Title: Case Study Implementing Identity Management: Critical Factors for Success
1Leda McNair Database Administrator Coppin State
University Brian Vinacco Director of
Consulting Services Fischer International
Corporation
2Agenda
- What is Identity Management?
- Project Scope / Timeline
- Technology Selection
- Phase I Password Management
- Phase II Provisioning
- Phase III and Beyond
- Summary Critical Factors
- Q A
3What is Identity Management?
- Password Management / Access Management
- Provisioning / Authorization
- Compliance
A Are you who you say you are? A What
permissions do you have? A What permissions
are you SUPPOSED to have? When did you have
those permissions? Who approved those
permissions?
4What is Identity Management?
EMPLOYEES
CONTRACT
PASSWORDS
PASSWORDS
PasswordAuthentication
PASSWORDS
PASSWORDS
STUDENTS
DISTANCE LEARNERS
5What is Identity Management?
- Provisioning / Authorization
EMPLOYEES
CONTRACT
PASSWORDS
PASSWORDS
PasswordAuthentication
PASSWORDS
PASSWORDS
STUDENTS
DISTANCE LEARNERS
Servers
Data Bases
Extranet
Student Apps
Directories
Email
Business Apps
Oracle-Peoplesoft
SupportApplications
ActiveDirectory
6What is Identity Management?
- Provisioning / Authorization
CONTRACT
EMPLOYEES
PASSWORDS
PASSWORDS
PasswordAuthentication
PASSWORDS
PASSWORDS
STUDENTS
DISTANCE LEARNERS
Servers
Data Bases
Extranet
Student Apps
Directories
Email
SupportApplications
Oracle-Peoplesoft
Business Apps
ActiveDirectory
7What is Identity Management?
- Continuous
- Gap Analysis
- Policy vs. Reality
- Audits (3 types for Coppin)
- Excessive Permissions
- Orphan Accounts
- Separation of Duties
- Password Policies
CONTRACT
EMPLOYEES
PASSWORDS
PASSWORDS
PasswordAuthentication
PASSWORDS
PASSWORDS
STUDENTS
DISTANCE LEARNERS
Servers
Data Bases
Extranet
Student Apps
Directories
Email
SupportApplications
Oracle-Peoplesoft
Business Apps
ActiveDirectory
8Critical Success Factor Identify the Right Goals
- Half-Empty
- Pain Points
- Time/labor/cost reset passwords
- Time/labor/cost to provision accounts
- Poor productivity
- Half-Full
- University Goals
- Improve Service Levels to Students
- Increase Enrollment
- Generate Revenue
- Stronger Protection
- Operational Excellence
FOCUS ON IMPROVING BUSINESS PROCESSES
9Critical Success Factor Biggest Bang
We are here
10Technology Selection
Fischer Identity Suite
Critical Success Factor Buying Criteria Take
the long view.
- All the capabilities (holistic suite)
- Technology to meet unforeseen needs
- Business partnership vs. vendor
- Focus on business processes, not programming
- Only solution that proved it was simple (even
provisioning)
11Fischer Identity Suite
The Best Practice Approach
- PRODUCTIVITY SIMPLICITY
- Drag Drop workflow creation increases
productivity, lowers cost - INTEGRATION TECHNOLOGY
- Integration technology enables unlimited
connectivity out-of-the-box and on-the-fly - ETL any-to-any synchronization across all
applications - CONTINUOUS COMPLIANCE
- Integrate compliance across business processes
- Automate SoD enforcement
- Central audit database with robust reporting
- INVESTMENT PROTECTION
- All core IdM technologies
- Java, SOA, Standards, Services
- Integrates to all systems
12Password Management Implementation
Overview
- 8000 Users
- Access to Network Resources (email, shares,
drives, etc.)
