SlideShare a Scribd company logo

Interfacing Banner BEIS With Identity Management - Summit 2012

joelavery
joelavery

These are the slides from the Sungard / Ellucian Summit 2012 Conference for Session 1756 (Mandalay Bay Convention Center, Las Vegas). There have been slight modifications for clarity in some of the diagrams.

TechnologyEducation
1 of 28
Interfacing Banner with Identity Management Presented by: Joel Avery and Jamie Campbell Carleton University March 27, 2012 Session ID 1756 Session ID 1756 1
Introduction • Who we are — Jamie Campbell – Assistant Director, Information Security and Operating Platforms — Joel Avery – Project IDM Engineer & Enterprise Architect • Carleton University — Ottawa, Canada — Comprehensive — 25,000 students, 2,500 faculty/staff • Provide an overview of our experience implementing BEIS and integrating it with Sun Identity Manager • Benefits, tips, challenges from our experience Session ID 1756 2
Agenda • Data Flow Architecture • BEIS components • Our BEIS experience • BEIS Role Model • Roles to Resources • Summary Session ID 1756 3
About our IdM Project ‘MyCarletonOne’ (MC1) • Identity Management (IdM) Project — Project Goals: Efficiency (e.g. standardization of account policy) Security (e.g. timely removal of accounts/access) Service (e.g. timely provisioning of accounts/access based on business need) — One username, One password • Scoping the project — Cohort by cohort (staff, then faculty, then students, then…) — Limited number of applications & services at launch — Limited scope of IdM functionality (provisioning & password management first, then SSO, then Enterprise Directory, then…..) Session ID 1756 4
Key Principles & Project Scope Banner is the authoritative repository of identity data Divide and conquer approach (staff, then faculty, then students) Resource applications/services include: Active Directory INB Banner itself Enterprise Directory LDI (Luminis portal/WebCT) SSB Email (staff/faculty) Email gateway (alias) Email (students) Session ID 1756 5
Key Data Flows Syncback Active Directory Banner Identity SPML 2.0 XML BEIS BEIS IDM Identity Identity (Roles & Enterprise Dir. Banner (Roles & Identity (Sun) Identity Gateway Proxy Data) Data) Exchange Email Cloud Email SSB Email Alias INB LDI Session ID 1756 6
Banner Enterprise Identity Services (BEIS) • Using BEIS as an outbound message gateway to send identity data to IdM • Version 8.1.0 on OAS 10G R2 • Oracle Streams configured to capture changes to identity data in tables • Messages issued from proxy in SPML 2 format • BEIS has 2 interfaces for management Session ID 1756 7
BEIS Streams Admin Interface Session ID 1756 8
BEIS Identity Gateway Session ID 1756 9
BEIS Identity Proxy Interface Session ID 1756 10
Our BEIS Experience • Overall performance is good • Some queuing of messages on bulk updates • Needed a customized app to pass SPML 2.0 messages to IDM (aka SPML relay) • Ran into issues with BEIS standard config — Increased Java memory to max — Recommend only OAS & BEIS on a single server (for 32 bit installs) Session ID 1756 11
Our BEIS Experience • There is a need for a defined shutdown process of BEIS. (Oracle Streams and BEIS shut down before Banner DB) • If no events are sent from SPML relay to IDM for over 60 minutes, then cached credentials expired. We created a heartbeat (resend last event every 15 minutes) Session ID 1756 12
Our BEIS Experience • We set up monitoring jobs in Oracle to determine whether: — There are issues with Capture & Apply — The gateway is not processing events — SPML relay is not sending pending events • Banner DB clones (where both production and the clone are BEIS-enabled) results in Oracle Streams not capturing changes for in-house tables. No errors appeared in logs. We resolved by rebuilding these tables as part of the post-clone processes. • Built our own event capture and republishing tool Session ID 1756 13
Role Model . Session ID 1756 14
Role Model Evolution – Initial View Student Employee Faculty Alumni Affiliate • Initial assumption (prior to project launch) was five distinct cohorts – Student, Employee, Faculty, Alumni and Affiliate Session ID 1756 15
Role Model Evolution – Reality • Analysis in first deployment showed Employee high overlap between Faculty roles – many people had roles in Student numerous cohorts. • This complicated Affiliate provisioning as well Alumni as the project communications Session ID 1756 16
Role Model Evolution - Reality Employee ‘MANUAL_ GEN_ACCES’ Faculty Contains... ‘EMPL_ADMIN_ CASUAL’ Student ‘EMPL_ADMIN_ CONTINUING’ Affiliate Alumni Requirements gathering in each release also required more fine grained roles within each cohort Session ID 1756 17
Banner - Roles Role Who EMPL_ADMIN_CONTINUING Current administrative continuing employees EMPL_ACAD_CONTINUING Current academic continuing employees FACULTY (WebCT role) Instructors at the University EMPL_ADMIN_CASUAL Current administrative casual employees EMPL_ACAD_CASUAL Current academic casual employees EMPLOYEE (WebCT role) All current active employees EMPL_ON_LEAVE Continuing employees who are on a leave of absence EMPL_BEIS People who have an employee relationship with the University, either past or present STUDENT People who have a student relationship with the University, either past or present ALUMNI People who have graduated from the University AFFILIATE People who have an affiliate relationship with the University via GZAAFFL MANUAL_GEN_ACCESS Assigned via GZAIROL We built a custom interface for MANUAL_INB_ACCESS Assigned via GZAIROL manually assigning some roles IMMEDIATE_DEPROVISION Assigned via GZAIROL to identities BASICPERSON Automatically assigned by BEIS, and is used for the case where a person has absolutely no roles. Session ID 1756 18
