Track: Lifecycle Management

Trusted Access Platform Components: MidPoint

Project Team: Patrick Landry, Brian Dore, Kin Cheung, Jeremy Schambaugh, Gene Fields

Community Collaborators: <SMEs who provided help on this project>

The Environment: <what is unique about your environment? i.e. small/large school, small/large team, includes hospitals, etc.>

Benefits to Organization: 

User Community

Office of Information Technology

The Project

Problem Statement:

User provisioning to systems outside of Banner (and removing users from those systems) is currently driven by a set of home-grown scripts and processes. While user provisioning is generally done in a timely manner for new constituents, provisioning for returning users and deprovisioning remains troublesome. In addition, when user provisioning does fail it is not always obvious why it failed. The current process is also highly dependent on a single individual for modifications and maintenance. This exposes the process to significant risk due to staff turnover.

Impact Statement:

This project will provide a stable, reliable, maintainable platform for provisioning and deprovisioning.

Scale and Scope:

The Solution

While many Identity Management (IdM) systems exist, few of them are designed for the educational environment. Educational institutions place specific demands on an IdM system which are not necessarily encountered by other types of businesses such as

Over the past several years the Internet2 community has collaborated to develop open-source software packages supporting identity and access management. The Trust and Identity in Education and Research (TIER) program was a three-year initiative (2016-2018) to provide enhancements and sustainability for community-driven identity and access management software and services. The TIER software is now the InCommon Trusted Access Platform (TAP).

By adopting the TAP suite we will gain support from community of like-minded institutions. This collaboration will provide access to resources unavailable due to lack of staff.

We have decided to implement midPoint as a provisioning engine during this project as it has wide adoption in the Collaboration Success Program (CSP) cohort, and is easily extensible via open source connectors. Support for midPoint is available from CSP SMEs, the vendor, consulting agencies, and peers.

The Result

Initial Plan:

Roadmap

Internal Communications Plan

Minimum Viable Project

Actual Implementation:

<how did that go?>

Conclusions & Lessons Learned

Success Metrics:

This project will be considered a success if we can replace the functionality of the current system with a production installation of MidPoint capable of:

<conclusions & lessons learned>