...
This course series will explore solutions for four common identity and access management use casesproblem and solution sets:
- Managing Access
Whether you are on a campus, with a research organization, or a company, managing access to multiple resources can quickly overwhelm you and other staff members. Higher Education in particular has the complex situation of having many people with many roles that require a large variety of access rights to it’s resources.
Using groups as the primary means for access means having a group management system that is intuitive and easy to use.
Imagine Math Faculty along with Math Support folks having delegated authority for adding or removing student identities from groups associated with Math Faculty Resources. The Math “team” would be able to manage access and authorization to resources independently from Central IT.
Replicate that across all departmental resources and applications and you can realize a large optimization in people’s time and effort.
The Grouper software component of the Trusted Access Platform facilitates enterprise-level access management and authorization by grouping unique institutional identities (UIDs) into groups that can be associated with classes, class materials, and other resources. It also provides many powerful features for managing the access rights of the identities easily over time with little effort..
- Creating Collaboration Infrastructure for Research and Scholarship
Research organizations and virtual organizations have similar issues - people coming from various places bringing an identity with them, and needing access to various tools and ways to collaborate.
Imagine researchers and administrators working together on a groundbreaking research effort while being based at numerous different universities and research institutes. To facilitate their teamwork, these collaborators need to share documents, set up institution-independent mailing lists, coordinate calendars, and use a protected wiki to capture their efforts. Their collaboration needs to be protected, but the focus needs to be on the collaboration, not the technology.
- Guest Systems
- Many organizations would like a way to manage guest (affiliation) access that doesn’t require creating accounts and provisioning guests through the normal ERP system. This session will provide a solution.
- Many organizations would like a way to manage guest (affiliation) access that doesn’t require creating accounts and provisioning guests through the normal ERP system. This session will provide a solution.
Identifying users in a unique way that can then be used to provide access to institutional resources, and later change or withdraw that access can be a challenging process and prone to many problems. Students are the most problematic as there are vast numbers of them and what they should or should not have access to and what level of access may frequently change during their enrollment time and even afterwards as alumni. Staff and faculty, though smaller in number, have similar issues.
The Trusted Access Platform can be integrated with existing systems of record SOR, such as HR, such that events like hiring, student admissions, etc. will trigger the creation of a unique institutional identity (UID) and associate that identity with basic known attributes from the SOR and then store the identity in a registry with those attributes.
Additionally, the identity can also be added to groups associated with access to classes, course materials, applications and other resources automatically (provisioning).
Similarly, additional events triggered by changes in HR or other SORs can change or revoke the identity access rights automatically (de-provisioning).
- Student on boarding and provisioning
- Employee on-boarding and off-boarding
- Research collaboratives
Students will work through an integrated demo environment and learn how InCommon Trusted Access Platform components can work together to solve common IAM challenges.