Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Training Coming Soon!

Table of Contents

This course series will explore solutions for four common identity and access management Problem and Solution sets: 

(A) Managing Access

Whether you are on a campus, with a research organization, or a company, managing access to multiple resources can quickly overwhelm you and other staff members.  Higher Education in particular has the complex situation of having many people with many roles that require a large variety of access rights to it’s resources.

...

The Grouper software component of the Trusted Access Platform facilitates enterprise-level access management and authorization by grouping unique institutional identities (UIDs) into groups that can be associated with classes, class materials, and other resources.  It also provides many powerful features for managing the access rights of the identities easily over time with little effort.

The Scenario

Stephen Hawking is a new student in your system.  His interview for enrollment identified him as being highly proficient in math and the faculty would like him to assist them with updating math faculty resources.

...

Replicate that across all departmental resources and applications and you can realize a large optimization in people’s time and effort.

The Demonstration / Training

Bring up an instance of Grouper pre-populated with Math Faculty, groups representing admin for certain resources (this could be spaces), and groups representing students, students who opt-in for tutoring

(B) Creating Collaboration Infrastructure for Research and Scholarship

Research organizations and virtual organizations have similar issues - people coming from various places bringing an identity with them, and needing access to various tools and ways to collaborate.  

The Scenario

Imagine researchers and administrators working together on a groundbreaking research effort while being based at numerous different universities and research institutes. To facilitate their teamwork, these collaborators need to share documents, set up institution-independent mailing lists, coordinate calendars, and use a protected wiki to capture their efforts. Their collaboration needs to be protected, but the focus needs to be on the collaboration, not the technology.

The Demonstration / Training

Bring up an instance of COmanage, Confluence, Grouper pre-populated with Faculty Researchers from several fake institutions, groups representing admin for certain resources (this could be spaces), and groups representing researchers working on 3 or 4 different aspects of a project with associated mailing lists to communicate.  They can all have access to the protected wiki but there will be several pages specific to the different aspects details.

(C) Guest Systems

Many organizations would like a way to manage guest (affiliation) access that doesn’t require creating accounts and provisioning guests through the normal ERP system. This session will provide a solution.

Overview of the Colorado State University Guest System


(D) Identity Onboarding and LifeCycle Management

Identifying users in a unique way that can then be used to provide access to institutional resources, and later change or withdraw that access can be a challenging process and prone to many problems.  Students are the most problematic as there are vast numbers of them and what they should or should not have access to and what level of access may frequently change during their enrollment time and even afterwards as alumni.  Staff and faculty, though smaller in number, have similar issues.

...

Similarly, additional events triggered by changes in HR or other SORs can change or revoke the identity access rights automatically (de-provisioning).

The Scenario

Stephen Hawking is a new student in your system.  His interview for enrollment identified him as being highly proficient in math and the faculty would like him to assist them with updating math faculty resources.

The Demonstration / Training

As a part of the normal business process for students assisting faculty, Stephen will be hired as a research assistant in the HR system. Stephen will appear to be a new person to the HR person, so it will send a message to midPoint to create Stephen in the registry. The registry discovers Stephen already exists by running its search match process, and updates the registry with the HR system identifier. An updated person message is sent out by the registry, prompting Grouper to retrieve information about Stephens employee status and department and adds Stephen to basis groups resulting in an employee affiliation. Midpoint receives a message about the employee group affiliation and adds the employee role to Stephen.

...

Students will work through an integrated demo environment and learn how InCommon Trusted Access Platform components can work together to solve common IAM challenges.


(E) Federating Organizational Applications (SPs)

Many times institutions that support many of their own applications would like to provide secure access to those applications such that outside Faculty or Student can collaborate on projects or in other way through those applications.  Managing many inside and outside user accounts/passwords is cumbersome and time consuming.  Federating those applications as Service Providers (SPs) provides a means to securely provide access by verifying users via Federated Identity Providers (IdPs) both internally and for select external institutions or organizations.

The Scenario

write this

The Demonstration / Training

write this