1 / 36

Leading an Effort to Define Roles

This article discusses the importance of defining roles in Identity & Access Management (IAM) at Penn State University. It explores the challenges and strategies involved in implementing role-based workflows and policies, and highlights the role stewards and their responsibilities. The article also examines the relationship between IAM and other organizational issues such as privacy, information security, and data classification.

sharib
Download Presentation

Leading an Effort to Define Roles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Leading an Effort to Define Roles A “Tripod” View of IAM

  2. I AM Alum – Liberal Arts DONOR Chair Residency Appeals Assistant Controller Employee Assistant Treasurer Budget Administrator Workflow “Mother” of all Roles Alum – Smeal College of Business Purchasing Card Administrator Member WPSU Conference Attendee Thespian Alumni Interest Group Purchasing Card Reconciler

  3. I AM Alum – Health & Human Development Director of Information Systems Auxiliary & Business Services Supervisor Employee Director in Finance & Business Parent of a freshman (tuition payer!) Budget Administrator

  4. I AM DONOR Senior Systems Engineer Director/Manager Budget Administrator Parent of an alum Lead Architect Team Leader in ITS Emerging Technologies Group Co-Chair InCommon Technical Advisory Committee Member of Nittany Lion Club Employee

  5. I AM dmm4 9-0000-0003 211-00-0000 602068 2098752890 dmm4@psu.edu jlw2 9-0000-0001 466-00-9999 602068 1234567890 jlw2@psu.edu prs4 9-0000-0002 962-00-1212 602068 39765112309 rshuey@psu.edu

  6. I AM THE WALRUS GOO, GOO, G’JOOB

  7. Electronic Approval since 1988 Approval Paths Based on individual – dmm4 Financial and HR Processes Only Route based on mnemonics Implementing Role-Based Workflow Standard workflow for process Authorization through roles and related attributes Leading an Effort to Define Roles Historical Perspective

  8. Identity & Access Management Road Map Co-Chaired by Renee Shuey & Joel Weidner Sub-Groups: Policy and Governance Risk Assessment Vetting, Proofing and Registration Authorities Life Cycle and Affiliations Levels of Assurance Report being presented next week Leading an Effort to Define Roles IAM at Penn State

  9. Leading an Effort to Define Roles IAM TECHNOLOGY Business Process POLICY

  10. Leading an Effort to Define Roles IAM TECHNOLOGY Business Process POLICY

  11. Leading an Effort to Define Roles Policy HOW CAN WE FOCUS THE IAM LENS? • Governance • Coordination and collaboration • Three-level structure proposed at Penn State • Policy • Comprehensive Overarching Policy • Standards vs. best practices vs. objectives • Audience beyond organization

  12. Leading an Effort to Define Roles Policy CHALLENGES • Organizational Issues • Workflow driving roles but broader use being implemented • Department Identity • Financial Organization is not representative of rest of the organization • Cultural Change • Communication/Cooperation • Cross-Organization Collaboration

  13. Leading an Effort to Define Roles Policy CHALLENGES • Roles • Creation of roles that work in multiple systems • Roles – access and security • Role versus Position versus Affiliation Can we use the term “roles” in academic processes?

  14. Leading an Effort to Define Roles Policy CHALLENGES • Role Stewardship • Attributes define access and authority • Who determines? • Some attributes are unique to individual – User ID • Other attributes relate to process • Privileges that are inherent in position • Role of President, Provost, Dean • Delegates and Proxies • Some roles can be automated • Principal Investigator – drive from account set-up

  15. Leading an Effort to Define Roles Policy CHALLENGES • Role Steward • Defines roles used in various processes • Role Assigner • Authority to grant access to role • May also require workflow approval • Person in role may have authority to grant access to delegates and proxies

  16. Leading an Effort to Define Roles Policy CHALLENGES • Relationship of IAM to Other Issues • Privacy • Information Security • Data Classification • Workflow • List Serve Management

  17. Leading an Effort to Define Roles Policy Who will be your Role Stewards? or as Jimmy V says “Muddah” of All Roles

  18. IAM TECHNOLOGY POLICY Business Process Leading an Effort to Define Roles

  19. Leading an Effort to Define Roles Focus onBusiness Processes Three Different Lenses The Customer or Consumer of online resources The Application/Resource Provider The Administrator

  20. The Customer Lens – the consumer “Don’t care how; I want it NOW!” Leading an Effort to Define Roles Focus onBusiness Processes

  21. The Customer Lens – the consumer Driving the development of online services Bringing expectations from commercial experiences Want it now Demand simplicity Want it pushed Leading an Effort to Define Roles Focus onBusiness Processes

  22. Customer Challenges Don’t care about roles—only know what they want to do How can intelligence be embedded into the business processes to simplify the customer experience? How can we integrate existing business processes (admissions, hiring, registration) with the automated updating of roles? Leading an Effort to Define Roles Focus onBusiness Processes

  23. Resource/Application Provider Leading an Effort to Define Roles Focus onBusiness Processes

  24. Resource/Application Provider Charged with providing online services to the university community Admission applications, housing contracts, meal plans, class resources, procurement, parking permits, online testing … Need to efficiently place user in a context and role to execute the transaction May require both user and approver roles Leading an Effort to Define Roles Focus onBusiness Processes

  25. Resource/Application Provider Challenges Dynamic environment where individuals are moving in and out of roles daily Reconciliation of a single identity with multiple roles In what role is the customer acting today--or for this particular application? Leading an Effort to Define Roles Focus onBusiness Processes

  26. The Administrator Lens – The business of managing the business Leading an Effort to Define Roles Focus onBusiness Processes

  27. The Administrator Lens – The business of managing the business Ensuring that policy is being followed Oversight for fiscal responsibility Oversight for academic integrity Leading an Effort to Define Roles Focus onBusiness Processes

  28. Administrator Challenges Responsible for role management Knowing “who’s on first” Keeping the business running Proxies and delegates Audits & controls Reconstruction of business transactions Encouraging people to “do the right thing” Leading an Effort to Define Roles Focus onBusiness Processes

  29. IAM TECHNOLOGY POLICY Business Process Leading an Effort to Define Roles

  30. Leading an Effort to Define Roles Technology • A mechanism must be provided for: • Assignment and management of roles. • Establishment of new roles and attributes. • Assignment of authority

  31. Leading an Effort to Define Roles Technology • Develop a Schema with “Agility Ability” • Meets both needs of Today and Unknown of Tomorrow • Necessary & Challenging

  32. Leading an Effort to Define Roles Technology • Identify Champions

  33. Leading an Effort to Define Roles Technology • Provide Education & Training

  34. Leading an Effort to Define Roles IAM TECHNOLOGY Business Process POLICY

  35. Leading an Effort to Define RolesQuestions, Comments, and Farewell • Debbie Meder • dmm4@psu.edu • Joel Weidner • jlw2@psu.edu • Renee Shuey • rshuey@psu.edu

  36. Don’t Forget!

More Related