Project Abstract - York University

Why are we doing this?

Problem Statement:

Our legacy IAM solution (Passport York) has reached some of limits in terms of group provisioning (e.g. automatic provisioning access to AD and Azure AD resources) that we are more and more relying on running ad-hoc scripts and manual interventions to try to keep up.

Impact Statement:

Reduced productivity resulting by the increase of manual work required by the various IT departments of the university to fulfill access management needs.

How do we judge success? Success metrics

• Decommissioning scripts that are currently used as a passable stop-gap
• The solution can be reused to allow automatic group provisioning to as many as possible directory services and applications at the university: (e.g.: AD, Azure AD, LDAP and Passport York) 
• Replacing suboptimal process of group provisioning inside PY
• Reducing the amount of manual activities by IT for access management

Statements of justification for the solution(s) chosen

Grouper: An open-source access management solution that can provide automatic group provisioning, based on attribute, role or membership of a person.

Roadmap:

• Grouper PoC installation and configuration: Jan/Feb
• Validate Grouper PoC with various IT groups: Feb/Mar
• Deploy Solution production: Mar/Apr
• Decommission existing scripts: Apr*

The overall organization 

Reducing required time to complete access management request

Affecting IT staff to activities that provides more value to the organization.

Scale: Medium to large

Scope:

• Deploying Grouper and Docker into production
• Importing necessary attributes and memberships from SIS and PY
• Provisioning groups and access into AD and Azure AD
• Developing framework for future reuse

Risks:

• Developer availability not confirmed yet that could scale back the scope of this project.
• No Docker infrastructure supported by IT