2

3 Current State: User Feedback We Heard You Loud and Clear: Multiple log-ins for COD are frustrating and inefficient. EIMS is a solution which allows a single user sign-on for COD and other FSA systems. 3

4 Current State FSA Anchor Accounts John.Doe@FSA Larry.Brown@FSA Linda.Green@FSA FSA Internally Hosted FSA Externally Hosted NSLDS CPS-FAA COD DMCS2 DLSS GA NFP PCA JD123@FSA JohnD@COD JohnD2@COD JohnD3@COD JohnD@FSA FAAJohnD@FSA JDabc1@DMCS EdJD2@DLSS JDfsa1@GA1 JohnDfsa@GA2 JohnD@FSA Jddebt@PCA Direct control over user accounts Indirect control over user accounts  Individuals have multiple access identities to internal FSA systems  In some cases the same individual has multiple access identities in one system (Common Origination and Disbursements)  Individuals have additional access identities to externally hosted FSA systems  User account management is fragmented  Inconsistent methods are used for authentication (application specific, personal identity numbers, etc…) 4

5 Objectives of EIMS Project Phases 1 and 2 Objective: To make registration and sign-on for users a more efficient process while still maintaining security for FSA systems by: Simplifying access to FSA systems with single (reduced) sign-on Creating a standardized solution supporting the entire user community and all business systems Removing Personally Identifiable Information (PII), such as the current use of Social Security Numbers (SSN) and Date of Birth from log-in Maintaining a consistent data security posture across all FSA systems 5

6 Approach Step1: Placing all FSA systems behind a single authentication application (AIMS) e.g. National Student Loan Data System (NSLDS), eCampus-Based System (ECB), Central Processing System (CPS) Step 2: Leverage PM system for COD enrollments to provide privileged users a single FSA ID for COD Step 3: Create non-identifiable standard user IDs and passwords for students and borrowers to access FSA systems Step 4: Move from physical (hard) tokens to the use of soft tokens 6

7 EIMS Target State FSA ID COD FSA System(s) Log-in ID All Users COD FSA ID Multiple IDs Log-in IDPrivileged Users FSA System(s) Current State 2012Target State 2015 PIN (SS#, DOB) PIN (SS#, DOB) Non-Privileged Users COD NSLDS, ECB CPS, etc… ALL Systems Create single sign-on Centralize provisioning Allow self-service Replace PII in log-in information Increase security Provide eSignature 7

8 EIMS Target State Schools Financial Partners Department of Education State Agencies Service Providers Federal Agencies eZ -AuditCDDTS FMS e-Campus Based FPDM FOTW NSLDS FAP FAAA Website eZ-Audit Datamart DLSS PEPS FAFSA4CASTER DMCS CPS General Public & Applicants FSA Employees Borrowers DLCS IHCFGBEAD Application Specific Security W W W W SS Legend W WebsiteEESB S SAIG I ITA Target State Enterprise Identity Management Service EEIWEI EE E WEI WEIS WEIS I WEIS WEIS I Application Level Security Federated Identity Management DMCS2 ERMS CODEN PCA Systems Servicer Systems COD COD Data Archive I eMPN WEIS TFAIPMACR-SSO Identity Proofing Enterprise Identity Management Service (EIMS) WIS External Hosting Internal Hosting (VDC) National Strategy for Identities in Cyberspace (NSTIC) Identity, Credential, and Access Management (ICAM) User Self-Service FSA Identity Federation Centralized Administration (e.g., Logging, Audit, Provisioning, Lockout Disablement) Federated Identity 8

9 Changes: COD online access CurrentFuture Primary DPA enrolls users through COD for online access Users receive different log-ins for each school and profile Users need to log-out to change schools or profile Users only have access to report structures created for a specific school or profile Primary DPA enrolls users through PM for COD online access Users receive 1 FSA log- in for all schools and profile Users are able to change schools or profile without logging-out Users have access to all report structures created for any schools or profile 9

10 PM will provision COD online access enrollments Primary DPA will only need to enter user and enrollment information into one system, PM, for COD, NSLDS, ECB etc... PM will be linked to AIMS which will provide COD online access authentication Changes: PM CurrentFuture PM does not provision enrollments for COD online access Primary DPAs may need to enter user and enrollment information into multiple systems, COD and PM PM is not linked to AIMS for COD online access authentication 10

11 Changes: The Transition Period During the transition period from the first week of March 2013 to the first week of May 2013: Primary DPAs will need to enroll current COD online users in PM Users will need to register in PM, if they do not have an FSA ID (john.doe.fsa) During this period, new COD online users will need to be enrolled in both systems After 1 st week of May, Primary DPAs will only be able to use PM to enroll COD online users 11

12 Changes: Summary of Required Actions Current IDMarch - MayTokens (March – May) After May 2013 FSA ID users john.doe.fsa Primary DPA enrolls user for COD online access through PM If you: Are using an FSA ID and token No action needed ------ Do not have a token Get a token and register it using assigned FSA ID ------- Are only using COD and a token Register token using FSA ID FSA ID used to log- in to COD online access Existing COD Online Users Primary DPA enrolls user for COD online access through PM User registers in PM and creates a profile NEW COD Online Users Primary DPA enrolls user in both COD and PM User registers in PM and creates a profile 12

13 Changes: Privacy and Security Improvements FSA requires that all users accept their responsibilities regarding the use of FSA systems and information as is written in the Privacy Statement and the Rules of Behavior In addition, FISMA requires that FSA track this information and provide audit information as requested On a daily basis, users will be asked to accept both these statements when they first log-in to COD 13

