Download PowerPoint - Technology Days

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts
no text concepts found
Transcript 
Identity and Access Management
June 9 – 10, 2016
Jared Galbraith and Andrew Hamilton
IAM
Our need to store and access data is growing.
Job performance and success is impacted by two systems, what
identity and how do you get the access needed.
A successful community has a flexible heterogeneous environment.
Current State of Provisioning
Challenges of Current State
• Complexity
•
Multiple Accounts and passwords
• In house Development
•
•
Primary user portal developer left
Maintenance of code has been minimal
• Manual provisioning
•
Spelling typos, dirty data
• Only Daily syncs from Banner.
•
Long provisioning times
Self Service – User Portal
Netid.unm.edu to claim account
• Users choice
Reset passwords
• Rigid question/answer is hard to remember
• Missing SMS verification, One time password etc.
Initiates synchronize process
• Communicates with PUB which pushes the accounts and
passwords to AD, LDAP et al.
Admin Portals
Netid.unm.edu to admin account
• User verification
Reset passwords
• High load on service desk
LAMB
• Guest account creation
• Troubleshooting
• Audits and Logging
• Unix groups, quota and home directory
Others
• Support Center/Accounts Office has to use other portals to look
up information
Authorization
Auto populating groups based on Banner data.
• Correlations based on external factors should be considered
Access Requests
• Workflow process to bridge the gap
Manually configured exports
• Applications use their own code and process for access.
• Groups create custom mechanisms.
Current Authentication
Authentication - challenges
Direct connections to directories
No standard or control
No administrator/developer guidance as to what technology to use
Multiple authentication portals (CAS, AD FS, Shibboleth)
Limited flexibility for new technologies (e.g. missing)
• OpenID
• OAUTH 2.0
• 802.1x
• PKI
Future Directions
Exploring implementation of off the shelf products
1. Reduced tools required by support staff
2. Closer Integration with Banner
3. Unified Access portal for Authentication
4. Authorizations based on roles
Provisioning – goals
On Demand Provisioning
o Automated and error free
Just in Time
o React to changes in identity sources right away instead of daily
reconciliation.
Reduce dependence on one person’s knowledge
o Reduction of in-house customized code/scripts
Consume multiple identity sources
o Better prepared for future enhancements
Clean up directories/establish property ownership
Future State of Provisioning
Self-Service Enhancements
User portal
o Commercial off the shelf solution
o Enhanced security features such as SMS, OTP
o Integration with provisioning system
Admin Portal
o More granular delegation options
o Fewer places to look for information
Authorization extensibility
User access request for resources
o Web based portal for delegation and registration
Role based modeling
o Provision resources based on business function
Workflow
o Self-service registration with oversite and management
approvals
Authorization Modeling
Governance
o Predictive Modeling
o Unstructured data mining
o Proactive Design
Authentication Goals
o Reduce direct access to Directory Services (AD/LDAP)
o Single authentication portal for authentication
o Provide path to enable future authentication services
o Increased community collaboration through user groups
Unified Experience
Questions?
Related documents
Name : Ahmed AL_Balawi ID: 200600112
Name : Ahmed AL_Balawi ID: 200600112
Network Device Security Options
Network Device Security Options
Chapter 5 Protection of Information Assets
Chapter 5 Protection of Information Assets
Slide 1
Slide 1
2017_74: Plants for water: assessing the impacts of climate change
2017_74: Plants for water: assessing the impacts of climate change
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Computer Security
Computer Security
Physical Access Controls
Physical Access Controls
The Hepatic Portal System
The Hepatic Portal System
Lecture 7, Part 2
Lecture 7, Part 2
Portal - BC ELN
Portal - BC ELN
Database Account/Privileges Request Form
Database Account/Privileges Request Form
chap-09v2
chap-09v2
PNAMP Portal Workshop – Enhancing Information Discovery
PNAMP Portal Workshop – Enhancing Information Discovery
Introduction to ASP.NET
Introduction to ASP.NET
Slide 1
Slide 1
Here is the Original File
Here is the Original File
Document
Document
Oracle vs. SQL Server
Oracle vs. SQL Server
NETWORK MANAGEMENT
NETWORK MANAGEMENT
Operating System Security Fundamentals
Operating System Security Fundamentals
Course Learning Objectives:
Course Learning Objectives: