SlideShare a Scribd company logo

A CASE OF IDENTITY MANAGEMENT

K
kevin_donovan
EducationTechnology
1 of 22
Download to read offline
A CASE OF IDENTITY Building Solutions to Assist
3 WHAT IS IDENTITY & ACCESS MANAGEMENT? Identity and access management (IAM) technologies and services enable the right individuals to access the right resources at the right times for the right reasons. We all use IAM solutions many times a day: •  Logging in to websites, servers, and other resources •  Accessing research materials at Harvard and beyond •  Checking a colleague’s calendar for a meeting •  Adding, removing, or changing employee records At Harvard, the IAM Program exists to streamline these interactions and make it easier for you to do your day-to-day tasks.
4 WHAT IS IDENTITY & ACCESS MANAGEMENT? Simplify User Experience Simplify and improve access to applications and information inside and outside of the University Enable Research & Collaboration Make it easier for faculty, staff, and students to research and collaborate within the University and with other institutions Protect University Resources Improve the security stature of the University with a standard approach. Facilitate Technology Innovation Establish a strong foundation for IAM to enable user access regardless of new and/or disruptive technologies Objectives Guiding Principles Key Performance Indicators Harvard Community needs will drive our technology Tactical project planning will remain aligned with the Program strategic objectives Solution design should allow for other Schools to use the foundational to communicate with the IAM system in a consistent, federated fashion Communication and socialization are critical to our success Monthly number of help desk requests relating to account management Monthly number of registered production applications using IAM systems Monthly number of user logins and access requests through IAM systems Monthly number of production systems to which IAM provisions Our vision: Provide users, application owners, and IT administrative staff with secure, easy access to applications; solutions that require fewer login credentials; the ability to collaborate across and beyond Harvard; and improved security and auditing.
5 ABOUT THE IDENTITY LIFECYCLE Provisioning Authentication Permissions Self-Service Deprovisioning Authorization Alumni HKS HMS
Harvard Medical School: Improved User Provisioning Erica Bradshaw Director, Identity and Access Management Strategy and Planning, HUIT Tyson Kamikawa Director, Shared Platforms and IT Effectiveness, HMS A CASE OF IDENTITY
7 HMS: IMPROVED USER PROVISIONING MADRIS HSPH XML Guest Test •  Difficult to change •  Potential duplication of HU efforts •  Aging guest account process •  Account EOL not managed well Current State Apps Server
8 HMS: IMPROVED USER PROVISIONING Future State MADRIS HSPH XML Guest Test •  Leverage HU platform •  Reduce complexity & effort •  Robust toolset •  Improved business process •  Long-term redundancy reduction
Harvard Kennedy School: Federated Authentication Gretchen Grozier IAM Community Program Manager, HUIT Steve Duncan Director of Information Technology, HKS Paul Hermany Information Developer, HKS A CASE OF IDENTITY
Authentication Design in 2008 •  Standardized on Active Directory •  Focused on HKS faculty, staff, and students -  Manual process put in place to provision “sponsored accounts” for HKS affiliates •  Single sign-on a key requirement •  Kept it simple: -  Selected products and solutions built to work with AD -  Minimized the amount of custom code needed for authentication and authorization 10 HKS: FEDERATED AUTHENTICATION
11 Pressures on the System •  Increased collaboration between Schools means more and more accounts provisioned each year -  Jointly-listed courses -  Cross-registration -  Research collaboration •  More reliance on timely access to digital classroom materials -  HKS has gone digital for all course materials -  Significant growth in the number of digital cases •  HKS goal to actively engage alumni •  Higher user expectations •  Security concerns HKS: FEDERATED AUTHENTICATION
12 User Frustrations •  Additional usernames and passwords •  Time delay in provisioning accounts •  Complicated process for requesting accounts Staff Frustrations •  IT Help Desk overrun each semester with calls from non-HKS students who have forgotten passwords or are otherwise confused •  IT operations staff burdened with process of deprovisioning accounts HKS: FEDERATED AUTHENTICATION
13 Advantages of Federation •  Better user experience –  Users use an account they already know –  No delays in provisioning •  Lower HKS IT support costs –  No need to provision/deprovision accounts or maintain passwords •  Active Directory Federation Services works well with HKS key technologies •  Attributes can be delivered for authorization decisions HKS: FEDERATED AUTHENTICATION
14 Active Directory Federation Services SAML Aware Application ShibbolethPIN Alumni Faculty, Staff, Students Tufts, MIT, … Harvard HKS: FEDERATED AUTHENTICATION Implementation Timeline HKS Alumni July 2014 HU Faculty, Staff, Students July 2015 Tufts, MIT July 2015
Harvard Alumni Association: A Seamless Transition Jane Hill Director, IAM Product Management, HUIT Julie Broad Director, Alumni Affairs & Development Technology A CASE OF IDENTITY
Diverse Alumni Populations from Multiple Sources More than 380,000 alumni Executive Education Programs One semester or 9+ weeks of program work Degree Recipients 16 HAA: A SEAMLESS TRANSITION
Harvard Alumni Association Supports Online Directory ToolsDonate Event HubEvents Clubs Online Career Advising ServicesNetworking 17 HAA: A SEAMLESS TRANSITION
Process Challenges and Cranky Users •  New admits are in the system right away •  Regular updates flow from Registrar •  But as graduation approaches, we ask students to register (huh?) so we can issue them a new, separate account REGISTER •  Challenging to know if user registering is who they say they are •  Lack of a process for HUID/PIN to be reset after graduation frustrates recent grads CREDENTIAL •  Some schools have their own separate credentials and services •  Multiple Helpdesks add to user confusion SUPPORT 18 HAA: A SEAMLESS TRANSITION
• Eliminate the need to register with HAA • Allow student accounts to work forever • Use standard processes for password reset, account management • Enable separate help desk and tailor process designs for alumni • Standard Harvard credentials make it simpler for application owners to extend access to HAA-approved resources • Provide information on what resources are available • Standard credential model provides opportunities to offer services to new groups of people in future — donors, parents, etc. • Improve self-service password reset by enabling option to specify both phone and email recovery information • Tailor onboarding and proofing to HAA populations • Provide standard protocols for easier integration of new applications IAM Objectives Support Alumni Engagement 19 HAA: A SEAMLESS TRANSITION Improve End User Experience Expand Access to Resources Balance Convenience and Security
2 0 Stakeholder Experience Today Future Goals End Users Different user names and credentials to access Harvard and non-Harvard apps and data Creating and managing user accounts is manual and paper-based No access to external sites, or forced to register for accounts Access to services and resources interrupted when users change, add, or leave roles Access information and perform research across schools (and with other institutions) using a single credential Manage own accounts and sponsor others through a centralized web application Use internal Harvard credentials to access common external sites Use the same set of credentials despite changes in status, roles, or affiliations Application Owners Tough to integrate access management, meaning long implementation timelines and higher costs Forced to grant application access to users with the same rights on a one-by-one basis Easily integrate Harvard users with internal and external applications via an application portal Control user access in groups, not individuals People Administrators Must create sponsored guest identities manually, resulting in delays and loss of productivity Can’t streamline deprovisioning of users’ access privileges across multiple systems Sponsors can create and manage external parties’ identity and access Automated provisioning reduces the burden on people administrators of disparate systems and improves Harvard’s security posture HOW DOES THIS BENEFIT ME?
(Didn’t pick up a chart? Raise your hand, we’ll get you one.) 21 HOW DOES THIS BENEFIT ME?
22 •  Identity begins at the first login screen •  IAM exists to make onboarding, day-to-day use, role changes and access to resources easier for everyone in the Harvard Community •  Our efforts will improve productivity and make day- to-day life simpler for faculty, staff, students, researchers, people administrators, application owners, and more •  And when IAM services are done right, you don’t even notice the effects — things just work IAM: IN SUMMARY
Take the mystery out of identity. Learn more about our program at iam.harvard.edu

