1 / 22

Self Serve Identity Management Kiosk

Network and Communications Service. Self Serve Identity Management Kiosk. Gary Bernstein, Director NCS Eliezer Grinberger, Analyst NCS. Project Description. Provide a secure and accessible platform for the self-serve distribution of network credentials and a password reset mechanism.

johnson
Download Presentation

Self Serve Identity Management Kiosk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network and Communications Service Self ServeIdentity Management Kiosk Gary Bernstein, Director NCS Eliezer Grinberger, Analyst NCS

  2. Project Description • Provide a secure and accessible platform for the self-serve distribution of network credentials and a password reset mechanism

  3. Other Motivators • Move towards “Service Oriented Architecture”; Connecting legacy systems and exposing their functionality to other applications • Gain experience in the deployment of kiosk technology • Experiment with RFID as a network authentication device • Inspire other departments to implement kiosk applications

  4. E-Mail and Network Credentials • McGill Uniform E-mail Address (UEA) format • First.last@mcgill.ca (staff) • First.last@mail.mcgill.ca (students) • We have adopted this format as the Uniform Login ID (ULID) • A single password is associated with the UEA/ULID

  5. Distribution of ULID • Student’s first contact with McGill is upon application, using BANNER/Minerva • Student is assigned a BANNER numerical ID, currently different from the ULID

  6. Distribution of ULID • Student’s BANNER password is initially the year and month of their birthday • Students reset password on first BANNER encounter and provide an answer to a “secret” question • Students only assigned UAE/ULID after course registration, which can happen as late as early September

  7. The Problem • Students who register early forget passwords • UEA/ULID cannot be assigned until after registration • IST Help Desk is swamped with calls in late August, early September for password resets, UEA/ULID information

  8. Solutions • In previous years IST Customer Service (ICS) would distribute credentials at carding • The kiosks will offload or eventually eliminate this task • The kiosks will be available for the remainder of the year to handle additional requests and other applications

  9. Kiosk Operation • For security purposes, require two separate things: • Something you know • Something you own • The kiosk application provides the UEA/ULID and password when the card is presented AND the answer to the secret question is provided.

  10. Kiosk Operation (cont’d) • The application: • Allows student to enter a new password, or • Assigns a random password • Prints the UEA/ULID and password

  11. Pilot Project • Two kiosks temporarily located in ID card printing area where new students arrive. • One at Macdonald Campus (remote) • One at IST Customer service • After carding is completed, kiosks will be redeployed to Library and Registrar walk-in centre

  12. Other Apps • Goal is to eventually provide access to multiple applications with varying levels of authentication: • No Authentication • Campus Map • Campus News • Job Opportunities at McGill

  13. Other Apps • Swipe Only • Internet/Backbone Access • View course schedule • Double Authentication • Reset/View Network Credentials • View grades

  14. Other Apps • We hope to stimulate the imagination of other service areas to add apps to the kiosk • For example, already had a request from McGill Security to print photos of students who are being sought by patrol agents. • Printing of receipts • Validation of ID before entry to exam rooms

  15. Technical solution …

  16. Available Data in Campus OnGuard (Oracle) Banner (Oracle) • OnGuard Database: • Students / Staff list • ID Cards • Pictures • Banner Databases: • Students / Staff list • Secret Questions / Answers • Network credentials Confused user challenge … how to make the 3 dance?

  17. Kiosk Kiosk Website Web Service Layer OnGuard Web Service Banner Web Service Data Layer OnGuard Banner Solution Architecture

  18. Process Flow – Phase I Kiosk Website Badge number is transmitted to website User swipes his McGill ID card return person info & picture to website submit badge no. to OnGuad WS OnGuard Web Service request secret question from Banner WS return secret question to website Banner Web Service present web page to user

  19. Phase I - Result ********* ******** ********

  20. Process Flow – Phase II Kiosk Website Answer & password are transmitted to website User answers question and selects password validate secret answer request answer validation from Banner WS Banner Web Service request password change from Banner WS change user password present confirmation page to user

  21. Phase II - Result

  22. Technologies Used in Project

More Related