Page tree
Skip to end of metadata
Go to start of metadata

Why are we doing this?

Our Information Technology management has been seeking an automated process to provision and deprovision entities based upon organizational data stored primarily in our Banner ERP system. An initial attempt at this was inadequately resourced, and was not seeded with a breadth of university executive stakeholder involvement, so it did not successfully achieve its desired mission. Our active involvement in the InCommon CSP cohort represents a renewed effort to approach the original goal in a staged, and better supported manner.

Problem Statement:

We are in the process of seeking for a better solution to enhance our current Identity and Access Management system.

Impact Statement:

One of our IT goals is to prioritize and adjust services to improve the customer experience, by increasing availability, reliability and sustainability, leading to a more responsive and enhanced information technology.

How do we judge success? Success metrics

When the Grouper data has been shown to be a close equivalent of the legacy solution, initial success will be declared. For example,

  • Roles in LDAP & Active Directory from Grouper can be deemed equivalent to that previously provided by the legacy application
  • Provisioning and deprovisioning is taking place as expected
What are possible solutions?

Grouper and Midpoint

  • Our “quick win” proof of concept will seek to establish traditional role-based information via Grouper, to replace that which is typically maintained using home-grown applications, which have become increasingly less maintainable.
  • As the Grouper portion of the effort proceeds, Midpoint will be evaluated for fit in the hybrid Fordham environment.
High-level timeline

Project Phase Milestone Completion Dates

  • Initiation -- 11/13/2019
  • Planning – 12/10/2019
  • Execution – 02/14/2020
  • Monitoring & Control – 03/13/20
  • Closure - 03/29/202020
Issues trackingA traditional approach to tracking will include an issues log, with assigned responsible individual (or specific team) designated to resolve.

Stakeholder Impact

Who is the customer and how does this help them?Our executive director of SSIA has commissioned this effort as an approach to address audit concerns regarding account and account permission deprovisioning. This will help us to show progress before the next round of audit.
Why will the customer want this?A renewed process for automated role-based access control (RBAC) has been desired for several years, but a formal effort has not been properly commissioned until our recent involvement in InCommon CSP.
Scale and scopeFor the first phase, resources are dedicated to demonstrate Grouper (and Midpoint) in a functional proof-of-concept. Once proven, we will commence with a second phase to introduce this processing into our production environment.
  • No labels