Recommended

Standard iSites Migration Plan
Standard iSites Migration PlanStandard iSites Migration Plan
Standard iSites Migration Plankevin_donovan
 
Huit 2015 june town hall renewal slides
Huit 2015 june town hall renewal slidesHuit 2015 june town hall renewal slides
Huit 2015 june town hall renewal slideskevin_donovan
 
Fa qs 2016-04-21
Fa qs 2016-04-21Fa qs 2016-04-21
Fa qs 2016-04-21kevin_donovan
 
Fas da 20141120
Fas da 20141120Fas da 20141120
Fas da 20141120kevin_donovan
 
Partner engagement program connect dots jan 2014-final
Partner engagement program connect dots jan 2014-finalPartner engagement program connect dots jan 2014-final
Partner engagement program connect dots jan 2014-finalkevin_donovan
 
Delivering university self service for it and business services v1
Delivering university self service for it and business services v1Delivering university self service for it and business services v1
Delivering university self service for it and business services v1margaret_ronald
 
It summit salesforce
It summit salesforceIt summit salesforce
It summit salesforcekevin_donovan
 
14.05.08 cloud dev_ops_working_group_update
14.05.08 cloud dev_ops_working_group_update14.05.08 cloud dev_ops_working_group_update
14.05.08 cloud dev_ops_working_group_updatekevin_donovan
 

Recommended

Standard iSites Migration Plan
Standard iSites Migration PlanStandard iSites Migration Plan
Standard iSites Migration Plankevin_donovan
 
Huit 2015 june town hall renewal slides
Huit 2015 june town hall renewal slidesHuit 2015 june town hall renewal slides
Huit 2015 june town hall renewal slideskevin_donovan
 
Fa qs 2016-04-21
Fa qs 2016-04-21Fa qs 2016-04-21
Fa qs 2016-04-21kevin_donovan
 
Fas da 20141120
Fas da 20141120Fas da 20141120
Fas da 20141120kevin_donovan
 
Partner engagement program connect dots jan 2014-final
Partner engagement program connect dots jan 2014-finalPartner engagement program connect dots jan 2014-final
Partner engagement program connect dots jan 2014-finalkevin_donovan
 
Delivering university self service for it and business services v1
Delivering university self service for it and business services v1Delivering university self service for it and business services v1
Delivering university self service for it and business services v1margaret_ronald
 
It summit salesforce
It summit salesforceIt summit salesforce
It summit salesforcekevin_donovan
 
14.05.08 cloud dev_ops_working_group_update
14.05.08 cloud dev_ops_working_group_update14.05.08 cloud dev_ops_working_group_update
14.05.08 cloud dev_ops_working_group_updatekevin_donovan
 
Video accessibility abcd 01232015
Video accessibility abcd 01232015Video accessibility abcd 01232015
Video accessibility abcd 01232015kevin_donovan
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04kevin_donovan
 
Iam it-summit-2015
Iam it-summit-2015Iam it-summit-2015
Iam it-summit-2015kevin_donovan
 
Information security
Information securityInformation security
Information securitykevin_donovan
 
Slt fas fall startup 2014 combined final v2
Slt fas fall startup 2014 combined final v2Slt fas fall startup 2014 combined final v2
Slt fas fall startup 2014 combined final v2kevin_donovan
 
Standard i sites migration
Standard i sites migrationStandard i sites migration
Standard i sites migrationkevin_donovan
 
14.06.05 TLT IT Summit
14.06.05 TLT IT Summit 14.06.05 TLT IT Summit
14.06.05 TLT IT Summit kevin_donovan
 
Making the Case for UX
Making the Case for UXMaking the Case for UX
Making the Case for UXHUXgroup
 
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14kevin_donovan
 
The multi modal curriculum
The multi modal curriculumThe multi modal curriculum
The multi modal curriculumkevin_donovan
 
Tlt for it summit 2015 final
Tlt for it summit 2015 finalTlt for it summit 2015 final
Tlt for it summit 2015 finalkevin_donovan
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summitkevin_donovan
 
20150601 brownbag v3
20150601 brownbag v320150601 brownbag v3
20150601 brownbag v3kevin_donovan
 
Tlt and friends it summit 2016
Tlt and friends it summit 2016Tlt and friends it summit 2016
Tlt and friends it summit 2016kevin_donovan
 
Fas technology renewal
Fas technology renewalFas technology renewal
Fas technology renewalkevin_donovan
 
It summit data mgmt-2016.06.02-final
It summit data mgmt-2016.06.02-finalIt summit data mgmt-2016.06.02-final
It summit data mgmt-2016.06.02-finalkevin_donovan
 
HUIT 2014 Summer Town Hall
HUIT 2014 Summer Town HallHUIT 2014 Summer Town Hall
HUIT 2014 Summer Town Hallkevin_donovan
 
14.05.08 bcdr working_group_update
14.05.08 bcdr working_group_update14.05.08 bcdr working_group_update
14.05.08 bcdr working_group_updatekevin_donovan
 
I sites migration
I sites migrationI sites migration
I sites migrationkevin_donovan
 
It academy
It academyIt academy
It academykevin_donovan
 
Itsummit2015 blizzard
Itsummit2015 blizzardItsummit2015 blizzard
Itsummit2015 blizzardkevin_donovan
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 

More Related Content

What's hot

Video accessibility abcd 01232015
Video accessibility abcd 01232015Video accessibility abcd 01232015
Video accessibility abcd 01232015kevin_donovan
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04kevin_donovan
 
Information security
Information securityInformation security
Information securitykevin_donovan
 
Slt fas fall startup 2014 combined final v2
Slt fas fall startup 2014 combined final v2Slt fas fall startup 2014 combined final v2
Slt fas fall startup 2014 combined final v2kevin_donovan
 
Standard i sites migration
Standard i sites migrationStandard i sites migration
Standard i sites migrationkevin_donovan
 
14.06.05 TLT IT Summit
14.06.05 TLT IT Summit 14.06.05 TLT IT Summit
14.06.05 TLT IT Summit kevin_donovan
 
Making the Case for UX
Making the Case for UXMaking the Case for UX
Making the Case for UXHUXgroup
 
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14kevin_donovan
 
The multi modal curriculum
The multi modal curriculumThe multi modal curriculum
The multi modal curriculumkevin_donovan
 
Tlt for it summit 2015 final
Tlt for it summit 2015 finalTlt for it summit 2015 final
Tlt for it summit 2015 finalkevin_donovan
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summitkevin_donovan
 
20150601 brownbag v3
20150601 brownbag v320150601 brownbag v3
20150601 brownbag v3kevin_donovan
 
Tlt and friends it summit 2016
Tlt and friends it summit 2016Tlt and friends it summit 2016
Tlt and friends it summit 2016kevin_donovan
 
Fas technology renewal
Fas technology renewalFas technology renewal
Fas technology renewalkevin_donovan
 
It summit data mgmt-2016.06.02-final
It summit data mgmt-2016.06.02-finalIt summit data mgmt-2016.06.02-final
It summit data mgmt-2016.06.02-finalkevin_donovan
 
HUIT 2014 Summer Town Hall
HUIT 2014 Summer Town HallHUIT 2014 Summer Town Hall
HUIT 2014 Summer Town Hallkevin_donovan
 
14.05.08 bcdr working_group_update
14.05.08 bcdr working_group_update14.05.08 bcdr working_group_update
14.05.08 bcdr working_group_updatekevin_donovan
 

What's hot (20)

Video accessibility abcd 01232015
Video accessibility abcd 01232015Video accessibility abcd 01232015
Video accessibility abcd 01232015
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04
 
Iam it-summit-2015
Iam it-summit-2015Iam it-summit-2015
Iam it-summit-2015
 
Information security
Information securityInformation security
Information security
 
Slt fas fall startup 2014 combined final v2
Slt fas fall startup 2014 combined final v2Slt fas fall startup 2014 combined final v2
Slt fas fall startup 2014 combined final v2
 
Standard i sites migration
Standard i sites migrationStandard i sites migration
Standard i sites migration
 
14.06.05 TLT IT Summit
14.06.05 TLT IT Summit 14.06.05 TLT IT Summit
14.06.05 TLT IT Summit
 
Making the Case for UX
Making the Case for UXMaking the Case for UX
Making the Case for UX
 
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14
eGoogle analytics-best-practices-abcd-harvard-presentation-9-10-14
 
The multi modal curriculum
The multi modal curriculumThe multi modal curriculum
The multi modal curriculum
 
Tlt for it summit 2015 final
Tlt for it summit 2015 finalTlt for it summit 2015 final
Tlt for it summit 2015 final
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summit
 
20150601 brownbag v3
20150601 brownbag v320150601 brownbag v3
20150601 brownbag v3
 
Tlt and friends it summit 2016
Tlt and friends it summit 2016Tlt and friends it summit 2016
Tlt and friends it summit 2016
 
Fas technology renewal
Fas technology renewalFas technology renewal
Fas technology renewal
 
It summit data mgmt-2016.06.02-final
It summit data mgmt-2016.06.02-finalIt summit data mgmt-2016.06.02-final
It summit data mgmt-2016.06.02-final
 
HUIT 2014 Summer Town Hall
HUIT 2014 Summer Town HallHUIT 2014 Summer Town Hall
HUIT 2014 Summer Town Hall
 
14.05.08 bcdr working_group_update
14.05.08 bcdr working_group_update14.05.08 bcdr working_group_update
14.05.08 bcdr working_group_update
 
I sites migration
I sites migrationI sites migration
I sites migration
 
It academy
It academyIt academy
It academy
 

Viewers also liked

Itsummit2015 blizzard
Itsummit2015 blizzardItsummit2015 blizzard
Itsummit2015 blizzardkevin_donovan
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelSarah Moore
 
DIO Consulting Presentation for Corporate & Large Organizations
DIO Consulting Presentation for Corporate & Large OrganizationsDIO Consulting Presentation for Corporate & Large Organizations
DIO Consulting Presentation for Corporate & Large Organizationsdioconsulting
 
K.Noelle Consulting Presentation
K.Noelle Consulting PresentationK.Noelle Consulting Presentation
K.Noelle Consulting PresentationKirsten Byron
 
Azure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over AgainAzure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over AgainSean Deuby
 
Mobile firstpresentation huit
Mobile firstpresentation huitMobile firstpresentation huit
Mobile firstpresentation huitkevin_donovan
 
Mitigating Risk in a Complex Hybrid Directory Environment
Mitigating Risk in a Complex Hybrid Directory EnvironmentMitigating Risk in a Complex Hybrid Directory Environment
Mitigating Risk in a Complex Hybrid Directory EnvironmentQuest
 
14.06.05 IT Summit UC
14.06.05 IT Summit UC14.06.05 IT Summit UC
14.06.05 IT Summit UCkevin_donovan
 
Identity and Access Management - IDM365
Identity and Access Management - IDM365 Identity and Access Management - IDM365
Identity and Access Management - IDM365 ITMC
 
CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CloudIDSummit
 
It summit 2014_migrating_applications_to_the_cloud-5
It summit 2014_migrating_applications_to_the_cloud-5It summit 2014_migrating_applications_to_the_cloud-5
It summit 2014_migrating_applications_to_the_cloud-5margaret_ronald
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
Pcubed project management consulting presentation
Pcubed project management consulting presentationPcubed project management consulting presentation
Pcubed project management consulting presentationDiego Beltrame
 
