Oregon State University
Executive Summary
The land-grant mission is intrinsic in what we do at Oregon State University. Our role in serving the public good and ensuring the success of the people of Oregon is evident throughout the state. IT and identity management practices, however, have focused on our campus constituencies. We are easily able to provide access to systems and services to our students, employees, and associates, but we struggle to provide the same access to others.
Each year sees increased the demand for access to digital services as part of our outreach programs. To assist our campus in fulfilling these digital outreach needs, Oregon State must implement an entity registry that allows the creation identities and accounts from outside of our traditional campus constituencies.
Organization Description
Oregon State is an international public research university located in Corvallis, Oregon. Founded in 1868, Oregon State is the state’s Land Grant university.
Enrollment at Oregon State is 31,412 students who study in our colleges of Agricultural Sciences; Business; Earth, Ocean, and Atmospheric Sciences; Education; Engineering; Forestry; Liberal Arts; Pharmacy; Public Health and Human Sciences; Science; and Veterinary Medicine. With 11 colleges, 15 Agricultural Experiment Stations, 35 county Extension offices, Hatfield Marine Science Center in Newport, and OSU-Cascades in Bend, Oregon State has a presence in every one of Oregon’s 36 counties. The 4,700 students in our Ecampus extend this presence across the nation and around the world.
Oregon State is one of only two land, sea, space, and sun grant institutions in the U.S. and is the only university in Oregon to have earned both Carnegie Classifications for Highest Research Activity and Community Engagement. It is the state’s largest comprehensive public university, preeminent for both scholarly achievement and the direct impact of applied development, fulfilling the land-grant mission to serve the public good.
Containerized TIER Component(s) to be implemented
- Shibboleth IdP and SP
- Grouper Access Management Software
- COmanage Collaboration Management Platform
- Entity Registry, such as midPoint
Short Management-Level Use Case Description of Your Project
The implementation of a stand alone entity registry is a key component to the overhaul of OSU's IAM infrastructure. It is step one in a longer term project to expand the account base that we support.
We plan to implement the TIER midPoint entity registry and populate it from our existing systems of record. Scope details for outbound provisioning will be determined during the fall term scoping.
Expected Deliverables:
- Scope midPoint project – Fall term 2017
- Deploy midPoint development environment environment – Winter term 2018
- Feed data from Banner to midPoint - Winter-Spring terms 2018
Scope
Implement midpoint as an Entity Registry for OSU.
Excluded from Scope
Significant changes to existing IAM infrastructure for Grouper and Shibboleth.
Key Stakeholders
| Sponsor | Erica Lomax, Director, Identity & Infrastructure |
| Campus Success Program Contact(s) | Erica Lomax, Director, Identity & Infrastructure, erica.lomax@oregonstate.edu |
| Communications contact | Erica Lomax |
| Project manager | Erica Lomax |
| Project team members | Andy Morgan, Identity & Access Management, Information Services Josh Zojonc, IT Infrastructure, Information Services Stacy Brock, Infrastructure Integrations, Information Services |
| Deployment Partners/Contractors | Unicon |
Project Milestones
| Activity | Assigned Resources | Start State | End Date |
| Install midpoint in a test/demo configuration | Andy Mogan | Fall 2017 | Fall 2017 |
| Scope definition for entity registry project | Erica Lomax | Fall 2017 | Winter 2018 |
| TBD by fall scoping phase |
Synergistic Projects
SSO in the Cloud
The IAM team is currently working on adding nodes of Shibboleth IdP and LDAP into AWS for redundancy and resiliency of our SSO environment. This project will complete in fall term 2017.
IdP Proxy
Through the fall of 2017, Oregon State will install and configure an IdP proxy. We currently provide social logins for our Professional and Continuing Education (PACE) students through Cirrus Identity’s Gateway product. A recently acquired software for course delivery provides only a single SAML configuration, so a proxy will allow all students access to the resources. The evaluation of purchased versus in-house built solutions is required before the technology direction is decided.
Constraints, Assumptions, Risks and Dependencies
| Constraints | TBD |
| Assumptions | OSU will be able to implement the entity registry in phases, starting with parallel implemenation to our current custom engineered code, and then transitioned to new business processes. |
| Risks and Dependencies | Risk: Recent staff turnover and reorganization have left the IAM team short staffed and in a period of transition. |