Role Based Provisioning Nuances • Some roles require other roles • Some roles are mutually exclusive • These rules are enforced in Banner • IDM prioritizes the roles when multiple roles exist • A ‘person’ is provisioned, not a role Session ID 1756 19
Roles to Resources • All roles are assigned by Banner. • A set of resources is associated with each role via business rules within the IDM. • The IDM system aggregates all the resources associated with all the roles of a user and prioritizes any mutual exclusions. • The IDM updates all the target resources (adding, deleting or updating the account associated to the user) in one transaction which will "roll back" if there is an error Session ID 1756 20
Password Synchronization and Self Management • The IDM manages (synchronizes) passwords for all target resources which have a password • The IDM creates resource accounts with the current IDM password. • Should a user forget their password, the IDM has a challenge / response system which allows the user to reset their password to a new value. • Target resource account names were synchronized for each user via a series of earlier projects (not a requirement of the IDM). • "One Username. One Password." Session ID 1756 21
Functionality added after launch • Requesting fine grained access control (e.g. Banner security classes) • Synchronization of name changes • Securing accounts for users who do not update their passwords (as per policy) Session ID 1756 22
Resource States • The IDM tracks the state of resources for each user • Manages creation and deletion along with enabling and disabling based on events from Banner • Reports on accounts created on the resource by other processes Session ID 1756 23
Summary • Overall BEIS experience was good • Rollout was highly successful • In process of rolling out to faculty • Questions? — Feel free to contact us Session ID 1756 24
Session Sponsor Thank You! Joel Avery Jamie Campbell Please complete the online session evaluation form Session ID 1756 “Datatel” and the Datatel logo, “Advance,” “Banner,” “Colleague,” and “PowerCAMPUS,” are trademarks or registered trademarks of Datatel+SGHE or their affiliates in the U.S. and other countries. Other trade names and trademarks used herein are owned by their respective holders. © 2012 Datatel+SGHE. All rights reserved. Session ID 1756 25
Supporting Slides – Sample BEIS Message <UDCIdentity action="UPDATE" PUBLISHER_NAME="PROD" xmlns="urn:sungardhe:enterprise:domain:identity:1.0"> <UDCIdentifier>8ED5ABA7DA0785CDF04400144F80BXD5</UDCIdentifier> <PersonIdentity> <PersonName> <FormattedName>Mrs. Marion M. Smith</FormattedName> <GivenName>Marion</GivenName> <PreferredGivenName>Marni</PreferredGivenName> <MiddleName>M.</MiddleName> <FamilyName>Smith</FamilyName> <Affix type="formOfAddress">Mrs.</Affix> </PersonName> <Gender>Female</Gender> <Birthdate> <BirthDay>8</BirthDay> <BirthMonth>11</BirthMonth> <BirthYear>1959</BirthYear> </Birthdate> <TaxId>2*****480</TaxId> </PersonIdentity> <EmailAddress>marni_smith@carleton.ca</EmailAddress> <PrimaryAddress validFrom="1988-03-17"> <PostalCode>K1Q 6K3</PostalCode> <Region>ON</Region> <Municipality>Ottawa</Municipality> <AddressLine>15 Any Street</AddressLine> </PrimaryAddress> <CampusAddress> <CountryCode>27</CountryCode> <PostalCode>K1S 5B6</PostalCode> <Region>ON</Region> <Municipality>Ottawa</Municipality> <AddressLine>Carleton University, CCS</AddressLine> <AddressLine>401 Robertson Hall</AddressLine> <AddressLine>1125 Colonel By Drive</AddressLine> </CampusAddress> Session ID 1756 26
Supporting Slides – Sample BEIS Message <CampusPhone> <AreaCityCode>613</AreaCityCode> <SubscriberNumber>5202600</SubscriberNumber> <Extension>3456</Extension> </CampusPhone> <InstitutionRoles> <institutionrole> <role>ALUMNI</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>EMPLOYEE</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>EMPL_ADMIN_CONTINUING</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>EMPL_BEIS</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>STUDENT</role> <context>INTCOMP</context> </institutionrole> </InstitutionRoles> <Extension> <Attribute> <name>DEPTLONG</name> <value>Computing &amp; Communication Services</value> </Attribute> <Attribute> <name>PIDM</name> <value>41456</value> </Attribute> Session ID 1756 27
Supporting Slides – Sample BEIS Message <Attribute> <name>BANNERID</name> <value>100056013</value> </Attribute> <Attribute> <name>OFFICE</name> <value>401 Robertson Hall</value> </Attribute> <Attribute> <name>JOBTITLE</name> <value>Information Technology Analyst</value> </Attribute> <Attribute> <name>EXTUSERNAME</name> <value>marnismith</value> </Attribute> <Attribute> <name>IMS_SOURCE_ID</name> <value>35510</value> </Attribute> <Attribute> <name>BANNERINB_USER</name> <value>MARNISMIT</value> </Attribute> <Attribute> <name>DEPTSHORT</name> <value>CCS</value> </Attribute> </Extension> </UDCIdentity> Session ID 1756 28