Værdien af Identity & Access Management, Jan Quach, Accenture
Værdien af Identity & Access Management, Jan Quach, AccentureVærdien af Identity & Access Management, Jan Quach, Accenture
Værdien af Identity & Access Management, Jan Quach, AccentureIBM Danmark
 

Viewers also liked (20)

Itsummit2015 blizzard
Itsummit2015 blizzardItsummit2015 blizzard
Itsummit2015 blizzard
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
The Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity ModelThe Gartner IAM Program Maturity Model
The Gartner IAM Program Maturity Model
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
DIO Consulting Presentation for Corporate & Large Organizations
DIO Consulting Presentation for Corporate & Large OrganizationsDIO Consulting Presentation for Corporate & Large Organizations
DIO Consulting Presentation for Corporate & Large Organizations
 
K.Noelle Consulting Presentation
K.Noelle Consulting PresentationK.Noelle Consulting Presentation
K.Noelle Consulting Presentation
 
Azure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over AgainAzure AD and Office 365 - Deja Vu All Over Again
Azure AD and Office 365 - Deja Vu All Over Again
 
Content distribution
Content distributionContent distribution
Content distribution
 
Mobile firstpresentation huit
Mobile firstpresentation huitMobile firstpresentation huit
Mobile firstpresentation huit
 
Mitigating Risk in a Complex Hybrid Directory Environment
Mitigating Risk in a Complex Hybrid Directory EnvironmentMitigating Risk in a Complex Hybrid Directory Environment
Mitigating Risk in a Complex Hybrid Directory Environment
 
14.06.05 IT Summit UC
14.06.05 IT Summit UC14.06.05 IT Summit UC
14.06.05 IT Summit UC
 
Identity and Access Management - IDM365
Identity and Access Management - IDM365 Identity and Access Management - IDM365
Identity and Access Management - IDM365
 
CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)CIS 2014: Azure Active Directory (Sean Deuby)
CIS 2014: Azure Active Directory (Sean Deuby)
 
It summit 2014_migrating_applications_to_the_cloud-5
It summit 2014_migrating_applications_to_the_cloud-5It summit 2014_migrating_applications_to_the_cloud-5
It summit 2014_migrating_applications_to_the_cloud-5
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
Pcubed project management consulting presentation
Pcubed project management consulting presentationPcubed project management consulting presentation
Pcubed project management consulting presentation
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaS
 
my profile
my profilemy profile
my profile
 
Værdien af Identity & Access Management, Jan Quach, Accenture
Værdien af Identity & Access Management, Jan Quach, AccentureVærdien af Identity & Access Management, Jan Quach, Accenture
Værdien af Identity & Access Management, Jan Quach, Accenture
 

Similar to A CASE OF IDENTITY MANAGEMENT

Iam update 2014.10.16
Iam update 2014.10.16Iam update 2014.10.16
Iam update 2014.10.16kevin_donovan
 
Student Success Plan Learner Relationship Management Tech Review
Student Success Plan Learner Relationship Management Tech ReviewStudent Success Plan Learner Relationship Management Tech Review
Student Success Plan Learner Relationship Management Tech Reviewshawngormley
 
MoodleMoot Aus 2013 Gina Veliotis
MoodleMoot Aus 2013 Gina VeliotisMoodleMoot Aus 2013 Gina Veliotis
MoodleMoot Aus 2013 Gina Veliotisginave
 
Harvard Student Information System Implementation Update
Harvard Student Information System Implementation UpdateHarvard Student Information System Implementation Update
Harvard Student Information System Implementation Updatekevin_donovan
 
2010 Edu tools
2010 Edu tools2010 Edu tools
2010 Edu toolsWCET
 
Higher Education HCM Deliverable
Higher Education HCM DeliverableHigher Education HCM Deliverable
Higher Education HCM DeliverableKyle Shackleford
 
Sustainability Techniques - Faculty Development Model - Competency-Based Educ...
Sustainability Techniques - Faculty Development Model - Competency-Based Educ...Sustainability Techniques - Faculty Development Model - Competency-Based Educ...
Sustainability Techniques - Faculty Development Model - Competency-Based Educ...Becky Lopanec
 
Eduzilla Institute Management Software
Eduzilla Institute Management SoftwareEduzilla Institute Management Software
Eduzilla Institute Management SoftwareYogesh Raut
 
San eLearning Case Study
San eLearning Case StudySan eLearning Case Study
San eLearning Case StudyGina Veliotis
 
The First 100 days with SSC-Campus
The First 100 days with SSC-CampusThe First 100 days with SSC-Campus
The First 100 days with SSC-CampusLeslie Dare
 
