Track: Lifecycle Management
Trusted Access Platform Components: MidPoint
Project Team: Patrick Landry, Brian Dore, Kin Cheung, Jeremy Schambaugh, Gene Fields
Community Collaborators: <SMEs who provided help on this project>
The Environment: <what is unique about your environment? i.e. small/large school, small/large team, includes hospitals, etc.>
Benefits to Organization:
User Community
End users will benefit due to the improved efficiency of the provisioning/deprovisioning process. In the future having a modern IdM platform will allow us to offer additional services such as audits and self-service to customers outside of OIT.
Office of Information Technology
Problem Statement:
User provisioning to systems outside of Banner (and removing users from those systems) is currently driven by a set of home-grown scripts and processes. While user provisioning is generally done in a timely manner for new constituents, provisioning for returning users and deprovisioning remains troublesome. In addition, when user provisioning does fail it is not always obvious why it failed. The current process is also highly dependent on a single individual for modifications and maintenance. This exposes the process to significant risk due to staff turnover.
Impact Statement:
This project will provide a stable, reliable, maintainable platform for provisioning and deprovisioning.
Scale and Scope:
6-8 staff members will be involved in the implementation
While many Identity Management (IdM) systems exist, few of them are designed for the educational environment. Educational institutions place specific demands on an IdM system which are not necessarily encountered by other types of businesses such as
Over the past several years the Internet2 community has collaborated to develop open-source software packages supporting identity and access management. The Trust and Identity in Education and Research (TIER) program was a three-year initiative (2016-2018) to provide enhancements and sustainability for community-driven identity and access management software and services. The TIER software is now the InCommon Trusted Access Platform (TAP).
By adopting the TAP suite we will gain support from community of like-minded institutions. This collaboration will provide access to resources unavailable due to lack of staff.
We have decided to implement midPoint as a provisioning engine during this project as it has wide adoption in the Collaboration Success Program (CSP) cohort, and is easily extensible via open source connectors. Support for midPoint is available from CSP SMEs, the vendor, consulting agencies, and peers.
The Result
Initial Plan:
Roadmap
Internal Communications Plan
Minimum Viable Project
Actual Implementation:
<how did that go?>
Success Metrics:
This project will be considered a success if we can replace the functionality of the current system with a production installation of MidPoint capable of:
<conclusions & lessons learned>