Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino Kent McKinney, Director, Information Systems, Information & Computing Services, CSUEB Lorraine Frost, Interim VP, Information Resources and Technology, CSUSB July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 1 Agenda • Overview of Collaborative • Project Drivers • Project Objectives • Project Strategies • Project Deliverables • Project Status July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 2 Overview of Collaborative Both East Bay and San Bernardino were interested in exploring the potential of the SUN Java Enterprise System (JES) toolset to address their needs for supporting an Identity Management System (IdM). A common desire to use these tools for provisioning and de-provisioning access to campus resources developed. San Bernardino had been evaluating both Oracle and SUN’s toolsets. Given the current knowledge and expertise in SUN products on the campus, significant price breaks on the product, and the common goals between East Bay and San Bernardino, a collaborative began to formulate. July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 3 Project Drivers – East Bay • Desire to standardize home grown provisioning process using a vendor supported tool • Interest in sharing training opportunities and learning experiences with other campuses • Needed to expand support structure for provisioning services on campus • Current single sign-on capabilities needed to be expanded to other applications; particularly to departmental applications • Synchronize the enterprise directory with Active Directory • Historical skill set strengths in SUN products July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 4 Project Drivers – San Bernardino • Recognized need to develop single sign-on strategy to address upcoming campus portal implementation • Need to clearly identify campus constituents, roles, authentication, and authorization to campus resources • Desire to enhance security surrounding access to applications • Interest in sharing strategies and approaches with other campuses • Synchronize the enterprise directory with Active Directory • Historical skill set strengths in SUN products July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 5 Project Objectives • East Bay and San Bernardino participation in the review and update of the Cal State eduPerson schema with adaptation to campus Enterprise Directory services • San Bernardino evaluation of the use of a network id, similar to East Bay’s, to enable access to campus resources • Identify project tasks to address two campuses, with separate operations, common problems, and develop common solutions to address IdM strategies • Develop provisioning and de-provisioning policies and procedures for campus enterprise systems • Determine benefits and costs of working together • Identity strengths and weaknesses of the SUN JES Identity Management System toolset • Publicize lessons learned and advantages of using a secure Identity Management System toolset, such as Sun JES July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 6 Project Strategies • East Bay and San Bernardino had strong skill sets in use of SUN for email systems, LDAP directories, and current licenses could easily be expanded to include JES • San Bernardino was developing a portal strategy and needed to ensure it would integrate effectively with future IdM directions • East Bay already used a network id and home grown provisioning tools to provide access to campus resources, but wanted to move to a standardized toolset and integration of departmental applications • Both campuses were moving in the same direction and felt a joint venture would afford them opportunities to share training, expertise, consultant hours, and JES application installation knowledge • Small project, email provisioning and Enterprise Directory/Active Directory synchronization, was chosen to provide earlier results and opportunity to test the toolset. • Alternating phases between campuses will provide each campus ability to increase number of applications addressed by toolset while learning from each others activities • Use of Project Management skills at East Bay to monitor joint project • Costs to be shared by East Bay, San Bernardino, Chancellor’s Office, SUN, and systems integrators July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 7 Project Deliverables • San Bernardino – Phase I • East Bay – Phase II • Establish and deploy use of network id, if appropriate • Install, configure, and test SUN JES identity manager software • Configure unidirectional transfer with Active Directories and Enterprise Directory • Provision accounts into CSUSB email system • Integrate applications with single sign-on processes: Email, PeopleSoft HCM 8.9, Blackboard • Identify strengths and weakness of Sun JES • Comparison of current provision toolset with capabilities of Sun JES IdM toolset • Based on lessons learned from San Bernardino, convert current toolset to Sun JES • Create single sign-on framework to integrate departmental applications. • Configure unidirectional transfer with Active Directories and Enterprise Directory • Provide Project Planning support to both phases • Identify strengths and weakness of Sun JES July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 8 Project Status • Project objectives and deliverables identified with additional items to be considered • Initial consulting contract for Phase I in review, need to expand to include East Bay involvement • Sun JES purchased by both campuses • Developing Project proposal for CO consideration • Team participants still to be fully identified • Project tasks to be outlined July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 9 Questions or Suggestions July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity 10