Recommended

Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
 
Connections Administration Toolkit - Product Presentation
Connections Administration Toolkit - Product PresentationConnections Administration Toolkit - Product Presentation
Connections Administration Toolkit - Product Presentation
TIMETOACT GROUP
 
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Andy Nogueira
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Services
ukdpe
 
Sql Server 2012 Reporting-Services is Now a SharePoint Service Application
Sql Server 2012 Reporting-Services is Now a SharePoint Service ApplicationSql Server 2012 Reporting-Services is Now a SharePoint Service Application
Sql Server 2012 Reporting-Services is Now a SharePoint Service Application
InnoTech
 
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
InSync2011
 
Introducing adf business components
Introducing adf business componentsIntroducing adf business components
Introducing adf business components
Prabhat gangwar
 
Oracel ADF Introduction
Oracel ADF IntroductionOracel ADF Introduction
Oracel ADF Introduction
Hojjat Abedie
 

Recommended

Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
 
Connections Administration Toolkit - Product Presentation
Connections Administration Toolkit - Product PresentationConnections Administration Toolkit - Product Presentation
Connections Administration Toolkit - Product Presentation
TIMETOACT GROUP
 
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Andy Nogueira
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Services
ukdpe
 
Sql Server 2012 Reporting-Services is Now a SharePoint Service Application
Sql Server 2012 Reporting-Services is Now a SharePoint Service ApplicationSql Server 2012 Reporting-Services is Now a SharePoint Service Application
Sql Server 2012 Reporting-Services is Now a SharePoint Service Application
InnoTech
 
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
InSync2011
 
Introducing adf business components
Introducing adf business componentsIntroducing adf business components
Introducing adf business components
Prabhat gangwar
 
Oracel ADF Introduction
Oracel ADF IntroductionOracel ADF Introduction
Oracel ADF Introduction
Hojjat Abedie
 
Building Scalable .NET Apps
Building Scalable .NET AppsBuilding Scalable .NET Apps
Building Scalable .NET Apps
Guy Nirpaz
 
RavenDB overview
RavenDB overviewRavenDB overview
RavenDB overview
Igor Moochnick
 
SharePoint 2010 as a Development Platform
SharePoint 2010 as a Development PlatformSharePoint 2010 as a Development Platform
SharePoint 2010 as a Development Platform
Ayman El-Hattab
 
Make SharePoint your Information Hub with Business Connectivity Services
Make SharePoint your Information Hub with Business Connectivity ServicesMake SharePoint your Information Hub with Business Connectivity Services
Make SharePoint your Information Hub with Business Connectivity Services
brettlonsdale
 
Sharepoint2010applicationplatform 110203035048-phpapp01
Sharepoint2010applicationplatform 110203035048-phpapp01Sharepoint2010applicationplatform 110203035048-phpapp01
Sharepoint2010applicationplatform 110203035048-phpapp01
microsoftasap
 
Intrgrating sps-2010-and-windows-azure
Intrgrating sps-2010-and-windows-azureIntrgrating sps-2010-and-windows-azure
Intrgrating sps-2010-and-windows-azure
microsoftasap
 
Share point 2010 application platform
Share point 2010 application platformShare point 2010 application platform
Share point 2010 application platform
microsoftasap
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More
Microsoft TechNet - Belgium and Luxembourg
 
SharePoint Careers and Introduction to SharePoint 2013 Services and Topology
SharePoint Careers and Introduction to SharePoint 2013 Services and TopologySharePoint Careers and Introduction to SharePoint 2013 Services and Topology
SharePoint Careers and Introduction to SharePoint 2013 Services and Topology
Eli Robillard
 
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
Guido Schmutz
 
Oracle ADF Overview
Oracle ADF OverviewOracle ADF Overview
Oracle ADF Overview
Bahaa Farouk
 
Sql azure database under the hood
Sql azure database under the hoodSql azure database under the hood
Sql azure database under the hood
guest2dd056
 
Mesh-Enabled Web Applications
Mesh-Enabled Web ApplicationsMesh-Enabled Web Applications
Mesh-Enabled Web Applications
goodfriday
 
SQL Azure Federation and Scalability
SQL Azure Federation and ScalabilitySQL Azure Federation and Scalability
SQL Azure Federation and Scalability
Eduardo Castro
 
Blaze Ds Slides
Blaze Ds SlidesBlaze Ds Slides
Blaze Ds Slides
michael.labriola
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
K.Mohamed Faizal
 
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summarySOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
Lucas Jellema
 
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusService Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
IMC Institute
 
Дамир Тенишев Exigen Services Business Processes Storehouse
Дамир Тенишев Exigen Services Business Processes StorehouseДамир Тенишев Exigen Services Business Processes Storehouse
Дамир Тенишев Exigen Services Business Processes Storehouse
Транслируем.бел
 
WCI 10gR3 overview
WCI 10gR3 overviewWCI 10gR3 overview
WCI 10gR3 overview
Terry Wang
 
Ambrish keshari resume
Ambrish keshari resumeAmbrish keshari resume
Ambrish keshari resume
Ambrish Keshari
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
Kiril Anastasov
 

More Related Content

What's hot

Building Scalable .NET Apps
Building Scalable .NET AppsBuilding Scalable .NET Apps
Building Scalable .NET Apps
Guy Nirpaz
 
RavenDB overview
RavenDB overviewRavenDB overview
RavenDB overview
Igor Moochnick
 
SharePoint 2010 as a Development Platform
SharePoint 2010 as a Development PlatformSharePoint 2010 as a Development Platform
SharePoint 2010 as a Development Platform
Ayman El-Hattab
 
Make SharePoint your Information Hub with Business Connectivity Services
Make SharePoint your Information Hub with Business Connectivity ServicesMake SharePoint your Information Hub with Business Connectivity Services
Make SharePoint your Information Hub with Business Connectivity Services
brettlonsdale
 
Sharepoint2010applicationplatform 110203035048-phpapp01
Sharepoint2010applicationplatform 110203035048-phpapp01Sharepoint2010applicationplatform 110203035048-phpapp01
Sharepoint2010applicationplatform 110203035048-phpapp01
microsoftasap
 
Intrgrating sps-2010-and-windows-azure
Intrgrating sps-2010-and-windows-azureIntrgrating sps-2010-and-windows-azure
Intrgrating sps-2010-and-windows-azure
microsoftasap
 
Share point 2010 application platform
Share point 2010 application platformShare point 2010 application platform
Share point 2010 application platform
microsoftasap
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More
Microsoft TechNet - Belgium and Luxembourg
 
SharePoint Careers and Introduction to SharePoint 2013 Services and Topology
SharePoint Careers and Introduction to SharePoint 2013 Services and TopologySharePoint Careers and Introduction to SharePoint 2013 Services and Topology
SharePoint Careers and Introduction to SharePoint 2013 Services and Topology
Eli Robillard
 
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
Guido Schmutz
 
Oracle ADF Overview
Oracle ADF OverviewOracle ADF Overview
Oracle ADF Overview
Bahaa Farouk
 
Sql azure database under the hood
Sql azure database under the hoodSql azure database under the hood
Sql azure database under the hood
guest2dd056
 
Mesh-Enabled Web Applications
Mesh-Enabled Web ApplicationsMesh-Enabled Web Applications
Mesh-Enabled Web Applications
goodfriday
 
SQL Azure Federation and Scalability
SQL Azure Federation and ScalabilitySQL Azure Federation and Scalability
SQL Azure Federation and Scalability
Eduardo Castro
 
Blaze Ds Slides
Blaze Ds SlidesBlaze Ds Slides
Blaze Ds Slides
michael.labriola
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
K.Mohamed Faizal
 
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summarySOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
Lucas Jellema
 
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusService Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
IMC Institute
 
Дамир Тенишев Exigen Services Business Processes Storehouse
Дамир Тенишев Exigen Services Business Processes StorehouseДамир Тенишев Exigen Services Business Processes Storehouse
Дамир Тенишев Exigen Services Business Processes Storehouse
Транслируем.бел
 
WCI 10gR3 overview
WCI 10gR3 overviewWCI 10gR3 overview
WCI 10gR3 overview
Terry Wang
 

