Common Challenges in HE

Introducing Identity Management

Users

Roles

Services

An integrated IDM solution can help address these HE challenges

Identity Management Journey in UCD

1) Approach

Who I Interviewed

• NUIG

• NorthWesternUniversity

• Buildings/Estates

• Residences

• Communications Office

• Library

• Students’ Union

• Commercial/Conferences

• IT Operations

• Research IT

• IT T&L

• IT MIS

• Registry

• HR

• Alumni Office

• IT Customer Services

• Finance

• Research Office

Identity Creators

Infrastructure Owners

Other Institutions

Other Service Providers

Review of the Existing Solutions & Processes

Our End Users• Current UCD students

• Students from other institutions

• Alumni

• Prospective students

• Non-award students (Adult Ed, CPD, ..)

• Academic staff

• Admin & professional staff

• Casual/hourly staff

• Pensioners

• Prospective staff (applicants)

• External examiners

• Non-contract appointees (eg hospital consultants)

• Visiting academics

• External lecturers (egInstitute of Bankers)

• Temporary/contract admin staff

• Non-payroll researchers

• Maintenance staff

• Gym staff

• Campus security

• Franchise & licensee staff, eg CopiPrint, shops

• Cleaning contractors

• IT helpdesk

• Conference attendees & organisers

• Summer teaching staff & students

• Summer residents

• Industry partners

Our End Users• Current UCD students

• Students from other institutions

• Alumni

• Prospective students

• Non-award students (Adult Ed, CPD, ..)

• Academic staff

• Admin & professional staff

• Casual/hourly staff

• Pensioners

• Prospective staff (applicants)

• External examiners

• Non-contract appointees (eg hospital consultants)

• Visiting academics

• External lecturers (egInstitute of Bankers)

• Temporary/contract admin staff

• Non-payroll researchers

• Maintenance staff

• Gym staff

• Campus security

• Franchise & licensee staff, eg CopiPrint, shops

• Cleaning contractors

• IT helpdesk

• Conference attendees & organisers

• Summer teaching staff & students

• Summer residents

• Industry partners

Sources of identity & ID-related interfaces

Banner

Students

CoreHR

Staff

ARCClinical

Placements

Raiser’s

Edge

Alumni db

EPMSExam

Papers

CMISTimetables

Blackboard

Virtual

Learning

DigitaryDip Supps

Athens DA

Library

services

Talis

Library

accounts

VistaBudgeting

eProcPurchasing

Online Forms

Research

contracts

Profiles

Researcher

s

FRes DB

Luminis

Connect Active

Directory

Servers

eDirectory

Print & file

share

Sentry

Library

access

Business

Objects

Reporting

eFinancials

Accounts

Data

Warehouse

Cameras

ID Cards

Directory

Staff &

facilities

Copi

Print

Conway

Smurfit

Goldmine

CRM

Prospective

Students

Current

Students

Alumni &

Graduates

Staff &

Pensioners

Financial

Management

Research

Management

Information

Management

Shared

Services

Directory

Services

Library

Services

Tableau

Dashboard

Nursing students’ details

Undergrad applicants’ details

Reading lists New staff

Copi-Print details

New students

New staff & studentsStudent

No/Pers No & ID card barcode

Staff email account details

Single sign-on

Electronic transcripts

Student details

Staff details

School/unit budgetdetails

Student email account details

Staff & unit/school details

Details of students who have graduated

Manager codes & cost centres

A/c setup details

System where identities are created

Single sign-on

Virtual

Desktop

Intranet

File

share

Web

file

store

Access channel

Single sign-on

Details for current staff

User authentication

Print

Server

Phone nos

Buildings and

Services

Ringmaster

Customer

Services

Staff & unit/school details

User authentication

Harris

Alumni

Online

Directory

SISWeb

Student

information

Module

Descriptor

Grade

book

Jira

Change

Managemen

t

Touchpaper

Helpdesk

Call logging

Right

Answers

Adult Ed

DB

MyUCD/

Edge

Propective

Students

Radius

Enterprise

Wizard

Identity Management

Components V11 08/09/08

Direct 24Operator

Directory

GIS

CIMIS

BMS

CCTV

Onity

&Access

Control

Xythos

Sharepoint

Document

Management

FexcoForeign

Drafts

BITSBank

Transfers

PABX

where IDs

___ were created

Shortcomings with the Existing Solutions

Shortcomings with the Current Solutions

Sources of

Identities &

Roles

Access

Management

6.SSO

Applications

Enterprise

Directories

Identity Management

2. Account

Creation &

Deletion

5. User

Self-Service

3. Management

of Roles

Banner

CoreHR

Active

Directory

Novell

eDirectory

Connect

LDAP

1.Integrated Identity Repository

4. Devolved management

of “Others”

(non-staff,

non-students)8. Federation

Gateway

7. Password

Management

Campus Network

Print & fileshare

Sharepoint

Banner

Business Objects

Library

ID CardSystem

Blackboard

Other source

systems

Other

Applications

Policy on Access to Services

Identity Management Architecture

Link to

other

universities

Luminis

Integrated Identity Repository

Target Architecture

Identity & Access Management Target Architecture

Key Requirements

RFP process, decision on Build vs Buy

Integrated Identity Repository

CoreHR

Banner

RMS

Staff, ex-staff, pensioners, adjunct staff, applicants.Category, schools/units, cost centres, roles, location, status ..

