200 likes | 314 Views
Campus Identity and Access Management Services. Objectives. Learn how the university assigns and manages electronic identities Learn how this information is used for authentication and authorization. IAM Overview. Terms & Concepts IAM Goals & Principles IAM Services Overview
E N D
Objectives • Learn how the university assigns and manages electronic identities • Learn how this information is used for authentication and authorization
IAM Overview • Terms & Concepts • IAM Goals & Principles • IAM Services Overview • Identity Management • Directory Services • Authentication Services • Authorization Services
Attributes & Credentials Attributes • Identity and affiliation characteristics of an entity which are of interest to the university Credentials • Used to establish a person’s identity and help the university maintain a high degree of confidence in it • Helps to define the levels of service, access, or privileges available to a particular identity • Physical Credentials – UT ID Cards • Electronic Credentials - UT EIDs
IAM Goals & Principles • Entities have a single identity • Identity is a ubiquitous public user name • Identities have lifelong community membership • Consistent sign-on (authentication) • Self-service • Distributed management
Identity Management Services Source Systems Enterprise Directory Other Directory Services Identity Management System Authentication Services Authorization Services
UT EID • An electronic identifier that contains two key attributes – UT EID and UIN • Several EID types: Person, Business, Department, Service, Group, Resource, ID-Only • Person UT EID is an individual’s public username and their electronic credential that allows them to use online secure services
Did You Know? • Approximately how many EIDs have been issued by UT Austin? 4.5 Million EIDs (3.8M Person) • On an average day during the regular semester how many EID logons occur? ~130,000 EID logons
Enterprise Directory Services Source Systems Enterprise Directory Other Directory Services Identity Management System Authentication Services Authorization Services
Enterprise Directories • uTexas Enterprise Directory (TED) • TED on the Mainframe (TOM) • White Pages Directory • Austin Active Directory Sample Person Attributes in TED
Authentication Services Source Systems Enterprise Directory Other Directory Services Identity Management System Authentication Services Authorization Services
Web Authentication Web Server Web Browser AuthN. Agent DataStore Authentication Service
Authorization Services Source Systems Enterprise Directory Other Directory Services Identity Management System Authentication Services Authorization Services
Authorizations Apollo Group - EID Stewards NRRECS Group Mediated Auth: View unrestricted student records BACS Group – App-empl. BACS System Internal - Group Auth: Access Main 25th Floor Task Manager System Internal - Individual Auth: Update DP Auth: Submit DP
In Closing • An entity has only one identity and this is represented by the UT EID • UT EID is the ubiquitous public user name • Identities have lifelong membership in our community • Identity & Access Management services include: Identity Management, Directory Services, Authentication Services, & Authorization Services