The Problem

York University's legacy Identity and Access Management solution (Passport York) has reached its limit in terms of group provisioning (e.g. automatic provisioning access to Azure AD resources). More and more, Passport York relies on ad-hoc scripts and manual interventions to try to keep up. This results in reduced productivity, given the manual work required by the various IT departments of the university to fulfill access management needs.

The Solution

The project team decided to join the 2020 Campus Success Program and deploy Grouper, an open-source access management solution that can provide automatic group provisioning, based on attribute, role, or membership of a person. The team set the scope of the project as:

The Result

The main goal of participating in the CSP was to understand the mindset of open source and what is involved in installing and configuring the software. This goal was met. The team completed a proof of concept for Grouper for access management, but  decided more resources and planning would be necessary to move to production. 

The proof of concept for Grouper was completed and the team gained an understanding of the value of using a third party to help with the implementation. Competing priorities prevented a developer from being assigned to the project, which prevented going further in the deployment process; so it was not moved to production.

One of the project team’s main use cases was using Grouper to provision mail-enabled groups in Microsoft Office365. Even though we were successful to provision to Microsoft Office365 groups with the help of a couple of members of the  community, we encountered an issue with the provisioning of mail-enabled groups that we were unable to resolve without developing our own Grouper connector to Microsoft Office365. The project team also gained a thorough understanding of what was involved in implementing another InCommon Trusted Access Platform component to production, which will inform the eventual replacement of the legacy IAM system. 

Lessons Learned

Key Takeways

There was an RFP/RFI occurring simultaneously to investigate other options in addition to the Trusted Access Platform, and the main goal of CSP was to understand the mindset of open source and what’s involved. It was clear that one needs to staff internally to support open source. 

The CSP experience was positive and we became aware of just how big the community is, and how much time a lot of the experts put into the projects to ensure that the features they want are built. While there is no monetary cost for open source software, one does have to give time and effort to co-create and shape the software. 

Lessons Learned

About York University

York University is a public research university in Toronto, Ontario, Canada. It is Canada's third-largest university with approximately 55,700 students and 7,000 faculty and staff.

Project Team: Pascal Cantin (York), Chris Russel (York), Chris Hyzer (UPenn), Chad Redmond (UNC), Bill Thompson (Lafayette College), Chris Hubing (Internet2), Erin Murtha (Internet2), Lacey Vickery (UNC-Charlotte)