Credential Transparency Initiative - Orientation for Registry Partners
Credential Transparency Initiative - Orientation for Registry PartnersCredential Transparency Initiative - Orientation for Registry Partners
Credential Transparency Initiative - Orientation for Registry PartnersCredential Engine
 
Yale university fostering campus communities webinar slides
Yale university fostering campus communities webinar slidesYale university fostering campus communities webinar slides
Yale university fostering campus communities webinar slidesSalesforce.org
 
Anticipating and Meeting Evolving Student Expectations in a Digital Era
Anticipating and Meeting Evolving Student Expectations in a Digital EraAnticipating and Meeting Evolving Student Expectations in a Digital Era
Anticipating and Meeting Evolving Student Expectations in a Digital EraSalesforce.org
 
LMS: Selecting the Right Tool
LMS: Selecting the Right ToolLMS: Selecting the Right Tool
LMS: Selecting the Right ToolKevin Corcoran
 
A comprehensive approach to digital transformation at the University of South...
A comprehensive approach to digital transformation at the University of South...A comprehensive approach to digital transformation at the University of South...
A comprehensive approach to digital transformation at the University of South...MuleSoft
 
OneIS CANHEIT V03 NN
OneIS CANHEIT V03 NNOneIS CANHEIT V03 NN
OneIS CANHEIT V03 NNMark Roman
 
What’s mine is yours:14-19 Diplomas
What’s mine is yours:14-19 DiplomasWhat’s mine is yours:14-19 Diplomas
What’s mine is yours:14-19 DiplomasBecta FE and Skills
 

Similar to A CASE OF IDENTITY MANAGEMENT (20)

Iam update 2014.10.16
Iam update 2014.10.16Iam update 2014.10.16
Iam update 2014.10.16
 
Student Success Plan Learner Relationship Management Tech Review
Student Success Plan Learner Relationship Management Tech ReviewStudent Success Plan Learner Relationship Management Tech Review
Student Success Plan Learner Relationship Management Tech Review
 
MoodleMoot Aus 2013 Gina Veliotis
MoodleMoot Aus 2013 Gina VeliotisMoodleMoot Aus 2013 Gina Veliotis
MoodleMoot Aus 2013 Gina Veliotis
 
Harvard Student Information System Implementation Update
Harvard Student Information System Implementation UpdateHarvard Student Information System Implementation Update
Harvard Student Information System Implementation Update
 
2010 Edu tools
2010 Edu tools2010 Edu tools
2010 Edu tools
 
Student Success Plan: Helping students reach their goals!!
Student Success Plan: Helping students reach their goals!!Student Success Plan: Helping students reach their goals!!
Student Success Plan: Helping students reach their goals!!
 
Higher Education HCM Deliverable
Higher Education HCM DeliverableHigher Education HCM Deliverable
Higher Education HCM Deliverable
 
Student Onboarding Process
Student Onboarding ProcessStudent Onboarding Process
Student Onboarding Process
 
Sustainability Techniques - Faculty Development Model - Competency-Based Educ...
Sustainability Techniques - Faculty Development Model - Competency-Based Educ...Sustainability Techniques - Faculty Development Model - Competency-Based Educ...
Sustainability Techniques - Faculty Development Model - Competency-Based Educ...
 
Eduzilla Institute Management Software
Eduzilla Institute Management SoftwareEduzilla Institute Management Software
Eduzilla Institute Management Software
 
San eLearning Case Study
San eLearning Case StudySan eLearning Case Study
San eLearning Case Study
 
Research Administration Project
Research Administration ProjectResearch Administration Project
Research Administration Project
 
The First 100 days with SSC-Campus
The First 100 days with SSC-CampusThe First 100 days with SSC-Campus
The First 100 days with SSC-Campus
 
Credential Transparency Initiative - Orientation for Registry Partners
Credential Transparency Initiative - Orientation for Registry PartnersCredential Transparency Initiative - Orientation for Registry Partners
Credential Transparency Initiative - Orientation for Registry Partners
 
Yale university fostering campus communities webinar slides
Yale university fostering campus communities webinar slidesYale university fostering campus communities webinar slides
Yale university fostering campus communities webinar slides
 
Anticipating and Meeting Evolving Student Expectations in a Digital Era
Anticipating and Meeting Evolving Student Expectations in a Digital EraAnticipating and Meeting Evolving Student Expectations in a Digital Era
Anticipating and Meeting Evolving Student Expectations in a Digital Era
 
LMS: Selecting the Right Tool
LMS: Selecting the Right ToolLMS: Selecting the Right Tool
LMS: Selecting the Right Tool
 
A comprehensive approach to digital transformation at the University of South...
A comprehensive approach to digital transformation at the University of South...A comprehensive approach to digital transformation at the University of South...
A comprehensive approach to digital transformation at the University of South...
 
