Sub Heading And Date

Sub Heading

And DateSub Heading Date HEANet National Networking Conference – 12th November 2009

Identity ManagementUniversity of Limerick

ExperiencePresented By

Eugene MurnaneEamonn T Fitzgerald

Technology Solutions GroupInformation Technology Division

University of Limerick

Sub Heading


• Common Problems

• Provisioning Student Accounts (UL Experience)

• Provisioning Students E-Mail Accounts

• Provisioning Staff AD accounts

• International Equine Institute Case Study

• Future Plans

• Questions

Agenda

Sub Heading


Using Active Directory Credentials

Sub Heading


Definitive data source

Merging data from different sources

Ownership of data

Managing AD & e-mail accounts

Access to files & Printers

Single sign-on

Common Problems with Identity Management

Sub Heading


Provisioning Student Active Directory Accounts

• Data source: Student Records System

• Accounts updated nightly

• Accounts created via ID Card

• Disable non current student accounts

• Graduate student accounts are deleted manually once a year

• Reset Password using ID card or web

• Password expiry e-mail alert

Sub Heading

And DateSub Heading DateHEAnet & 13 Nov 2009

Student Account Attributes

AD Attributes updated:cn proxyAddressesuserPrincipalName samAccountNameMail givenNamesn

AD Attributes used to populate dynamic distribution groups in Microsoft Live@Edu:

extensionAttribute1 = “Student”extensionAttribute2: Course Code(s)extensionAttribute3: Year(s) of studyextensionAttribute4: Advisor groupextensionAttribute5: Registered Modules

HEANet National Networking Conference – 12th November 2009

Sub Heading


Provisioning Student E-mail Accounts• Microsoft Live@Edu Outlook Live Accounts

• Data Source: Active Directory

• Microsoft GALSync 2010 on ILM 2007 creates and updates Outlook Live accounts.

Sub Heading


Provisioning Student E-mail Accounts

• AD => Outlook Live One-way Password Synchronisation (PCNS)

• Startsync runs every 10 minutes• Single Sign-on access on-campus

SchoolWeb Portal

Live@EduMailbox

Directory

Student’s PC

Sub Heading


Provisioning Staff Active Directory Accounts

• Data sources: HR database; logged information

• ITD Service Desk create and update accounts

• Requests for new accounts are logged in RMS

• Inactive accounts automatically disabled after 180 days

• Inactive accounts automatically deleted after 400 days

• Reset password via web page www.ul.ie

Sub Heading


International Equine Institute Case Study

• The International Equine Institute wanted restricted access to videos uploaded onto HEAnet hosted site (http://media.heanet.ie)

• Use UL credentials to access videos

• Use Shibboleth to authenticate UL users

• Build Identity Provider Server

Sub Heading


Server Configuration

• Virtual server running on VMware ESX 4.0 clustered platform

• Shibboleth 2.0

• Red Hat Linux ES 4.0

• Apache Tomcat 5.5

• Apache 2.2

• Apache Tomcat (JK) Connector (config files to update /etc/httpd/conf.d/jk.conf and /etc/httpd/conf.d/ssl.conf)

• SSL certificate obtained from Globalsign via HEAnet

Sub Heading


Managing Accounts – Future Plans

• Use Microsoft Identity Lifecycle Manager to provision accounts (instead of programming)

• Staff Accounts to be provisioned from HR database

• Student Accounts to be provisioned from Student Records Database

• Use ILM to integrate Student Records System with:– Student ID Card System– Door Lock System

• Implement Single Sign-on for Student Records System

Sub Heading


Links

http://Media.heanet.ie

http://EduGate-Pilot.heanet.ie/rr

Sub Heading


Questions ?

Documents

Sub Heading And Date