What's hot (20)

Building Scalable .NET Apps
Building Scalable .NET AppsBuilding Scalable .NET Apps
Building Scalable .NET Apps
 
RavenDB overview
RavenDB overviewRavenDB overview
RavenDB overview
 
SharePoint 2010 as a Development Platform
SharePoint 2010 as a Development PlatformSharePoint 2010 as a Development Platform
SharePoint 2010 as a Development Platform
 
Make SharePoint your Information Hub with Business Connectivity Services
Make SharePoint your Information Hub with Business Connectivity ServicesMake SharePoint your Information Hub with Business Connectivity Services
Make SharePoint your Information Hub with Business Connectivity Services
 
Sharepoint2010applicationplatform 110203035048-phpapp01
Sharepoint2010applicationplatform 110203035048-phpapp01Sharepoint2010applicationplatform 110203035048-phpapp01
Sharepoint2010applicationplatform 110203035048-phpapp01
 
Intrgrating sps-2010-and-windows-azure
Intrgrating sps-2010-and-windows-azureIntrgrating sps-2010-and-windows-azure
Intrgrating sps-2010-and-windows-azure
 
Share point 2010 application platform
Share point 2010 application platformShare point 2010 application platform
Share point 2010 application platform
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More
 
SharePoint Careers and Introduction to SharePoint 2013 Services and Topology
SharePoint Careers and Introduction to SharePoint 2013 Services and TopologySharePoint Careers and Introduction to SharePoint 2013 Services and Topology
SharePoint Careers and Introduction to SharePoint 2013 Services and Topology
 
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
 
Oracle ADF Overview
Oracle ADF OverviewOracle ADF Overview
Oracle ADF Overview
 
Sql azure database under the hood
Sql azure database under the hoodSql azure database under the hood
Sql azure database under the hood
 
Mesh-Enabled Web Applications
Mesh-Enabled Web ApplicationsMesh-Enabled Web Applications
Mesh-Enabled Web Applications
 
SQL Azure Federation and Scalability
SQL Azure Federation and ScalabilitySQL Azure Federation and Scalability
SQL Azure Federation and Scalability
 
Blaze Ds Slides
Blaze Ds SlidesBlaze Ds Slides
Blaze Ds Slides
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
 
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summarySOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
 
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service BusService Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
Service Oriented Architecture (SOA) [2/5] : Enterprise Service Bus
 
Дамир Тенишев Exigen Services Business Processes Storehouse
Дамир Тенишев Exigen Services Business Processes StorehouseДамир Тенишев Exigen Services Business Processes Storehouse
Дамир Тенишев Exigen Services Business Processes Storehouse
 
WCI 10gR3 overview
WCI 10gR3 overviewWCI 10gR3 overview
WCI 10gR3 overview
 

Similar to Interfacing Banner BEIS With Identity Management - Summit 2012

Ambrish keshari resume
Ambrish keshari resumeAmbrish keshari resume
Ambrish keshari resume
Ambrish Keshari
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
Kiril Anastasov
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
Chris Phillips
 
Composite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EEComposite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EE
Dmitri Shiryaev
 
kowsalyamanickam_resume_OIM
kowsalyamanickam_resume_OIMkowsalyamanickam_resume_OIM
kowsalyamanickam_resume_OIM
Kowsalya Manickam
 
IMS LIS 2.0 & Sakai: Real Time Integration with Your SIS
IMS LIS 2.0 & Sakai: Real Time Integration with Your SISIMS LIS 2.0 & Sakai: Real Time Integration with Your SIS
IMS LIS 2.0 & Sakai: Real Time Integration with Your SIS
duffygillman
 
Internet application development using a meta-repository
Internet application development using a meta-repositoryInternet application development using a meta-repository
Internet application development using a meta-repository
ESUG
 
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDIBeyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
Stuart McIntyre
 
Ongoing Implementation of a Configuration Management System (CMS)
Ongoing Implementation of a Configuration Management System (CMS) Ongoing Implementation of a Configuration Management System (CMS)
Ongoing Implementation of a Configuration Management System (CMS)
ITSM Academy, Inc.
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDM
satheesh64
 
Slc dashboard presentation-boston_sep2012
Slc dashboard presentation-boston_sep2012Slc dashboard presentation-boston_sep2012
Slc dashboard presentation-boston_sep2012
SLC is now inBloom!
 
Prince_Kumar_JAVA_Developer
Prince_Kumar_JAVA_DeveloperPrince_Kumar_JAVA_Developer
Prince_Kumar_JAVA_Developer
Prince nagsen
 
Siddhartha resume (Update)
Siddhartha resume (Update)Siddhartha resume (Update)
Siddhartha resume (Update)
Siddhartha Upadhyayula
 
Naukri format-kalyani
Naukri format-kalyaniNaukri format-kalyani
Naukri format-kalyani
kalyani c
 
ECampusConnect
ECampusConnectECampusConnect
ECampusConnect
Advait Patel
 
Lets focus on business value
Lets focus on business valueLets focus on business value
Lets focus on business value
Einar Ingebrigtsen
 
Lets focus on business value
Lets focus on business valueLets focus on business value
Lets focus on business value
Einar Ingebrigtsen
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
HasiniG
 
Oracle - Programatica2010
Oracle - Programatica2010Oracle - Programatica2010
Oracle - Programatica2010
Agora Group
 
Lessons learned in building a model driven software factory
Lessons learned in building a model driven software factoryLessons learned in building a model driven software factory
Lessons learned in building a model driven software factory
Johan den Haan
 

Similar to Interfacing Banner BEIS With Identity Management - Summit 2012 (20)

Ambrish keshari resume
Ambrish keshari resumeAmbrish keshari resume
Ambrish keshari resume
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
 
Composite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EEComposite Applications with SOA, BPEL and Java EE
Composite Applications with SOA, BPEL and Java EE
 
kowsalyamanickam_resume_OIM
kowsalyamanickam_resume_OIMkowsalyamanickam_resume_OIM
kowsalyamanickam_resume_OIM
 
IMS LIS 2.0 & Sakai: Real Time Integration with Your SIS
IMS LIS 2.0 & Sakai: Real Time Integration with Your SISIMS LIS 2.0 & Sakai: Real Time Integration with Your SIS
IMS LIS 2.0 & Sakai: Real Time Integration with Your SIS
 
Internet application development using a meta-repository
Internet application development using a meta-repositoryInternet application development using a meta-repository
Internet application development using a meta-repository
 
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDIBeyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
 
Ongoing Implementation of a Configuration Management System (CMS)
Ongoing Implementation of a Configuration Management System (CMS) Ongoing Implementation of a Configuration Management System (CMS)
Ongoing Implementation of a Configuration Management System (CMS)
 
Satheesh.G_IDM
Satheesh.G_IDMSatheesh.G_IDM
Satheesh.G_IDM
 
Slc dashboard presentation-boston_sep2012
Slc dashboard presentation-boston_sep2012Slc dashboard presentation-boston_sep2012
Slc dashboard presentation-boston_sep2012
 
Prince_Kumar_JAVA_Developer
Prince_Kumar_JAVA_DeveloperPrince_Kumar_JAVA_Developer
Prince_Kumar_JAVA_Developer
 
Siddhartha resume (Update)
Siddhartha resume (Update)Siddhartha resume (Update)
Siddhartha resume (Update)
 
Naukri format-kalyani
Naukri format-kalyaniNaukri format-kalyani
Naukri format-kalyani
 
ECampusConnect
ECampusConnectECampusConnect
ECampusConnect
 
Lets focus on business value
Lets focus on business valueLets focus on business value
Lets focus on business value
 
Lets focus on business value
Lets focus on business valueLets focus on business value
Lets focus on business value
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
 
Oracle - Programatica2010
Oracle - Programatica2010Oracle - Programatica2010
Oracle - Programatica2010
 
Lessons learned in building a model driven software factory
Lessons learned in building a model driven software factoryLessons learned in building a model driven software factory
Lessons learned in building a model driven software factory
 

Recently uploaded

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 

Recently uploaded (20)