OneIS CANHEIT V03 NN
OneIS CANHEIT V03 NNOneIS CANHEIT V03 NN
OneIS CANHEIT V03 NN
 
What’s mine is yours:14-19 Diplomas
What’s mine is yours:14-19 DiplomasWhat’s mine is yours:14-19 Diplomas
What’s mine is yours:14-19 Diplomas
 

More from kevin_donovan

2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standard2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standardkevin_donovan
 
Fphs informatics for 2016 it summit 160531
Fphs informatics for 2016 it summit 160531Fphs informatics for 2016 it summit 160531
Fphs informatics for 2016 it summit 160531kevin_donovan
 
It summit 2016_combined
It summit 2016_combinedIt summit 2016_combined
It summit 2016_combinedkevin_donovan
 
It summit dataverse-bigdata-mercecrosas
It summit dataverse-bigdata-mercecrosasIt summit dataverse-bigdata-mercecrosas
It summit dataverse-bigdata-mercecrosaskevin_donovan
 
Hms crash planitsummit2016
Hms crash planitsummit2016Hms crash planitsummit2016
Hms crash planitsummit2016kevin_donovan
 
It summit facilitate-researchcomputing-mercecrosas
It summit facilitate-researchcomputing-mercecrosasIt summit facilitate-researchcomputing-mercecrosas
It summit facilitate-researchcomputing-mercecrosaskevin_donovan
 
Lightbox ham it_summit_final
Lightbox ham it_summit_finalLightbox ham it_summit_final
Lightbox ham it_summit_finalkevin_donovan
 
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...kevin_donovan
 
2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standard2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standardkevin_donovan
 
Harvard phone it summit demo 06.02.16
Harvard phone it summit demo 06.02.16Harvard phone it summit demo 06.02.16
Harvard phone it summit demo 06.02.16kevin_donovan
 
Phish, flop, or fine
Phish, flop, or fine Phish, flop, or fine
Phish, flop, or fine kevin_donovan
 
IT Academy at IT Summti
IT Academy at IT SummtiIT Academy at IT Summti
IT Academy at IT Summtikevin_donovan
 
Saving our social_media
Saving our social_mediaSaving our social_media
Saving our social_mediakevin_donovan
 
Stakeholder update 4 14 data center outage
Stakeholder update 4 14 data center outageStakeholder update 4 14 data center outage
Stakeholder update 4 14 data center outagekevin_donovan
 
Data center outage project update
Data center outage project updateData center outage project update
Data center outage project updatekevin_donovan
 

More from kevin_donovan (20)

2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standard2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standard
 
Fphs informatics for 2016 it summit 160531
Fphs informatics for 2016 it summit 160531Fphs informatics for 2016 it summit 160531
Fphs informatics for 2016 it summit 160531
 
It summit 2016_combined
It summit 2016_combinedIt summit 2016_combined
It summit 2016_combined
 
It summit dataverse-bigdata-mercecrosas
It summit dataverse-bigdata-mercecrosasIt summit dataverse-bigdata-mercecrosas
It summit dataverse-bigdata-mercecrosas
 
Hms crash planitsummit2016
Hms crash planitsummit2016Hms crash planitsummit2016
Hms crash planitsummit2016
 
It summit facilitate-researchcomputing-mercecrosas
It summit facilitate-researchcomputing-mercecrosasIt summit facilitate-researchcomputing-mercecrosas
It summit facilitate-researchcomputing-mercecrosas
 
Lightbox ham it_summit_final
Lightbox ham it_summit_finalLightbox ham it_summit_final
Lightbox ham it_summit_final
 
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...
 
2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standard2016 it summit_accessibility_2016-05-24_standard
2016 it summit_accessibility_2016-05-24_standard
 
Harvard phone it summit demo 06.02.16
Harvard phone it summit demo 06.02.16Harvard phone it summit demo 06.02.16
Harvard phone it summit demo 06.02.16
 
Phish, flop, or fine
Phish, flop, or fine Phish, flop, or fine
Phish, flop, or fine
 
Waldo Summit 2016
Waldo Summit 2016Waldo Summit 2016
Waldo Summit 2016
 
IT Academy at IT Summti
IT Academy at IT SummtiIT Academy at IT Summti
IT Academy at IT Summti
 
Saving our social_media
Saving our social_mediaSaving our social_media
Saving our social_media
 
Urc it summit-2
Urc it summit-2Urc it summit-2
Urc it summit-2
 
Tlt success
Tlt successTlt success
Tlt success
 
Stakeholder update 4 14 data center outage
Stakeholder update 4 14 data center outageStakeholder update 4 14 data center outage
Stakeholder update 4 14 data center outage
 
Open housepix
Open housepixOpen housepix
Open housepix
 
Data center outage project update
Data center outage project updateData center outage project update
Data center outage project update
 
Noc and soc deck
Noc and soc deckNoc and soc deck
Noc and soc deck
 

Recently uploaded

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 

Recently uploaded (20)