Students, applicants.Modules, programmes, roles, ..

research projects, research themes,

Prospective students

Raiser’s EdgeAlumni

Visitors & affiliates

Identity Repository

eDirectory

Active

Directory

eFinancials

Cost centres, roles, manager codes

Online

Applications

Visitor

System

LDAPS

SSO, Business systems auth

O365 auth

SCAS

Swimming

pool

Summer residents Gym

members

IDMS

(Oracle

DB)

ID Vault

(Novell

IDM)

Booking

Centre

Adult Ed, CPD, event attendees

Google

Apps

Solution Components – identity repository

Solution Components, cntd

Solution Components, cntd

IDMS - Overview

USIS

Roles

Electronic Purse• Photocopying• Café & Restaurants• Centra• Vending Machines

My UCard(InfoHub)

Balance & TransactionsOnline Topup

Online Purchases

Management Reporting

HR System

IDMS Overview

Access Control• Library• Residences• Sport/Fitness Turnstiles• Ardmore House

HR/Payroll SystemCoreHR

Student SystemBanner

UCD Systems

3rd Party Systems

Service Entitlements

UCD Organisation

My Profile(InfoHub)

Phone NumberBuilding/Location

Upload Photo

USIS

Staff Directory

IDMS Person Database

Staff, Students & Visitors/Affiliates

Identity Manager

Visitor/Affiliate System

Library System

Student System

Research Management

Access Control (Doors/Buildings)

Staff & Student Portal

IT Accounts

ID Card System

Summer Residents

SCAS

IDMS - Person DB

IDMS - Roles

IDMS - Services

IDMS - Assigning a Service to a Person

ID Vault – Key Components

Netiq

Ne

tiq

eDir(UCD-TREE)

Novell File Share

AD

LDAPSldaps.ucd.ie

GoogleApps + Gmail

IDVault[IDM V4,

eDir, NetIQ ]

IDMSOracle

DB

Azure/O365

Library Apps

Blackboard

CoreHR (Staff)Oracle

Banner (Student)

Oracle

Password SelfService

(SSPR)

Various applications

student labs some apps

SSO

EduGate/EduGainN

etiq

EduRoamStaff & student portals,

other apps

EduPerson

Use Case – New Staff Joiner

HR records details on

Core systemHourly

Scheduled job updates IDMS &

calculates service entitlements

Instantaneous access to InfoHub staff portal and online services

Instantaneous update to staff

directory

Scheduled job updates Library

system for access & borrowing rights

Realtim

e

ID Vault polls IDMS and provisions IT

account & associated directory services:

Google Apps, O365, ..

Various scheduled jobs to populate other business

systemsUpdates to Facility Pro for electronic

purse

Updates to Salto server for door access control, inc swimming

pool & residences

Automatic

Manual

Real time view for ID Works card

softwareUcard Office prints ID card

(based on IDMS entitlements)

Use Case – Student Registers

Student registers on the SISWeb portal

Realtime

Updates IDMS & calculates service

entitlements

Instantaneous access to SISWeb

student portal and online services

Scheduled job updates Library

system for access & borrowing rights

Realtim

e

ID Vault polls IDMS and provisions IT

account & associated directory services:

Google Apps, O365, ..

Various scheduled jobs to populate other business

systemsUpdates to Facility Pro for electronic

purse

Updates to Salto server for door access control, inc swimming

pool & residences

Automatic

Manual

Real time view for ID Works card

softwareUcard Office prints ID card

(based on IDMS entitlements)

What does Identity Manager mean for me?

My UCardOnline Topup

Online PurchasesBalance/Transactions

Access Control

Identity Manager - What it means for me

HR SystemCore

My ProfilePhone Number

Building/LocationUpload Photo

Email Preferences

Identity ManagerDatabase

Staff/Student Portals

Staff DirectoryUCD Web Site

UCD Mobile AppInformation Booths

Your information loads from Core or Banner

Drives access to information

Student System Banner

My ServicesHR Services

Student Services Research Services

Management Reports

etc

IT Services

Visitors & Affiliates Connect Username UCD Email Address O365 Software Downloads Jukebox CMS Access … etc

Visitor information is recorded on IDMS or loaded from a 3rd party

3) Speedbumps and Roadblocks

resources

ownership of visitors

data quality

policies and exceptions

4) Looking Ahead

Self-service Password Reset capability

Devolved Visitor Management

New Joiners Induction, self-service Account Activation

More streamlined Disabling of IT accounts

Portal and Website Integration (logged in websites)

Some Recommendations

bridin.walsh@ucd.ie

01-716 1549