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 

Interfacing Banner BEIS With Identity Management - Summit 2012

  • 1. Interfacing Banner with Identity Management Presented by: Joel Avery and Jamie Campbell Carleton University March 27, 2012 Session ID 1756 Session ID 1756 1
  • 2. Introduction • Who we are — Jamie Campbell – Assistant Director, Information Security and Operating Platforms — Joel Avery – Project IDM Engineer & Enterprise Architect • Carleton University — Ottawa, Canada — Comprehensive — 25,000 students, 2,500 faculty/staff • Provide an overview of our experience implementing BEIS and integrating it with Sun Identity Manager • Benefits, tips, challenges from our experience Session ID 1756 2
  • 3. Agenda • Data Flow Architecture • BEIS components • Our BEIS experience • BEIS Role Model • Roles to Resources • Summary Session ID 1756 3
  • 4. About our IdM Project ‘MyCarletonOne’ (MC1) • Identity Management (IdM) Project — Project Goals: Efficiency (e.g. standardization of account policy) Security (e.g. timely removal of accounts/access) Service (e.g. timely provisioning of accounts/access based on business need) — One username, One password • Scoping the project — Cohort by cohort (staff, then faculty, then students, then…) — Limited number of applications & services at launch — Limited scope of IdM functionality (provisioning & password management first, then SSO, then Enterprise Directory, then…..) Session ID 1756 4
  • 5. Key Principles & Project Scope Banner is the authoritative repository of identity data Divide and conquer approach (staff, then faculty, then students) Resource applications/services include: Active Directory INB Banner itself Enterprise Directory LDI (Luminis portal/WebCT) SSB Email (staff/faculty) Email gateway (alias) Email (students) Session ID 1756 5
  • 6. Key Data Flows Syncback Active Directory Banner Identity SPML 2.0 XML BEIS BEIS IDM Identity Identity (Roles & Enterprise Dir. Banner (Roles & Identity (Sun) Identity Gateway Proxy Data) Data) Exchange Email Cloud Email SSB Email Alias INB LDI Session ID 1756 6
  • 7. Banner Enterprise Identity Services (BEIS) • Using BEIS as an outbound message gateway to send identity data to IdM • Version 8.1.0 on OAS 10G R2 • Oracle Streams configured to capture changes to identity data in tables • Messages issued from proxy in SPML 2 format • BEIS has 2 interfaces for management Session ID 1756 7
  • 8. BEIS Streams Admin Interface Session ID 1756 8
  • 10. BEIS Identity Proxy Interface Session ID 1756 10
  • 11. Our BEIS Experience • Overall performance is good • Some queuing of messages on bulk updates • Needed a customized app to pass SPML 2.0 messages to IDM (aka SPML relay) • Ran into issues with BEIS standard config — Increased Java memory to max — Recommend only OAS & BEIS on a single server (for 32 bit installs) Session ID 1756 11
  • 12. Our BEIS Experience • There is a need for a defined shutdown process of BEIS. (Oracle Streams and BEIS shut down before Banner DB) • If no events are sent from SPML relay to IDM for over 60 minutes, then cached credentials expired. We created a heartbeat (resend last event every 15 minutes) Session ID 1756 12
  • 13. Our BEIS Experience • We set up monitoring jobs in Oracle to determine whether: — There are issues with Capture & Apply — The gateway is not processing events — SPML relay is not sending pending events • Banner DB clones (where both production and the clone are BEIS-enabled) results in Oracle Streams not capturing changes for in-house tables. No errors appeared in logs. We resolved by rebuilding these tables as part of the post-clone processes. • Built our own event capture and republishing tool Session ID 1756 13
  • 14. Role Model . Session ID 1756 14
  • 15. Role Model Evolution – Initial View Student Employee Faculty Alumni Affiliate • Initial assumption (prior to project launch) was five distinct cohorts – Student, Employee, Faculty, Alumni and Affiliate Session ID 1756 15
  • 16. Role Model Evolution – Reality • Analysis in first deployment showed Employee high overlap between Faculty roles – many people had roles in Student numerous cohorts. • This complicated Affiliate provisioning as well Alumni as the project communications Session ID 1756 16
  • 17. Role Model Evolution - Reality Employee ‘MANUAL_ GEN_ACCES’ Faculty Contains... ‘EMPL_ADMIN_ CASUAL’ Student ‘EMPL_ADMIN_ CONTINUING’ Affiliate Alumni Requirements gathering in each release also required more fine grained roles within each cohort Session ID 1756 17
  • 18. Banner - Roles Role Who EMPL_ADMIN_CONTINUING Current administrative continuing employees EMPL_ACAD_CONTINUING Current academic continuing employees FACULTY (WebCT role) Instructors at the University EMPL_ADMIN_CASUAL Current administrative casual employees EMPL_ACAD_CASUAL Current academic casual employees EMPLOYEE (WebCT role) All current active employees EMPL_ON_LEAVE Continuing employees who are on a leave of absence EMPL_BEIS People who have an employee relationship with the University, either past or present STUDENT People who have a student relationship with the University, either past or present ALUMNI People who have graduated from the University AFFILIATE People who have an affiliate relationship with the University via GZAAFFL MANUAL_GEN_ACCESS Assigned via GZAIROL We built a custom interface for MANUAL_INB_ACCESS Assigned via GZAIROL manually assigning some roles IMMEDIATE_DEPROVISION Assigned via GZAIROL to identities BASICPERSON Automatically assigned by BEIS, and is used for the case where a person has absolutely no roles. Session ID 1756 18
