Identity Management

Contents

 

Introduction

Benefits to NC State

The Identity Management (IdM) service at NC State provides these benefits:

  • Improved security and privacy by sharing about an individual only what is necessary and only when it is necessary
  • A single, authoritative access point for an individual’s identity
  • Simplified administration by eliminating the need for a separate identity for each of several resources
  • Efficient resource sharing within and beyond the university
  • Streamlined deployment of a new university business process

Identity basis

In the IdM service, an individual’s identity is based on that individual’s attributes, which are determined by all of his or her multiple relationships to the university. Each attribute provides access to one or more specific services, systems or features. For example:

  • A faculty member attribute would provide access to the “For Faculty and Staff” section of MyPack Portal.
  • A parking permit holder attribute would authorize parking on campus.
  • An alumnus attribute would provide eligibility for NC State Alumni Association membership.

Collaboration

Every college and unit in the university has a stake in identity management. It cannot be developed without a collaborative effort to identify what attributes of identity are important in all business processes used at NC State and to ensure that everyone is using the same definition for each of those identity attributes.

[Back to Contents]

Identity Management Phase 1

Objectives

Implementing Identity Management to replace aging infrastructure for Unity account provisioning and deprovisioning and password management services.

[Back to Contents]

Phase 1 will include:

  • Implementation of Oracle Identity Manager (OIM), Oracle Access Manager (OAM), and BI Publisher (Reporting)
  • Utilizing authoritative Sources — PeopleSoft HR, SIS and Campus Directory
  • Provisioning and deprovisioning of account targets — Google, Kerberos, Active Directory – WolfTech and Affiliates, and OpenLDAP
  • Replacement of Unity provisioning and deprovisioning (See Unity account procedures for Student Accounts and Employee Accounts)
  • Knowledge based password change and reset using User Identification and Authorization security questions and answers
  • Load (seeding) of identities and attributes managed in existing Unity business processing
  • SysNews Tools update to utilize new data sources
  • AFS and CIFS transaction updates to use new IdM data sources
  • ServiceNow feed update to use new data sources
  • DELTA view of IdM data to replace current feed
  • Workshop Application integration with IdM for account check-out, check-in and password changes.

[Back to Contents]

Phase 1 will not implement:

  • Creation of guest accounts — No-pays will still be processed via HR system
  • Key Attributes eduPerson and eduCourse LDAP schema
  • Extended grouping categories
  • Comprehensive guest management

[Back to Contents]

Identity Management Future Phases

The IdM project team will work with campus units and IT Governance to determine the priority and schedule for implementing critical services including:

  • Creation of guest accounts to manage affiliates
  • SAR (System Access Request) replacement
  • Unified directory
  • Key Attributes eduPerson and eduCourse
  • Enhanced grouping logic for class and affiliates

[Back to Contents]

Identity Management Teams

There are two teams associated with the Identity Management work in progress, the Core Leadership Team and the OIT IdM Steering Team.

Core Leadership Team

These are the management and technical leaders driving the active projects in the implementation of Identity Management at NC State.

Connie Reitfort – Project Manager/IdM Development & Access Management

Krishnan Iyer – Development, Access Management, Application Architecture

Brian Ott – Development Technical Lead

Michelle Gray Johnson – Student Information Systems

Amy Coggins – Human Resource Systems

Derek Ballard – Windows Services (Active Directory/CIFS)

Abraham Jacob – Shared Services

Harry Nicholos – Identity & Web Services

Kelly Harrelson – Database Services

Ralph Castanza – AFS Services

Lisa Gallond – WorkLoad Services

Chris King – Help Desk Services

Leo Howell – Information Security Risk & Assurance

Andy Kotynski – Information Security Services

Kevin McDonald – Project Management Assistance

[Back to Contents]

OIT IdM Steering Team

This is the senior Office of Information Technology management team overseeing the implementation of Identity Management at NC State.

Eric Sills – Shared Services. Assistant Vice Chancellor

Gwen Hazlehurst – Enterprise Application Services, Assistant Vice Chancellor

Mardecia Bell – Security and Compliance, Chief Information Security Officer

Stan North Martin – Outreach, Communications and Consulting, Director

Greg Sparks – Communication Technologies, Assistant Vice Chancellor

Susan West – Technology Support Services, Assistant Vice Chancellor

[Back to Contents]