Identity and Request Management Using Novell Identity Manager: Identity Manager—It’s Not Just about Identity Management Anymore!
Upcoming SlideShare
Loading in...5

Identity and Request Management Using Novell Identity Manager: Identity Manager—It’s Not Just about Identity Management Anymore!



To support regulatory compliance, audit requirements and its strategic direction, St. Vincent Health joined with Novell to design, develop and implement a Novell Identity Manager system in its 18 ...

To support regulatory compliance, audit requirements and its strategic direction, St. Vincent Health joined with Novell to design, develop and implement a Novell Identity Manager system in its 18 hospitals to provide role-based access control and audit capabilities that exceed auditor requirements. This session will provide an overview of the business case, benefits, phased approach and technical solution for role-based access at St. Vincent Health in support of HIPAA compliance. This session will provide a demonstration of Novell Identity Manager based workflow customization, role-based access control entitlements and provisioning. It will also demonstrate how Identity Manager can be used to manage other processes other than identity and access management. You will see a complete demonstration of St. Vincent’s Identity Manager solution and how Novell Sentinel reporting is providing answers to auditor and management questions.



Total Views
Views on SlideShare
Embed Views



1 Embed 29 29



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Identity and Request Management Using Novell Identity Manager: Identity Manager—It’s Not Just about Identity Management Anymore! Identity and Request Management Using Novell Identity Manager: Identity Manager—It’s Not Just about Identity Management Anymore! Presentation Transcript

