Identity Management

1. Identity Management Choosing and Using Sun’s Identity Management Suite March 13th, 2007 Kim Tracy Executive Director University Computing Services Northeastern Illinois University +1 773-442-4374 K-tracy@neiu.edu

2. Northeastern Illinois University (NEIU) • Public university on northwest side of Chicago • ~12,000 students, ~2,200 faculty & staff • Commuter campus (no housing) • Large number of transfers Kim W. Tracy – 3/13/2007

3. Starting NEIU Environment • In process of implementing full SGHE Banner suite (including Luminis portal) • Independent accounts on systems • Exchange for faculty/staff • SunOne e-mail for students • Novell file shares • Blackboard • Luminis portal • Other LDAP-controlled resources • Used homegrown tools to sync and populate accounts from existing SIS (Jenzabar/CARS) • Had sync-ed account names for LDAP/Novell/AD Kim W. Tracy -- 3/13/2007

4. Our Scope and Problems to Address • Account and password integration across all resources • Web-based Single Sign On via Luminis to Blackboard & e-mail systems • Feed from existing SIS to IdM to create roles, account and e-mail addresses • Something that would evolve to integrate with Banner as we deploy it • Initial phase in about 2 months from project start • To synchronize and provision accounts and passwords on all major resources • Needed to coincide with Luminis portal deployment • SSO between Luminis, Blackboard, and e-mail • Later phases to handle deprovisioning, other resources Kim W. Tracy – 3/13/2007

5. The Decision Process • Used an RFP process to get bids from major IdM vendors • Only gave vendors a couple of weeks to respond • Required an integrated response (implementation, HW, & SW) • Required coordination between vendors & implementors • Key factors: • Ability to implement in short timeframe • Software capability • Consistency with planned architecture • Narrowed to two vendors • Got more detailed proposals • Choose a Sun/Simplesoft proposal that best addressed our RFP requirements and factors Kim W. Tracy – 3/13/2007

6. Solution Implementation • Got an integrated response from Simplesoft/Sun that included: • 5 Sun Servers • The Sun Identity Management Suite • Simplesoft implementation services • Most functionality was “out of the box” • User interface for account initialization and password reset was tuned to our requirements • Used LDAP for Blackboard & Luminis to simplify process • Used SSO in Luminis instead of Sun Access Manager • Integrations for Blackboard and Luminis written to their respective specifications • Built a back-feed to populate SIS with e-mail and account ID’s created by IdM Kim W. Tracy – 3/13/2007

7. Summary & Status • Phase 1 pretty much on time • Was difficult and took a lot of coordination • Still working on: • SSO w/Blackboard • Fully automating provisioning of accounts to Luminis & Blackboard • We have cleaned up many long standing account management issues by taking our lumps now • Users had to reset passwords to adhere to strong password policy • Now, users have access to all their resources with one account initialization • Now have a platform on which to • build further role-based services to support alumni, retirees, prospective students, etc. • Integrate SSO with most major systems Kim W. Tracy – 3/13/2007

8. Questions? Kim W. Tracy – 3/13/2007