80 likes | 379 Views
Enterprise Directory Services and Identity Management. Enterprise Directory Services/IT Security. Enterprise Directory Services. Enterprise Directory Services. Password Self-Service Single Sign-On City Directory – City-Wide White Pages Employee Life-Cycle Management
E N D
Enterprise Directory Services/IT Security • Enterprise Directory Services Enterprise Directory Services Password Self-Service Single Sign-On City Directory – City-Wide White Pages Employee Life-Cycle Management Authentication and Authorization for City-wide Applications Centralized and Distributed Authorization for Applications Dedicated directory space for applications requiring full control of data DoITT VPN, DoITT Remote Access, Cityshare Datashare, DNAHits, Remedy, COIB, DoITT Network Devices Numerous applications under development Agency Directories
Enterprise Directory Services/IT Security • Password Self-Service • Registration – User selects questions, provides answers • Forgot Password – User answers questions, resets password • Change Profile – User can change questions/answers after normal authentication. • Change Password – User can change their password Enterprise Directory Services Web Based Access from Cityshare https://cityshare.nycnet/pss Agency Directory
Enterprise Directory Services/IT Security • Single Sign-On – Securely stores passwords in Enterprise Directory. User enters password for application once and SSO client enters it for the user every time they launch the application. SSO client monitors for application password changes if applicable. Wide variety of web, terminal and windows applications supported. Enterprise Directory Services Agency Desktop Windows Client Applications
Enterprise Directory Services/IT Security • City-wide Whitepages – Accessible from Cityshare Portal and http://citydirectory.nycnet. Agencies can configure Outlook or other mail client to query City-wide directory using LDAP addressbook support. Enterprise Directory Services Cityshare Portal and http://citydirectory.nycnet Agency Desktop – Outlook Client
Enterprise Directory Services/IT Security • Application use of Enterprise Directory – Applications can use standard LDAP protocol to search for and authenticate users from multiple agencies. Users are authenticated using their LAN credentials, simplifying user authentication. The Enterprise Directory also supports a “hosted” directory space model, where an application can be given its own area to manage with basic schema extensions. Distributed authorization is also supported through use of agency defined groups that can be leveraged by applications through the Enterprise Directory. Cityshare Portal Password Self-Service Single Sign-On Criminal Justice Datashare DNAHits Outlook/Email Clients Conflict of Interest Board DoITT VPN Services DoITT SSL/VPN Remote Access Many applications under development Enterprise Directory Services
Enterprise Directory Services/IT Security • Employee Life Cycle Management– The support of complete Employee Life Cycle management in co-operation with other agencies is a key goal if identity management. Currently, we are deploying automated de-provisioning for DoITT. The goal is to integrate with NYCAPS/PeopleSoft to provide full provisioning and de-provisioning for complete Employee Life Cycle Management. Enterprise Directory Services HR/Payroll Data (NYCAPS/PMS) Agency Directories
Enterprise Directory Services/IT Security • Future activities – • Provide automated provisioning/de-provisioning for active Employee Life-Cycle Management • PKI – leverage existing infrastructure to deliver central PKI infrastructure that can support diverse needs across city agencies to provide strong authentication, digital signatures and encryption for multiple purposes. • Integrate with key city-wide applications to synchronize passwords or identities where those applications may not support direct authentication to the Enterprise Directory. • Complete connectivity with key city agencies for multiple application needs. • Support WebSSO using SAML with support for federation with state and other external identity and/or service providers. • Support for non-Employee Identity Management • Synchronization of passwords/identities to key city-wide applications/systems (City Time, legacy RACF/ACF2 environments, UNIX account management)