Scope
- Focus on business processes, not programming
- Only solution that proved it was simple (even
provisioning)
Duration
- Install / Customize / Enhance / Train /
Deploy(includes time to debug former
provisioning system)
Activities
- Remote deployment was key
- Quick access to on-site experts
- Faster Time to Value Eliminated 4 days
- Cost Avoidance Removed 20K from T/E
CriticalSuccessFactors
13Phase I
Password Management
14Password Management Before
Password Management Before
- No remote password resets for network resources
- Users must go on-campus to use password kiosk
- University reset policy at least every 120 days
- Extending existing IdM solution not an option
(fragile)
PreviousState
- Slows/Prohibits Business Processes
- Student Registration, Distance Learning, etc.
- Inconsistent Image Coppin is a Technology Leader
StrategicImpact
- Disruptive / Reduced Productivity
- Resets performed by application groups ()
Help Desk () - Expensive
- Over 500/month at beginning of semester
- avg. 10 min/reset x 35.00/hr
Tactical Impact
15Password Management Goals
- Improve student service levels and satisfaction
- Increase revenue bottom line by removing
barriers - Increase online registration (Student
Registration) - Increase enrollment (Distance Learning)
- Enable critical business processes
- Improve functional department efficiency and
productivity - Reset passwords from any location (self-service)
- In place before Fall Semester
- Reduce password reset calls by 90
- Improve internal resource utilization
- Reduce operational costs
Strategic
Tactical
16Password Management After
ProductivityGained / day
34 resets x 10 min 5 hr. 40 min.
17Password Management After
On / Off Campus Password Reset
18Phase II
Provisioning
19Phase II Provisioning
Provisioning Implementation
First Round Fall - Winter 05
- Oracle-PeopleSoft Employees
- Oracle-PeopleSoft Students
Second Round Spring 06
20Provisioning Goals
- Increase enrollment
- Admissions Leverage network services as
marketing tool - Improve service to students, staff
- Hire Request to Fill / Adjunct Professor
- Enable new business processes and services
- Reduce provisioning time from days to hours
- Eliminate manual, paper-driven processes
- Improve resource utilization for IT and
Application organizations
Strategic
Tactical
21Admissions Provisioning Before
Prospective New Student Population
- Potentially 1000s of
- New Students
- Too much work to provision unless theyre
confirmed - Risk of not deprovisioning
- Manual Activation
- July (peak)
- 1500 1800 Actual
- Person-hours 4-6 hours
- Turnaround 24-48 hours
- Occurs 50-60 times in peak
- Annual Hours 500 - 600
- (12 15 person-weeks)
Records
Registration
Fees Paid?
Matriculated?
To functional Departments
sqr
Old Provisioning Solution
student file
Email
Disk
etc.
Add/Drop Date Manually deprovision InactiveNew
Student Accounts
22Provisioning Network Resources After
Expected Process / Results
RequestApplication
Prospective New Student Population
- Potentially 1000s of
- New Students
- Provisioning triggered by
- Matriculation in PS
- Provisioning time reduced from 24 - 48 hours to
1. - Prospective student engaged in January vs.
July/August. - 6-9 months of free resource access vs. 1-3
- All IdM events recorded
- Deprovisioning automatically occurs at Add/Drop
date - No labor
- Frees-up 4 people
- Avoids 500-600 hours labor
Financial Aid App.
Apply for Admission.
Matriculated?
Policies/Groups/Roles
Workflow
Audit
Email
Disk
etc.
Scheduled Deprovision after Add/Drop Date Revoke
access
23Phase III and Beyond
Phase III and Beyond
Phase IIISummer 06
- Oracle-PeopleSoft Upgrade
- Other Business Processes and Outlying
Applications - Mobile Provisioning approval, password resets,
etc.
Phase IVTBD
24Summary Critical Success Factors
- Identify the Right Goals.
- Look for Biggest Bang First.
- Take a Phased Approach
- Buying Criteria Take the Long View.
- Look at the Business Process - Not the Pain.
- Simple is Good. (TCO)
- More to come in June at the next Conference
25Q A
- Leda McNair
- Database AdministratorCoppin State University
- lmcnair_at_coppin.edu
- 410-951-3885
- Brian Vinacco
- Director, Support Services
- Fischer International Corporation
- brian.vinacco_at_fisc.com
- 239-643-1500
- Stop by Fischer Exhibit
- IDC Case Study
- Giveaway
- Access to IdM White Papers
26Request to Fill After