Embed Size (px)
Citation preview
Identity Management Choosing and Using Sun’s Identity Management Suite
March 13th, 2007
Kim TracyExecutive DirectorUniversity Computing Services Northeastern Illinois University
Northeastern Illinois University (NEIU)
• Public university on northwest side of Chicago
• ~12,000 students, ~2,200 faculty & staff
• Commuter campus (no housing)
• Large number of transfers
Kim W. Tracy – 3/13/2007 2
Starting NEIU Environment
• In process of implementing full SGHE Banner suite (including Luminis portal)
• Independent accounts on systems– Exchange for faculty/staff– SunOne e-mail for students– Novell file shares– Blackboard– Luminis portal– Other LDAP-controlled resources
• Used homegrown tools to sync and populate accounts from existing SIS (Jenzabar/CARS)
• Had sync-ed account names for LDAP/Novell/AD
Kim W. Tracy -- 3/13/2007 3
Kim W. Tracy – 3/13/2007 4
Our Scope and Problems to Address
• Account and password integration across all resources
• Web-based Single Sign On via Luminis to Blackboard & e-mail systems
• Feed from existing SIS to IdM to create roles, account and e-mail addresses
• Something that would evolve to integrate with Banner as we deploy it
• Initial phase in about 2 months from project start– To synchronize and provision accounts and passwords on
all major resources– Needed to coincide with Luminis portal deployment– SSO between Luminis, Blackboard, and e-mail
• Later phases to handle deprovisioning, other resources
Kim W. Tracy – 3/13/2007 5
The Decision Process
• Used an RFP process to get bids from major IdM vendors– Only gave vendors a couple of weeks to respond
• Required an integrated response (implementation, HW, & SW)– Required coordination between vendors & implementors
• Key factors:– Ability to implement in short timeframe– Software capability– Consistency with planned architecture
• Narrowed to two vendors– Got more detailed proposals
• Choose a Sun/Simplesoft proposal that best addressed our RFP requirements and factors
Kim W. Tracy – 3/13/2007 6
Solution Implementation
• Got an integrated response from Simplesoft/Sun that included:
– 5 Sun Servers– The Sun Identity Management Suite– Simplesoft implementation services
• Most functionality was “out of the box”
• User interface for account initialization and password reset was tuned to our requirements
• Used LDAP for Blackboard & Luminis to simplify process
• Used SSO in Luminis instead of Sun Access Manager
• Integrations for Blackboard and Luminis written to their respective specifications
• Built a back-feed to populate SIS with e-mail and account ID’s created by IdM
Kim W. Tracy – 3/13/2007 7
Summary & Status
• Phase 1 pretty much on time– Was difficult and took a lot of coordination – Still working on:
• SSO w/Blackboard• Fully automating provisioning of accounts to
Luminis & Blackboard
• We have cleaned up many long standing account management issues by taking our lumps now
– Users had to reset passwords to adhere to strong password policy
– Now, users have access to all their resources with one account initialization
• Now have a platform on which to – build further role-based services to support alumni,
retirees, prospective students, etc.– Integrate SSO with most major systems
Kim W. Tracy – 3/13/2007 8
Questions?
