Executive Summary
<Jessica to write after meeting>
Solution Summary
Track: Managing Access
Trusted Access Platform Components: Grouper
Project Team: Pascal Cantin, Chris Russel
Community Collaborators: <who provided significant contribution>
The Environment: <what is unique about your environment? i.e. small/large school, small/large team, includes hospitals, etc.>
Benefits to Organization:
- Reducing required time to complete access management request
- Affecting IT staff to activities that provides more value to the organization.
The Project
Problem Statement:
Our legacy IAM solution (Passport York) has reached some of limits in terms of group provisioning (e.g. automatic provisioning access to AD and Azure AD resources) that we are more and more relying on running ad-hoc scripts and manual interventions to try to keep up.
Impact Statement:
Reduced productivity resulting by the increase of manual work required by the various IT departments of the university to fulfill access management needs.
Scale: Medium to large
Scope:
- Deploying Grouper and Docker into production
- Importing necessary attributes and memberships from SIS and PY
- Provisioning groups and access into AD and Azure AD
- Developing framework for future reuse
Risks:
- Developer availability not confirmed yet that could scale back the scope of this project.
- No Docker infrastructure supported by IT
The Solution
Grouper: An open-source access management solution that can provide automatic group provisioning, based on attribute, role or membership of a person.
The Result
Initial Plan:
- Grouper PoC installation and configuration: Jan/Feb 2020
- Validate Grouper PoC with various IT groups: Feb/Mar 2020
- Deploy Solution production: Mar/Apr 2020
- Decommission existing scripts: Apr 2020
Actual Implementation:
<how did that go?>
Conclusions & Lessons Learned
Success Metrics:
- Decommissioning scripts that are currently used as a passable stop-gap
- The solution can be reused to allow automatic group provisioning to as many as possible directory services and applications at the university: (e.g.: AD, Azure AD, LDAP and Passport York)
- Replacing suboptimal process of group provisioning inside PY
- Reducing the amount of manual activities by IT for access management
<conclusions & lessons learned>