Implementing Identity Management, Provisioning, and LDAP Authentication for PeopleSoft

1. Implementing Identity Management, Provisioning, and LDAP Authentication for PeopleSoft June 8, 2007 USM Conference Coppin State University

2. Presenter(s) • Chris Kennedy Sr. PeopleSoft Administrator/Analyst • Leda McNair Sr. DBA / PeopleSoft Administrator

3. Overview Coppin State University uses the Fischer Identity Management and Provisioning suite to automatically create student and employee accounts for Microsoft Active Directory and PeopleSoft. This presentation will discuss which events are used in PeopleSoft to trigger the account creation process and how the campus is using the Fischer Directory for LDAP authentication

4. Agenda/Contents • Network / PeopleSoft Environment Overview/Layout • Event Triggers • Students • Employees • LDAP Authentication • Lessons Learned

5. Coppin State University • Baltimore, MD • Liberal Arts University • Founded in 1900 • Enrollment between 4,000 – 4,500 students

6. PeopleSoft Applications • Live: • Financials 8.9MP4 / PeopleTools 8.47.11 • Enterprise Portal 8.8 / PeopleTools 8.45.13 • HR/SA/CR 8 / PeopleTools 8.22.13 • Future: • Upgrading to HCM/CS 9.0 (go-live Summer 2008) • Upgrading to Enterprise Portal 9.0 (go-live Fall 2008)

7. PeopleSoft Environment (Production Only) • Each Application (Portal, HR/SA, Financials): • 2 web servers • 1 report server (due to load balancing of web servers) • 2 application servers (one for application messaging and one for user logins) • 1 database server • 1 fileserver

8. Network / PeopleSoft Environment Configuration

9. Network / PeopleSoft Environment Configuration

10. Event Triggers (Students) • Matriculation (ADM_APPL_PROG record) • Creates network account, network home directory, web folder, and email account • Writes temporary table for creating PeopleSoft account

11. Event Triggers (Employees) • Hire (Job record) • Based on their empl class • Creates network account, network home directory, and email account • PeopleSoft account created manually • Termination, Leave of Absence, Retirement (Job record) • Writes record to temporary table for review to disable account • Reason - employee may have multiple jobs

12. Event Trigger(Component PeopleCode) • ADM_ACT_ENTRY.GBL.SavePostChange • Example: /* * Fischer PeopleCode to Publish Messages */ Declare Function PublishMessage PeopleCode FISC_FUNC_LIB.FISC_FUNC_LIB FieldFormula; &ReturnValue = PublishMessage(GetLevel0());

13. Event Triggers (Future Enhancements) • Automate creation of PeopleSoft accounts for both students and employees

14. LDAP Configuration Password Synchronization LDAP Authentication

15. LDAP Configuration • Reasons for using Fischer Active Directory for LDAP authentication: • PeopleSoft does not use multiple directories • Needed one directory with all student and employee accounts

16. LDAP Configuration • PeopleTools > Security > Directory > Configure Directory

17. LDAP Configuration • PeopleTools > Security > Directory > Authentication Map

18. Lessons Learned • Leave encrypt flag in PSOPRDEFN set to 1 (otherwise batch processes in HR/SA will fail) • Set password in PSOPRDEFN to some plain text value • Disable password controls in PeopleSoft • Make sure password controls are consistent between active directory domains • LDAP failover configuration not available until PeopleTools 8.48

19. Questions?

20. Contacts • Chris Kennedy Sr. PeopleSoft Administrator/Analyst Coppin State University E-mail:ckennedy@coppin.edu • Leda McNair Sr. DBA / PeopleSoft Administrator Coppin State University E-mail: lmcnair@coppin.edu