14 Changes: Annual Security Training Notification Users are required to complete an Annual Security Training Provides an understanding of the security responsibilities associated with accessing FSA systems Reminds users of their responsibilities to protect the information in FSA systems especially the PII data of the students, borrowers, and users Specifies certain activities as not allowed, such as the sharing of FSA IDs For the ten (10) days prior to expiration, users will be notified of the expiration of their security training when they log-in to COD If the Annual Security Training is not complete, user will not be able to access COD 14

15 Changes: COD Enrollments and Log-in User User registers in PM and receives FSA ID User enters FSA ID and password to access COD Privacy / ROB Accepted, Security Training Complete? User completes Annual Security Training NO YES User logged into COD 15

16 Important Dates February 2013 Initial information available on IFAP website March 2013 – May 2013 Detailed instructions available on IFAP website Primary Destination Point Administrators (DPA) enroll COD users in PM COD users register and create a profile in PM to get a new FSA ID and Password First Week of May 2013 Single (reduced) sign-on for COD goes live! 16

17 Next Steps for EIMS Complete enhancements to PM Send out communications through IFAP (Feb/March/May) Implement new COD single (reduced) sign-on – COD Release 12.1, first week of May 2013 Begin work on removing PII for non-privileged users – Late Fall 2014 Perform feasibility testing with InCommon Federation Provide ongoing progress information through IFAP 17

18 QUESTIONS? 18

19 Contact Info Bridget-Anne Hampden E-mail: bridget-anne.hampden@ed.govbridget-anne.hampden@ed.gov Phone: 202-377-3508 19

Download ppt "Bridget-Anne Hampden | Nov. 2012 U.S. Department of Education 2012 Fall Conference Enterprise Identity Management – Leveraging Participation Management."

Similar presentations

Session #56 Two-Factor Authentication Steven Burke & James McMahon U.S. Department of Education.

Session #56 Two-Factor Authentication Steven Burke & James McMahon U.S. Department of Education.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Catherine Metcalf | Dec. 2014 U.S. Department of Education 2014 FSA Training Conference for Financial Aid Professionals Introducing the FSA ID - The FSA.

Catherine Metcalf | Dec U.S. Department of Education 2014 FSA Training Conference for Financial Aid Professionals Introducing the FSA ID - The FSA.
NASFAA 2003: Reconnecting With Students!. 2 eZ-Audit – Electronic Submissions of Financial Statements and Compliance Audits Session #105.

NASFAA 2003: Reconnecting With Students!. 2 eZ-Audit – Electronic Submissions of Financial Statements and Compliance Audits Session #105.
Two Factor Authentication Protocol and the Protection of PII Steven A. Burke U.S. Department of Education 1.

Two Factor Authentication Protocol and the Protection of PII Steven A. Burke U.S. Department of Education 1.
Federal Student Aid Technical Architecture Initiatives James McMahon Ganesh Reddy U.S. Department of Education Session T-03.

Federal Student Aid Technical Architecture Initiatives James McMahon Ganesh Reddy U.S. Department of Education Session T-03.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
FSA ID TRANSITION Ditch the PIN. WHAT IS THE NEW FSA ID AND PASSWORD? U.S. Department of Education has a new login process beginning April 26 th for student-

FSA ID TRANSITION Ditch the PIN. WHAT IS THE NEW FSA ID AND PASSWORD? U.S. Department of Education has a new login process beginning April 26 th for student-
1 Data Strategy Overview Keith Wilson Session 15.

1 Data Strategy Overview Keith Wilson Session 15.
SATERN for Supervisors May 2006. Session Objectives At the end of the session, participants will be able to:  Describe the benefits of SATERN.  Log.

SATERN for Supervisors May Session Objectives At the end of the session, participants will be able to:  Describe the benefits of SATERN.  Log.
State of Indiana Business One Stop Process Storyboards To support RFP and Requirements As of September 13, 2013 Prepared by: RFP 14-47 Attachment L.

State of Indiana Business One Stop Process Storyboards To support RFP and Requirements As of September 13, 2013 Prepared by: RFP Attachment L.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
NAMS Account Activation Training. 2 What is NAMS? The NASA Account Management System is NASA’s centralized process for requesting and maintaining accounts.

NAMS Account Activation Training. 2 What is NAMS? The NASA Account Management System is NASA’s centralized process for requesting and maintaining accounts.
Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.

Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.
System for Administration, Training, and Educational Resources for NASA SATERN Overview for Learners May 2006.

System for Administration, Training, and Educational Resources for NASA SATERN Overview for Learners May 2006.
Zack Goodwin U.S. Department of Education NYSFAAA Regions VI and VII, June 19, 2015 Elmont, NY FSA Systems and the User ID.

Zack Goodwin U.S. Department of Education NYSFAAA Regions VI and VII, June 19, 2015 Elmont, NY FSA Systems and the User ID.
Signing On for FSA Systems Tokens/Two-Factor Authentication and Modifications to User Sign-on in 2013 Bridget-Anne Hampden U.S. Department of Education.

Signing On for FSA Systems Tokens/Two-Factor Authentication and Modifications to User Sign-on in 2013 Bridget-Anne Hampden U.S. Department of Education.
Session 52 Security Architecture – What Does It Mean Katie Blot Nina Colon.

Session 52 Security Architecture – What Does It Mean Katie Blot Nina Colon.
Session #351. Session 35 SFA Tools for Schools Do You Use These? n The SFA Customer Service Call Center (CSCC) n The New and Improved IFAP web site n.

Session #351. Session 35 SFA Tools for Schools Do You Use These? n The SFA Customer Service Call Center (CSCC) n The New and Improved IFAP web site n.
Session #23 Hands On NSLDS for Beginners Valerie Sherrer & Andrea Wise.

Session #23 Hands On NSLDS for Beginners Valerie Sherrer & Andrea Wise.

Similar presentations

Ads by Google