  • 19. Role Based Provisioning Nuances • Some roles require other roles • Some roles are mutually exclusive • These rules are enforced in Banner • IDM prioritizes the roles when multiple roles exist • A ‘person’ is provisioned, not a role Session ID 1756 19
  • 20. Roles to Resources • All roles are assigned by Banner. • A set of resources is associated with each role via business rules within the IDM. • The IDM system aggregates all the resources associated with all the roles of a user and prioritizes any mutual exclusions. • The IDM updates all the target resources (adding, deleting or updating the account associated to the user) in one transaction which will "roll back" if there is an error Session ID 1756 20
  • 21. Password Synchronization and Self Management • The IDM manages (synchronizes) passwords for all target resources which have a password • The IDM creates resource accounts with the current IDM password. • Should a user forget their password, the IDM has a challenge / response system which allows the user to reset their password to a new value. • Target resource account names were synchronized for each user via a series of earlier projects (not a requirement of the IDM). • "One Username. One Password." Session ID 1756 21
  • 22. Functionality added after launch • Requesting fine grained access control (e.g. Banner security classes) • Synchronization of name changes • Securing accounts for users who do not update their passwords (as per policy) Session ID 1756 22
  • 23. Resource States • The IDM tracks the state of resources for each user • Manages creation and deletion along with enabling and disabling based on events from Banner • Reports on accounts created on the resource by other processes Session ID 1756 23
  • 24. Summary • Overall BEIS experience was good • Rollout was highly successful • In process of rolling out to faculty • Questions? — Feel free to contact us Session ID 1756 24
  • 25. Session Sponsor Thank You! Joel Avery Jamie Campbell Please complete the online session evaluation form Session ID 1756 “Datatel” and the Datatel logo, “Advance,” “Banner,” “Colleague,” and “PowerCAMPUS,” are trademarks or registered trademarks of Datatel+SGHE or their affiliates in the U.S. and other countries. Other trade names and trademarks used herein are owned by their respective holders. © 2012 Datatel+SGHE. All rights reserved. Session ID 1756 25
  • 26. Supporting Slides – Sample BEIS Message <UDCIdentity action="UPDATE" PUBLISHER_NAME="PROD" xmlns="urn:sungardhe:enterprise:domain:identity:1.0"> <UDCIdentifier>8ED5ABA7DA0785CDF04400144F80BXD5</UDCIdentifier> <PersonIdentity> <PersonName> <FormattedName>Mrs. Marion M. Smith</FormattedName> <GivenName>Marion</GivenName> <PreferredGivenName>Marni</PreferredGivenName> <MiddleName>M.</MiddleName> <FamilyName>Smith</FamilyName> <Affix type="formOfAddress">Mrs.</Affix> </PersonName> <Gender>Female</Gender> <Birthdate> <BirthDay>8</BirthDay> <BirthMonth>11</BirthMonth> <BirthYear>1959</BirthYear> </Birthdate> <TaxId>2*****480</TaxId> </PersonIdentity> <EmailAddress>marni_smith@carleton.ca</EmailAddress> <PrimaryAddress validFrom="1988-03-17"> <PostalCode>K1Q 6K3</PostalCode> <Region>ON</Region> <Municipality>Ottawa</Municipality> <AddressLine>15 Any Street</AddressLine> </PrimaryAddress> <CampusAddress> <CountryCode>27</CountryCode> <PostalCode>K1S 5B6</PostalCode> <Region>ON</Region> <Municipality>Ottawa</Municipality> <AddressLine>Carleton University, CCS</AddressLine> <AddressLine>401 Robertson Hall</AddressLine> <AddressLine>1125 Colonel By Drive</AddressLine> </CampusAddress> Session ID 1756 26
  • 27. Supporting Slides – Sample BEIS Message <CampusPhone> <AreaCityCode>613</AreaCityCode> <SubscriberNumber>5202600</SubscriberNumber> <Extension>3456</Extension> </CampusPhone> <InstitutionRoles> <institutionrole> <role>ALUMNI</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>EMPLOYEE</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>EMPL_ADMIN_CONTINUING</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>EMPL_BEIS</role> <context>INTCOMP</context> </institutionrole> <institutionrole> <role>STUDENT</role> <context>INTCOMP</context> </institutionrole> </InstitutionRoles> <Extension> <Attribute> <name>DEPTLONG</name> <value>Computing &amp; Communication Services</value> </Attribute> <Attribute> <name>PIDM</name> <value>41456</value> </Attribute> Session ID 1756 27
  • 28. Supporting Slides – Sample BEIS Message <Attribute> <name>BANNERID</name> <value>100056013</value> </Attribute> <Attribute> <name>OFFICE</name> <value>401 Robertson Hall</value> </Attribute> <Attribute> <name>JOBTITLE</name> <value>Information Technology Analyst</value> </Attribute> <Attribute> <name>EXTUSERNAME</name> <value>marnismith</value> </Attribute> <Attribute> <name>IMS_SOURCE_ID</name> <value>35510</value> </Attribute> <Attribute> <name>BANNERINB_USER</name> <value>MARNISMIT</value> </Attribute> <Attribute> <name>DEPTSHORT</name> <value>CCS</value> </Attribute> </Extension> </UDCIdentity> Session ID 1756 28