The Problem
The University of Louisiana at Lafayette uses identity information contained in the Banner ERP to provide access to other systems outside of Banner (and removing users from those systems). This is driven by a set of home-grown scripts and processes. While user provisioning is generally done in a timely manner for new constituents, provisioning for returning users and deprovisioning remains troublesome. When the process fails, it is not always obvious why. The process is also highly dependent on a single individual for modifications and maintenance, exposing the whole system to significant risk in the case of staff turnover.
The Solution
The University chose to join the 2020 Collaboration Success Program and implement midPoint as a provisioning engine. In choosing midPoint, the project team cited the software component’s wide adoption within the CSP cohort and its extensibility via open source connectors. Team members also noted the availability of support from CSP subject-matter experts, Evolveum (which owns midPoint), consultants, and peer organizations.
The project team cited a number of benefits for this solution, including improved efficiencies, timely deprovisioning, robust logging and audit reports, and the availability of the support noted above. The project plan states this solution will provide a stable, reliable, maintainable platform for provisioning and deprovisioning.
The Result
The project involved installing midPoint and connectors to pull identity data from Banner and provision accounts to Active Directory and LDAP directories. The team also determined they would connect to Banner using the Ethos integration.
The project team found it needed information about a number of topics before beginning the midPoint deployment, including details of identity and access management technologies, such as the containerization method used with midPoint (and other InCommon Trusted Access Platform components), and of midPoint itself
The group developed a test environment during the CSP time frame with midPoint up and running with LDAP and Active Directory connectors. However, they have not moved midPoint to production and continue to work on the Banner connector. In addition to a learning curve steeper than expected, the COVID-19 pandemic and other extenuating circumstances prevented completion of the project.The project team intends to continue the work on midPoint and the Banner connector.
Once this project is complete, the university hopes to use this experience to deploy Grouper and COmanage, two additional InCommon Trusted Access Platform components.
Lessons Learned
- “Our advice is to understand that it takes time to do this. We knew this going in, but you can't sit back. You have to have time to participate in working groups and solve problems and ask questions.”
- An unexpected challenge was containerization
About the University of Louisiana at Lafayette
The University of Louisiana at Lafayette is the second-largest university in Louisiana, with more than 19,000 students, offering bachelor’s, master’s and doctoral degrees.
Project Team: Patrick Landry (Louisiana), Brian Dore (Louisiana), Kin Cheung (Louisiana), Jeremy Schambaugh (Louisiana), Gene Fields (Louisiana), Ethan Kromhout (North Carolina-Chapel Hill), Matt Brookover (Mines), Keith Hazelton (Internet2), Erin Murtha (Internet2).