Why are we doing this? Our Information Technology management has been seeking an automated process to provision and deprovision entities based upon organizational data stored primarily in our Banner ERP system. An initial attempt at this was inadequately resourced, and was not seeded with a breadth of university executive stakeholder involvement, so it did not successfully achieve its desired mission. Our active involvement in the InCommon CSP cohort represents a renewed effort to approach the original goal in a staged, and better supported manner. | Problem Statement: We are in the process of seeking for a better solution to enhance our current Identity and Access Management system. Impact Statement: One of our IT goals is to prioritize and adjust services to improve the customer experience, by increasing availability, reliability and sustainability, leading to a more responsive and enhanced information technology. |
How do we judge success? Success metrics | When the Grouper data has been shown to be a close equivalent of the legacy solution, initial success will be declared. For example,
|
What are possible solutions? | Grouper and Midpoint
|
High-level timeline | Project Phase Milestone Completion Dates
|
Issues tracking | A traditional approach to tracking will include an issues log, with assigned responsible individual (or specific team) designated to resolve. |
Stakeholder Impact
Who is the customer and how does this help them? | Our executive director of SSIA has commissioned this effort as an approach to address audit concerns regarding account and account permission deprovisioning. This will help us to show progress before the next round of audit. |
Why will the customer want this? | A renewed process for automated role-based access control (RBAC) has been desired for several years, but a formal effort has not been properly commissioned until our recent involvement in InCommon CSP. |
Scale and scope | For the first phase, resources are dedicated to demonstrate Grouper (and Midpoint) in a functional proof-of-concept. Once proven, we will commence with a second phase to introduce this processing into our production environment. |