identity access management n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Identity & Access Management PowerPoint Presentation
Download Presentation
Identity & Access Management

Loading in 2 Seconds...

play fullscreen
1 / 35

Identity & Access Management - PowerPoint PPT Presentation


  • 164 Views
  • Uploaded on

A Fresh Look At Penn State’s Processes, Policies, & Technologies Renée Shuey, Information Technology Services Vince Timbers, Undergrad Admissions Steve Selfe, Office of Human Resources. Identity & Access Management. IAM Update - Agenda. What is IAM Goals

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Identity & Access Management' - MikeCarlo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
identity access management
A Fresh Look At

Penn State’s

Processes,

Policies, &

Technologies

Renée Shuey, Information Technology Services

Vince Timbers, Undergrad Admissions

Steve Selfe, Office of Human Resources

Identity & Access Management
iam update agenda
IAM Update - Agenda
  • What is IAM
  • Goals
  • Who is Directly Involved
  • Five Areas of Focus
  • Deliverables
  • Next Steps
  • IAM and Undergrad Admissions
  • IAM and Office of Human Resources
iam defined
IAM Defined

IAM is an administrative process coupled with a technological solution which validates the identity of individuals and allows owners of data, applications, and systems to either maintain centrally or distribute responsibility for granting access to their respective resources to anyone participating within the IAM framework.

iam goals goal 1
IAM Goals – Goal #1

Establish a community of people and organizations who understand each others pressures, needs, and desires in identity and access management for the purposes of maintaining and developing as nimble a set of infrastructures possible to facilitate academic, business, and collaborative processes

iam goals goal 2
IAM Goals – Goal #2

Develop a Penn State roadmap for Identity and Access Management that can be used to help marshal the energy necessary to get to where we all need to go

who is involved
Who is Involved

Penn State Great Valley Development and Alumni Relations

Auxiliary and Business Services University Police Services

Undergraduate Admissions Office University Libraries

Office of the University Registrar Information Technology Services

International Programs Office of Physical Plant

Office of Sponsored Programs College of Agricultural Sciences

Office of the University Bursar Undergraduate Education

Office of the Corporate Controller The Graduate School

Commonwealth Campus Penn State Milton S. Hershey Medical Center

Office of Student Aid Intercollegiate Athletics

Office of Human Resources Outreach and Cooperative Extension

five areas of focus
Five Areas of Focus
  • Life Cycles and Affiliations
  • Vetting, Proofing, and Registration Authorities
  • Levels of Assurance
  • Risk Assessment
  • Governance and Policy
life cycles and affiliations
Life Cycles and Affiliations
  • The goal of this group is to define the many affiliations (customers, employees, etc) the University currently has and that can be envisioned in the future.
  • This group will also make recommendations regarding when each affiliation officially begins and ends; identifying the various stages of the life cycle, as well as the current processes for creating identities, along with recommendations on process improvement.
example of affiliations
Example of Affiliations
  • Staff (may include attributes such as leave of absence, pending, current, postdoc, future, recent) - [is future the same as pending? kgf '9-7-2007']
  • Faculty (may include attributes such as leave of absence, pending, current', future, recent) - [is future the same as pending? kgf 9-7-2007]
  • Student (may include attributes such as withdrawn, military withdrawn, leave of absence', future, recent')
  • Former Student
  • Visiting Staff
  • Visiting Faculty (also includes visiting scholars and fellows?)
  • Visiting Student
  • Furloughed Employee
vetting proofing and ra s
Vetting, Proofing, and RA’s
  • This group will identify all registration authorities, evaluate the current processes, and make recommendations to align the processes with recommendations of the federal government's guidelines for levels of assurance while adding value to the business processes of the University.
  • This group will also recommend vetting and proofing processes for both in person and remote registration of individuals.
vetting proofing and ra s recommendations
Vetting, Proofing, and RA’sRecommendations
  • Provide a Web based, self serve, password reset website for all.
  • Eliminate multiple passwords at Penn State University.
  • Merge FPS/Access Accounts into one identity domain
  • Tightly couple proofing and distribution of id and password
  • Process and information required for vetting at various levels
  • Process required for proofing
level of assurance loa
Level of Assurance (LoA)
  • Level of Assurance (LoA) describes the degree of certainty that the user has presented an identifier (a credential in this context) that refers to his or her identity. In this context, assurance is defined as:
    • the degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued, and the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued.
loa organized around
LoA Organized Around…
  • Organizational Maturity
  • Registration and Identity Proofing
  • Authentication Protocol
  • Token Strength
  • Status Management
  • Delivery Confirmation
recommended penn state loa s
Recommended Penn State LoA’s
  • Level 0: No confidence in the asserted identity’s validity
  • Level 1: Little confidence in the asserted identity’s validity.
  • Level 2: Some confidence in the asserted identity’s validity.
  • Level 3: High confidence in the asserted identity’s validity
  • Level 4: Very high confidence in the asserted identity’s validity.
risk assessment1
Risk Assessment