    • Novell Identity Manager ® It’s Not Just about Identity Management Anymore! Steve Whicker Sarah Hetrick Manager – Security Compliance Sr Technical Engineer AHIS – Central Region AHIS – Central Region St Vincent Health St Vincent Health
    • Identity Management Goals at St. Vincent Health • Enable regulatory compliance (HIPAA) and internal controls in IS security processes • Reduce operating costs through user account provisioning (process automation) and sharing common infrastructure components • Decrease corporate exposure by reducing the risk of unauthorized access to data & automating enforcement of security policy • Improve associate satisfaction by automating online HR benefits management • Improve data integrity by decreasing duplicative identity data stores and manual data entry processes • Improve the quality of services provided by IS 2 © Novell, Inc. All rights reserved.
    • St. Vincent Health’s Identity Management Drivers Regulatory Security Efficiency / Cost Compliance • HIPAA • Automate Manual • Reduce Manual • Unique user Security Policies Admin via automated identification • Automate Identity account provisioning requirements Management (Create, • Manage online HR • Access Control Modify, Delete) Benefits Requirements • Automate Roles • Set up Foundation for • Auditing Based Access Expanded Services Requirements Control • Improve Data • Minimum Necessary • Automate Workflow Accuracy Requirements Approval, Denial • Leverage Current • Enterprise Role- Investments based Access Control • Provide Password (RBAC) model Reset Self Service • Auditing / Reporting 3 © Novell, Inc. All rights reserved.
    • Where We Started (July 2005) • Four separate networks (Indianapolis, Frankfort, Anderson, Kokomo) • Two separate and overlapping access request processes for identity and access management (ID Request & IS Request), made it difficult to centrally manage the access request and change logs • Identity creation and management was a manual process • No centralized process to document request completion • No formal validation process to verify the authenticity of requesting manager • Multiple touch points (Network Administrator and Application support personnel) for creation of Login ID for an individual user • De-provisioning process was not consistently followed • No user entitlement matrix existed 4 © Novell, Inc. All rights reserved.
    • Our Identity Management Roadmap Infrastructure Enable Bi- Upgrade NT Upgrade Existing Consolidate File Readiness Directory Directional Domains to AD Drivers to IdM2 Services Trees Creates Implement Universal Password Document Identity Implement Implementation Design Enhanced Management Provisioning PeopleSoft Design and Identity Management Enhanced Requirements Connector Implement Web Implement Based Password Self Document Web based Provisioning Process Design Web based Service Enhance Existing Provisioning Workflow Analysis and Provisioning Workflow Connectors and Design Workflow Implement Requirements Provisioning Design and Implementation Role Based Role Definition and Mapping Document Role based Design Role Implement Role Provision users to provisioning based based access and additional systems requirements provisioning provisioning Design Identify Audit Audit Logging ( enable real time logging with appropriate systems) Auditing and Auditing and Needs Reporting Reporting Implement Audit Skill Skills Development and Training Assessment Business and Ongoing Support Ongoing Maintenance and Support Governance, Organizational Change Management and Communication 5 © Novell, Inc. All rights reserved.
    • Identity and Request Management Portal Windows Biztalk Data Warehouse Windows Vistar STVLDAP Windows IND1 IDV Identity Management Portal Windows National AD / Exchange STVI STVNET Windows 6 © Novell, Inc. All rights reserved.
    • Hiring Process Start 1 20. User and Manager receives notification that Non-System application has been granted Processes 1. HR/manager is notified of new hire (associate/ non-associate) PeopleSoft 2. HR/manager enters 7. PeopleSoft is HRMS hire data into PS updated with Login (associate / non- ID & email address associate) No 19. Workflow Workflow Processes 3. All required attributed 5a. Identity Manager 6. Identity Manager 5b. Go to generates email Yes eDirectory (IDV) Are available and 4. Is this a determine unique creates and places Modify Users notifications PeopleSoft effective new Identity? Login ID the Identity Process Box Yes ™ date has transpired #4 13. Identity Manager Manager 12. Go to 18. Application 15b. Application 14. WF 11. Identity Manager generates workflow & requests Modify Users support approves support checks queue approved by emails manager of WF email notify for default additional Process Box approver? new hire applications per rules Apps via WF #10b Yes for non connected SVHLDAP) eDirectory 8b. Identity Manager 8a. Identity Manager (STVI & system creates Identity in creates Identity in SVHLDAP STVI Directory Directory (STVNET) (IND1) 9. Identity Manager Active Yes for connected system creates Identity IND1 Active 10. Identity Manager creates Identity STVNET Other Applications 17. Application support 16. Application support creates Identity and determines access rights access rights 15a. Create new Process perfomed for each application requested user account automatically 7 © Novell, Inc. All rights reserved.
    • Termination Process Start 1 Start 2 Start 3 15. Manager Non-System Processes 1. Manager is notified of a 1b. HR Service Center is 5. Server team is email notified that the receives notification termination event for notified of termination 1c. Termination is initiated user never showed up for work, research is associate or non event for associate or non through VISTAR feed done, accounts may be deleted manually, associate associate instead of just disable automatically PeopleSoft HRMS 2. Data is entered into PeopleSoft HRMS 14. Workflow generates Workflow Processes 3. IDM Updates User data in eDirectory (IDV) 4a. Is this an a email notifications IDV. disables account & moves no show hire? user to the inactive container ™ 4b. Routes termination Yes 11. All application support admin(s) 13. are notified via email of a termination Application Support WF request to all app workflow task to be completed after Approves WF security admin(s) they disable or delete the account SVHLDAP) eDirectory (STVI & 6. IDM Updates User data in 7. IDM disables Groupwise 10. IDM deletes user STVI. disables account & moves user and sets visibility account in SVHLDAP user to the inactive container to note Directory Directory 8. IDM Updates User data in (STVNET) (IND1) Active IND1. disables account & moves user to the inactive container Active 9. IDM deletes user account in STVNET Other Applications 13. Application support admins disable/delete user manually in other application(s) 8 © Novell, Inc. All rights reserved.
    • Other Processes Handled • Renames (Name Changes) • Business Unit Changes • User Data Changes 9 © Novell, Inc. All rights reserved.
    • Automated Escalation Process Insures Customer Request Are Not Lost Initiated by Manager to Grant application for End User Application Escalate to 2nd Escalation to Owner Owner's Mgr Owner's Mgr Start 1d 2d Denied Could take 3d Time Out up to 6 days 4d Denied 5d Time Out 6d Denied Approved * Ti m e Out Approved * Approved * * indicates Log for all IDM denied activities completion Entitlement of work is granted Finished 10 © Novell, Inc. All rights reserved.
    • Service Request Management • Replaced existing Information Services Request (ISR) System • Provides three different workflow processes – Catalog Equipment Order – Equipment Moves & Removals – Professional Services (Including Projects) • Utilized management hierarchy to route approvals • Ties Identity and Request Management (IDRM) to the ticketing system – Currently a manual connection – Future connection will be automated using SOAP 11 © Novell, Inc. All rights reserved.
    • Professional Services Workflow PSP Request Initiated Manager Approval IS Tuesday / Thursday Group Reviews Request Start Project Project? Workflow Process Request discussed with Requires Assign team for Manager OK Request Requested Approving Assessment? evaluation with Cost? Terminated Manager Assign to Appropriate team E-mail to Services Desk Ticket number is E-mail to requester with request information entered into IDRM with status and Finish for ticket creation Request and closed Ticket Number 12 © Novell, Inc. All rights reserved.
    • Self-Service Password Reset • Provides user the ability to reset their own password anytime any place – At work – At home on portals • Reduces Helpdesk calls • Provides for positive validation of user identity through “Challenge and Response” Questions • Easily integrates with current systems 13 © Novell, Inc. All rights reserved.
    • Lessons Learned • Know and thoroughly document your environment • Assume nothing (verify things actually work as advertised) • Understand the organizations business processes – Talk to the users and understand yours and their business processes • Cooperation and involvement of Human Resources is vital • Have a viable test environment • Be prepared for problems 14 © Novell, Inc. All rights reserved.
    • What’s Next? • Install the Roles and Provisioning Module – Upgraded version of the User Application • Role Based Provisioning Design and Implementation 15 © Novell, Inc. All rights reserved.
    • Demonstration
    • Questions?
    • Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.