Contents
- Introduction
- Identity Management Phase 1
- Identity Management Future Phases
- Identity Management Teams
Introduction
Benefits to NC State
The Identity Management (IdM) service at NC State provides these benefits:
- Improved security and privacy by sharing about an individual only what is necessary and only when it is necessary
- A single, authoritative access point for an individual’s identity
- Simplified administration by eliminating the need for a separate identity for each of several resources
- Efficient resource sharing within and beyond the university
- Streamlined deployment of a new university business process
Identity basis
In the IdM service, an individual’s identity is based on that individual’s attributes, which are determined by all of his or her multiple relationships to the university. Each attribute provides access to one or more specific services, systems or features. For example:
- A faculty member attribute would provide access to the “For Faculty and Staff” section of MyPack Portal.
- A parking permit holder attribute would authorize parking on campus.
- An alumnus attribute would provide eligibility for NC State Alumni Association membership.
Collaboration
Every college and unit in the university has a stake in identity management. It cannot be developed without a collaborative effort to identify what attributes of identity are important in all business processes used at NC State and to ensure that everyone is using the same definition for each of those identity attributes.
Identity Management Phase 1
Objectives
Implementing Identity Management to replace aging infrastructure for Unity account provisioning and deprovisioning and password management services.
Phase 1 will include:
- Implementation of Oracle Identity Manager (OIM), Oracle Access Manager (OAM), and BI Publisher (Reporting)
- Utilizing authoritative Sources — PeopleSoft HR, SIS and Campus Directory
- Provisioning and deprovisioning of account targets — Google, Kerberos, Active Directory – WolfTech and Affiliates, and OpenLDAP
- Replacement of Unity provisioning and deprovisioning (See Unity account procedures for Student Accounts and Employee Accounts)
- Knowledge based password change and reset using User Identification and Authorization security questions and answers
- Load (seeding) of identities and attributes managed in existing Unity business processing
- SysNews Tools update to utilize new data sources
- AFS and CIFS transaction updates to use new IdM data sources
- ServiceNow feed update to use new data sources
- DELTA view of IdM data to replace current feed
- Workshop Application integration with IdM for account check-out, check-in and password changes.
Phase 1 will not implement:
- Creation of guest accounts — No-pays will still be processed via HR system
- Key Attributes eduPerson and eduCourse LDAP schema
- Extended grouping categories
- Comprehensive guest management
Identity Management Future Phases
The IdM project team will work with campus units and IT Governance to determine the priority and schedule for implementing critical services including:
- Creation of guest accounts to manage affiliates
- SAR (System Access Request) replacement
- Unified directory
- Key Attributes eduPerson and eduCourse
- Enhanced grouping logic for class and affiliates
Identity Management Teams
There are two teams associated with the Identity Management work in progress, the Core Leadership Team and the OIT IdM Steering Team.
Core Leadership Team
These are the management and technical leaders driving the active projects in the implementation of Identity Management at NC State.
Connie Reitfort – Project Manager/IdM Development & Access Management
Krishnan Iyer – Development, Access Management, Application Architecture
Brian Ott – Development Technical Lead
Michelle Gray Johnson – Student Information Systems
Amy Coggins – Human Resource Systems
Derek Ballard – Windows Services (Active Directory/CIFS)
Abraham Jacob – Shared Services
Billy Beaudoin – Identity & Web Services
Kelly Harrelson – Database Services
Ralph Castanza – AFS Services
Lisa Gallond – WorkLoad Services
– Help Desk Services
– Information Security Risk & Assurance
Andy Kotynski – Information Security Services
Kevin McDonald – Project Management Assistance
OIT IdM Steering Team
This is the senior Office of Information Technology management team overseeing the implementation of Identity Management at NC State.
Eric Sills – Shared Services. Assistant Vice Chancellor
Gwen Hazlehurst – Enterprise Application Services, Assistant Vice Chancellor
Mardecia Bell – Security and Compliance, Chief Information Security Officer
Stan North Martin – Outreach, Communications and Consulting, Director
Greg Sparks – Communication Technologies, Assistant Vice Chancellor
Susan West – Technology Support Services, Assistant Vice Chancellor