This group will work closely with the data classification and IPAS group to make recommendations on using levels of assurance, vetting and proofing, etc. to recommend the process for assessing risk associated with transactions and data.

risk assessment2
Risk Assessment
  • Possible Data Categories
    • Public
    • Internal/Controlled
    • Restricted
risk assessment3
Risk Assessment
  • Each data category would have a minimum level of assurance assigned to it for authentication and authorization requirements. It is likely that sub-categories or differing levels of assurance would be assigned to a data classification level, but a minimum level for the category must be assigned.
governance and policy
Governance and Policy

This group will evaluate current policies related to identity and access management at Penn State making recommendations to changes or creation of policy and/or governance.

governance and policy1
Governance and Policy
  • Gap Analysis
    • Penn State Policies
    • ITS guidelines, Policies
    • Federal and State regulations and laws
undergraduate admissions office

Undergraduate Admissions Office

Identity and Access Management is critical for connecting the appropriate people to the appropriate data!

who accesses admissions systems
Who Accesses Admissions Systems?
  • Prospects
  • Applicants
  • High School Guidance Counselors
  • Alumni Volunteers
  • Staff
  • Parents?
prospects applicants
Prospects/Applicants
  • 350,000 Prospects Each Year
  • Over 95,000 prospects created FPS accounts to access My Penn State
    • In 2007 52,830 (82%) applications were submitted on My Penn State
    • Thousands of visits scheduled
    • Application status check
    • Accept offer of admissions
    • Access admissions decisions online
high school counselors
High School Counselors
  • 350 High Schools with 1225 Counselors
  • Check application status of students
  • Submit credentials
  • Verify graduation
alumni volunteers
Alumni Volunteers
  • Over 500 Alumni Volunteers
    • Receive lists of applicants to contact
    • Provide information on applicant contacts
slide29

Office of Human Resources

Why Identity and Access Management?

…Why not?

who are all these people and why do they want access to our systems
Who are all these people and why do they want access to our systems?
  • Prospective Employees (Risk Low)
    • Job Vacancy/Bidding System for external candidates
who are all these people and why do they want access to our systems1
Who are all these people and why do they want access to our systems?
  • Current Employees (Risk High)
    • Employee Self-Service Information System (ESSIC)
    • Benefits/W-4/Paycheck/Salary Deposit/Savings Bond
    • Attendance System
    • Human Resource Development Center Course Registration
    • Job Vacancy/Bidding System for internal candidates
    • IBIS/ISIS functions
    • Workflow
    • WebIBIS
    • Employee Reimbursement System (ERS)
    • Travel/Transportation Services
    • eBuy
    • Penn State Portal
affiliations and roles
Affiliations and Roles
  • Prospective Employees
  • New/Current Employees
  • Retirees
  • Human Resource Representatives
  • Financial Officers
what can iam do for you and more importantly us
What can IAM do for you (and more importantly….us)?
  • Allow for faster more efficient creation of Access Accounts and, subsequently, access to systems
  • Applications will potentially be more secure by enforcing LoAs
  • More applications for our various affiliations
contact information
Contact Information
  • Renée Shuey
    • Information Technology Services
    • rshuey@psu.edu
  • Vince Timbers
    • Undergraduate Admissions Office
    • vlt@psu.edu
  • Steve Selfe
    • Office of Human Resources
    • srs1@psu.edu