Identity and Access Management Services Tom Jordan tom
- Slides: 11
Identity and Access Management Services Tom Jordan <tom. jordan@wisc. edu> Presented to Infrastructure Technical Advisory Group (ITAG) November 20, 2017
Identity and Access Management Services • Agenda • Overview of Campus IAM services • Who’s using IAM services? • IAM Populations • Gaps / Campus Needs • Current Initiatives • Future Initiatives • Forums for campus feedback • How ITAG can help 11/20/2017
IAM on Campus • The IAM Problem Space Identity Registration Directory Services Account Management Grouping / Provisioning Person Data Delivery Access Management • IAM On Campus (from IT Services Survey) • • 17 campus services for Identity Management 38 campus services for Access Management 7 campus services for Directory Services Major campus providers: 11/20/2017 Do. IT Business AIMS Computer Science SMPH Engineering Athletics
UW System Data Sources Madison Data Sources Overview of Do. IT IAM Services and Infrastructure SIS Hosp Identity Registry Spec. Auth etc Authentication Services WI Fed On-Premise Web. SSO Apps Cloud Apps for UW Madison Credential Management MFA Common Systems Apps (onprem and in the cloud) PHEXPORT (Customer Data Views) LDAP UW Madison Directory-based apps and Infrastructure Active Directory Office 365 IDM/PASE HRS Directory Services UWM Cloud Directories UW System Provisioning (OIM) UWW Net. ID Login Google Apps Cisco Spark UWGB etc UW Madison Provisioning (Regsync) Enterprise Group Management (Manifest / Grouper) Person APIs Identity Sources 11/20/2017 Identity Reconciliation Identity Data Management SOAP / REST Ad-hoc and data-driven grouping for authorization Person data APIs for developers Messaging Identity Data Integration Identity Consumers
Who uses IAM services? • Principal Customers • UW Madison application owners / providers • UW Madison business process owners • By IAM Service • Person Data Views – about 300 data views* • Person Web Services – about 25 customers* • Directory Services – about 200 departments / subunits • Manifest – about 300 departments / subunits • SAML / Net. ID Login – about 1, 500 applications 11/20/2017
UW Madison IAM Populations • Students (including SOAR, applicants and former students) • Faculty / Staff • Affiliates • Special Authorizations • UW Foundation • Visiting Staff / Researchers • Partner Agencies on campus (Forest Products Lab, USGS, etc) • • UW Health / UW Medical Foundation Pre-College Program Summer Research Opportunities Program (SROP) Lifelong Learners • Manifest-Invited Populations • UW System populations (students, facstaff, affiliates) 11/20/2017
Gaps / Issues / Campus Needs • Gaps in current infrastructure offerings • Scalable provisioning and deprovisioning for compliance and audit • Scalable support for Unix integration with directory services • Scalable automation by departments • Support for modern development tools and processes (REST APIs, ORM-friendly data models) • Support for stronger authentication types (MFA) • Technical debt in some IAM components • Gaps in populations / account types • Additional ‘affiliate’ populations • Social / External Identity integration • Non-person and Privileged Accounts 11/20/2017
Current Initiatives 11/20/2017 Initiative Gap Addressed Duo Deployment Strong Authentication (MFA) Spec. Auth retirement Technical Debt REST-based Person API Support for modern development toolsets Message queueing for person data change notification Support for modern development toolsets
Future Initiatives 11/20/2017 Initiative Gap Addressed Self-Service attribute release Scalable automation for departments API-based access to group information Scalable automation for departments Unix integration with Net. ID authentication Services for Unix environments Person Hub refactor / replacement Technical Debt Service / privileged account management Compliance and Audit Improved provisioning / deprovisioning capability Compliance and Audit
Service Feedback • Individual Services • Net. ID Login – help@login. wisc. edu • Campus Active Directory – activedirectory@doit. wisc. edu • Manifest - manifest@doit. wisc. edu • Measuring Service Effectiveness / Customer Satisfaction • Meetings with campus departments in 2016 • Customer Survey of IAM Needs – Early 2018 • General IAM Feedback – iam-feedback@office 365. wisc. edu 11/20/2017 blah
How ITAG could help • Are we offering the right IAM services to campus? • How do we reach those units that are not engaged? • What other feedback venues should we be using to get feedback from our customers? • What are you hearing? 11/20/2017
- Iam capability model
- Identity management roadmap
- Aws identity and access management
- Oracle identity and access management suite
- Keith hazelton
- Why does tom insist daisy go home with gatsby
- Hp identity management
- Hp identity management
- Identity access management erfolgsfaktoren
- Jordan skyward gateway
- Maps identity
- The devil and tom walker symbols