1 / 20

PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED

Explore the importance of identity management solutions in today's Information Technology landscape. Learn how automation and workflow tools can streamline employee access changes, enhance security, and improve overall system efficiency. Discover the lessons learned in implementing and managing identity management systems.

mfosdick
Download Presentation

PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED Management of Information SystemsInformation Technology

  2. Why do we need Identity Management? • Today, every change in employee status requires involvement by IT. New hires need access to be granted to the data and apps they need to do their jobs. Separations require access revocation and security changes. Job moves mean shifting status and access changes from one group to another.

  3. Why do we need Identity Management? • Identity management solutions help shift that responsibility away from IT. These solutions often place employee status changes back in the hands of those tied most closely to them — HR and sometimes even the employees themselves. Additionally, it provides tighter security and access control measures over the daily tasks of employees. 

  4. PSJA AT A GLANCE P S J A • 32,000 students • 5000 staff • 43 campuses/Support Sites • Micrsoft Active Directory/Office 365 • Google

  5. PROBLEMS AND INCONSISTENCIES

  6. AUTOMATION SOFTWARE CHOICES • 2010 & 2012 • NOVELL • Microsoft Active Directory • Servers • 1 – DSS server (automation) • 2 – ARMS server • group mgmt & password • 1 – Database server • 2010 & 2012 • Microsoft Active Directory • Server breakdown • 1 – App server (automation) • 2 – web front ends • group mgmt • 1 – SQL Database server • Azure Active Directory Premium for self service password (staff & students) • 2018

  7. VERSION 1 & 2 OF THE MATRIX • 2010 – Version 1 (NOVELL) • Identity Automation software • Used primarily with our Novell tree • 2012 – Version 2 (AD & STUDENT EMAILS) • Upgraded and improved logic with Identity Automation • Created all accounts in Microsoft Active Directory tree • Live@Edu fully automated for student accounts • Staff accounts remained on-premise

  8. OLD LOGIC AND NEW DEMANDS • 2018 – Version 3 • Philosophy and needs had changed since 2012 • Outgrew old logic…no longer made sense • Powershell scripts were running 40% of the process to meet our demands • Migration of on-premise accounts to the cloud broke existing logic (Exchange accounts) • Single sign on (SSO) to internal systems created instant demand for end users

  9. What is Microsoft Identity Manager? • Microsoft Identity Manager is a tool that… • Helps you manage the users, credentials, policies, and access within your organization. • Additionally, MIM 2016 adds a hybrid experience, privileged access management capabilities, and support for new platforms.

  10. What does Microsoft Identity Manager do? • Fundamentally MIM synchronizes identity data between various systems. It’s very flexible in what it can connect to (like Active Directory, other directories, HR systems, ERP systems, email systems etc.), and what objects it synchronizes (always users, often groups, and maybe roles, permissions, computers etc.). • It can provision and de-provision, enable and disable, move, and generally synchronize all types of attributes – even passwords (though passwords are not handled like other attributes – being propagated in real time, while regular attributes are synchronized on a schedule).

  11. GENERAL WORK FLOW - STAFF

  12. GENERAL WORK FLOW - STUDENT

  13. CONTROL POINT IS WITH HUMAN RESOURCES

  14. ONE USERNAME AND PASSWORD TO RULE THEM ALL And MANY MORE…

  15. Deprovision and Account – Staff member

  16. Deprovision Account - Student

  17. LESSONS LEARNED • Where does your information live? • eSchool (students) • eFinance (staff) • GIGO – Garbage In, Garbage Out • Flowcharts of what you want done • Complete life-cycle • Understanding your organization procedures • Who? What? How? Why? • Working with others to facilitate the needed changes • Change is hard for organizations/departments

  18. LESSONS LEARNED…..continued • Name logic was difficult to include everyone • De la Garza, double last names, nick names, etc. • Promotions, titles, pictures & renames – O my! • Time sensitive and controlled at HR without notice • Constant troubleshooting at the beginning • Where did it break, what broke it • Document your processes and procedures • Handling all of the special exceptions • Sometimes automation can’t fix everything

  19. Budget $$$ • How many individuals would it take to keep up with all data input and changes in the different systems? • 2? 3? Or more… • What would that cost? • How much time would that take? • Coordination and Communication

More Related