The Problem
As the University of North Carolina at Charlotte (UNCC) continues to grow, developing a structured process for access management becomes more and more important. The Banner ERP system does not provide the necessary flexibility, and the university is looking for an enterprise-level solution that provides campus partners with a clearly defined process for identifying and delivering targeted access control to a variety of applications.
The Solution
Some members of the project team attended InCommon BaseCAMP in 2019 and received an introduction to the InCommon Trusted Access Platform software and services. UNCC already uses Shibboleth for single sign-on and federating, and chose Grouper as the solution for access management. After some discussion, the project team identified the following scope for the CSP: “Grouper has been chosen as part of an overall strategy to leverage all four components from the InCommon Trusted Access Platform to deliver a unified and community-driven approach to IAM.” The team also set the scale of the project to ensure success: populating the existing Active Directory environment with a sampling of access-specific groups managed by Grouper.
The Result
In order to start on Grouper, UNCC first needed to develop a database as a defined subject source. “Building the subject database is a huge milestone that was not anticipated before the project,” the project team related in their final report. “It was something we needed because we wanted to move off of Banner as the sole central data source.”
In addition to building the database, the project team also had to come up to speed on Docker and the containerized version of Grouper that is part of the InCommon Trusted Access Platform. Grouper was installed and working with Active Directory in a test environment, but the onset of COVID-19 delayed the move to production. “We are not fully in production yet due to a production freeze at launch,” the project team reported. “We didn't want to push anything new to production during COVID. The delay has allowed for additional testing in the test environment, which has been beneficial.”
Although not part of this project, the team also plans to move from the existing Forgerock OpenAM (access manager) to midPoint and managed to deploy a “mini version” of midPoint in test that pulls information from Banner and populates a source database for use by Grouper.
Lessons Learned
- While not in scope for the project, it was good to be able ask questions on Shibboleth containerization since that was another project on their list.
- Going into the CSP, it would have been helpful to have had a document that explicitly addresses prerequisites and related resources
- Set a realistic scope for the project; the tighter the better
About the University of North Carolina at Charlotte
The University of North Carolina at Charlotte is a public research university (classified by Carnegie as R2: Doctoral Universities - High Research Activities) with 29,000 students.
Project Team: James Wilson (UNC Charlotte), Lacey Vickery (UNC Charlotte), Wyatt Pegram (UNC Charlotte), Matt Deal (UNC Charlotte), Rachel Loudon (UNC Charlotte), Ned Morgan (UNC Charlotte), David McIntosh (UNC Charlotte), Paul Caskey (Internet2), Chris Hyzer (UPenn), Chris Hubing (Internet2)