360 likes | 371 Views
This article discusses the importance of defining roles in Identity & Access Management (IAM) at Penn State University. It explores the challenges and strategies involved in implementing role-based workflows and policies, and highlights the role stewards and their responsibilities. The article also examines the relationship between IAM and other organizational issues such as privacy, information security, and data classification.
E N D
Leading an Effort to Define Roles A “Tripod” View of IAM
I AM Alum – Liberal Arts DONOR Chair Residency Appeals Assistant Controller Employee Assistant Treasurer Budget Administrator Workflow “Mother” of all Roles Alum – Smeal College of Business Purchasing Card Administrator Member WPSU Conference Attendee Thespian Alumni Interest Group Purchasing Card Reconciler
I AM Alum – Health & Human Development Director of Information Systems Auxiliary & Business Services Supervisor Employee Director in Finance & Business Parent of a freshman (tuition payer!) Budget Administrator
I AM DONOR Senior Systems Engineer Director/Manager Budget Administrator Parent of an alum Lead Architect Team Leader in ITS Emerging Technologies Group Co-Chair InCommon Technical Advisory Committee Member of Nittany Lion Club Employee
I AM dmm4 9-0000-0003 211-00-0000 602068 2098752890 dmm4@psu.edu jlw2 9-0000-0001 466-00-9999 602068 1234567890 jlw2@psu.edu prs4 9-0000-0002 962-00-1212 602068 39765112309 rshuey@psu.edu
I AM THE WALRUS GOO, GOO, G’JOOB
Electronic Approval since 1988 Approval Paths Based on individual – dmm4 Financial and HR Processes Only Route based on mnemonics Implementing Role-Based Workflow Standard workflow for process Authorization through roles and related attributes Leading an Effort to Define Roles Historical Perspective
Identity & Access Management Road Map Co-Chaired by Renee Shuey & Joel Weidner Sub-Groups: Policy and Governance Risk Assessment Vetting, Proofing and Registration Authorities Life Cycle and Affiliations Levels of Assurance Report being presented next week Leading an Effort to Define Roles IAM at Penn State
Leading an Effort to Define Roles IAM TECHNOLOGY Business Process POLICY
Leading an Effort to Define Roles IAM TECHNOLOGY Business Process POLICY
Leading an Effort to Define Roles Policy HOW CAN WE FOCUS THE IAM LENS? • Governance • Coordination and collaboration • Three-level structure proposed at Penn State • Policy • Comprehensive Overarching Policy • Standards vs. best practices vs. objectives • Audience beyond organization
Leading an Effort to Define Roles Policy CHALLENGES • Organizational Issues • Workflow driving roles but broader use being implemented • Department Identity • Financial Organization is not representative of rest of the organization • Cultural Change • Communication/Cooperation • Cross-Organization Collaboration
Leading an Effort to Define Roles Policy CHALLENGES • Roles • Creation of roles that work in multiple systems • Roles – access and security • Role versus Position versus Affiliation Can we use the term “roles” in academic processes?
Leading an Effort to Define Roles Policy CHALLENGES • Role Stewardship • Attributes define access and authority • Who determines? • Some attributes are unique to individual – User ID • Other attributes relate to process • Privileges that are inherent in position • Role of President, Provost, Dean • Delegates and Proxies • Some roles can be automated • Principal Investigator – drive from account set-up
Leading an Effort to Define Roles Policy CHALLENGES • Role Steward • Defines roles used in various processes • Role Assigner • Authority to grant access to role • May also require workflow approval • Person in role may have authority to grant access to delegates and proxies
Leading an Effort to Define Roles Policy CHALLENGES • Relationship of IAM to Other Issues • Privacy • Information Security • Data Classification • Workflow • List Serve Management
Leading an Effort to Define Roles Policy Who will be your Role Stewards? or as Jimmy V says “Muddah” of All Roles
IAM TECHNOLOGY POLICY Business Process Leading an Effort to Define Roles
Leading an Effort to Define Roles Focus onBusiness Processes Three Different Lenses The Customer or Consumer of online resources The Application/Resource Provider The Administrator
The Customer Lens – the consumer “Don’t care how; I want it NOW!” Leading an Effort to Define Roles Focus onBusiness Processes
The Customer Lens – the consumer Driving the development of online services Bringing expectations from commercial experiences Want it now Demand simplicity Want it pushed Leading an Effort to Define Roles Focus onBusiness Processes
Customer Challenges Don’t care about roles—only know what they want to do How can intelligence be embedded into the business processes to simplify the customer experience? How can we integrate existing business processes (admissions, hiring, registration) with the automated updating of roles? Leading an Effort to Define Roles Focus onBusiness Processes
Resource/Application Provider Leading an Effort to Define Roles Focus onBusiness Processes
Resource/Application Provider Charged with providing online services to the university community Admission applications, housing contracts, meal plans, class resources, procurement, parking permits, online testing … Need to efficiently place user in a context and role to execute the transaction May require both user and approver roles Leading an Effort to Define Roles Focus onBusiness Processes
Resource/Application Provider Challenges Dynamic environment where individuals are moving in and out of roles daily Reconciliation of a single identity with multiple roles In what role is the customer acting today--or for this particular application? Leading an Effort to Define Roles Focus onBusiness Processes
The Administrator Lens – The business of managing the business Leading an Effort to Define Roles Focus onBusiness Processes
The Administrator Lens – The business of managing the business Ensuring that policy is being followed Oversight for fiscal responsibility Oversight for academic integrity Leading an Effort to Define Roles Focus onBusiness Processes
Administrator Challenges Responsible for role management Knowing “who’s on first” Keeping the business running Proxies and delegates Audits & controls Reconstruction of business transactions Encouraging people to “do the right thing” Leading an Effort to Define Roles Focus onBusiness Processes
IAM TECHNOLOGY POLICY Business Process Leading an Effort to Define Roles
Leading an Effort to Define Roles Technology • A mechanism must be provided for: • Assignment and management of roles. • Establishment of new roles and attributes. • Assignment of authority
Leading an Effort to Define Roles Technology • Develop a Schema with “Agility Ability” • Meets both needs of Today and Unknown of Tomorrow • Necessary & Challenging
Leading an Effort to Define Roles Technology • Identify Champions
Leading an Effort to Define Roles Technology • Provide Education & Training
Leading an Effort to Define Roles IAM TECHNOLOGY Business Process POLICY
Leading an Effort to Define RolesQuestions, Comments, and Farewell • Debbie Meder • dmm4@psu.edu • Joel Weidner • jlw2@psu.edu • Renee Shuey • rshuey@psu.edu