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 

A CASE OF IDENTITY MANAGEMENT

  • 1. A CASE OF IDENTITY Building Solutions to Assist
  • 2. 3 WHAT IS IDENTITY & ACCESS MANAGEMENT? Identity and access management (IAM) technologies and services enable the right individuals to access the right resources at the right times for the right reasons. We all use IAM solutions many times a day: •  Logging in to websites, servers, and other resources •  Accessing research materials at Harvard and beyond •  Checking a colleague’s calendar for a meeting •  Adding, removing, or changing employee records At Harvard, the IAM Program exists to streamline these interactions and make it easier for you to do your day-to-day tasks.
  • 3. 4 WHAT IS IDENTITY & ACCESS MANAGEMENT? Simplify User Experience Simplify and improve access to applications and information inside and outside of the University Enable Research & Collaboration Make it easier for faculty, staff, and students to research and collaborate within the University and with other institutions Protect University Resources Improve the security stature of the University with a standard approach. Facilitate Technology Innovation Establish a strong foundation for IAM to enable user access regardless of new and/or disruptive technologies Objectives Guiding Principles Key Performance Indicators Harvard Community needs will drive our technology Tactical project planning will remain aligned with the Program strategic objectives Solution design should allow for other Schools to use the foundational to communicate with the IAM system in a consistent, federated fashion Communication and socialization are critical to our success Monthly number of help desk requests relating to account management Monthly number of registered production applications using IAM systems Monthly number of user logins and access requests through IAM systems Monthly number of production systems to which IAM provisions Our vision: Provide users, application owners, and IT administrative staff with secure, easy access to applications; solutions that require fewer login credentials; the ability to collaborate across and beyond Harvard; and improved security and auditing.
  • 4. 5 ABOUT THE IDENTITY LIFECYCLE Provisioning Authentication Permissions Self-Service Deprovisioning Authorization Alumni HKS HMS
  • 5. Harvard Medical School: Improved User Provisioning Erica Bradshaw Director, Identity and Access Management Strategy and Planning, HUIT Tyson Kamikawa Director, Shared Platforms and IT Effectiveness, HMS A CASE OF IDENTITY
  • 6. 7 HMS: IMPROVED USER PROVISIONING MADRIS HSPH XML Guest Test •  Difficult to change •  Potential duplication of HU efforts •  Aging guest account process •  Account EOL not managed well Current State Apps Server
  • 7. 8 HMS: IMPROVED USER PROVISIONING Future State MADRIS HSPH XML Guest Test •  Leverage HU platform •  Reduce complexity & effort •  Robust toolset •  Improved business process •  Long-term redundancy reduction
  • 8. Harvard Kennedy School: Federated Authentication Gretchen Grozier IAM Community Program Manager, HUIT Steve Duncan Director of Information Technology, HKS Paul Hermany Information Developer, HKS A CASE OF IDENTITY
  • 9. Authentication Design in 2008 •  Standardized on Active Directory •  Focused on HKS faculty, staff, and students -  Manual process put in place to provision “sponsored accounts” for HKS affiliates •  Single sign-on a key requirement •  Kept it simple: -  Selected products and solutions built to work with AD -  Minimized the amount of custom code needed for authentication and authorization 10 HKS: FEDERATED AUTHENTICATION
  • 10. 11 Pressures on the System •  Increased collaboration between Schools means more and more accounts provisioned each year -  Jointly-listed courses -  Cross-registration -  Research collaboration •  More reliance on timely access to digital classroom materials -  HKS has gone digital for all course materials -  Significant growth in the number of digital cases •  HKS goal to actively engage alumni •  Higher user expectations •  Security concerns HKS: FEDERATED AUTHENTICATION
  • 11. 12 User Frustrations •  Additional usernames and passwords •  Time delay in provisioning accounts •  Complicated process for requesting accounts Staff Frustrations •  IT Help Desk overrun each semester with calls from non-HKS students who have forgotten passwords or are otherwise confused •  IT operations staff burdened with process of deprovisioning accounts HKS: FEDERATED AUTHENTICATION
  • 12. 13 Advantages of Federation •  Better user experience –  Users use an account they already know –  No delays in provisioning •  Lower HKS IT support costs –  No need to provision/deprovision accounts or maintain passwords •  Active Directory Federation Services works well with HKS key technologies •  Attributes can be delivered for authorization decisions HKS: FEDERATED AUTHENTICATION
  • 13. 14 Active Directory Federation Services SAML Aware Application ShibbolethPIN Alumni Faculty, Staff, Students Tufts, MIT, … Harvard HKS: FEDERATED AUTHENTICATION Implementation Timeline HKS Alumni July 2014 HU Faculty, Staff, Students July 2015 Tufts, MIT July 2015
  • 14. Harvard Alumni Association: A Seamless Transition Jane Hill Director, IAM Product Management, HUIT Julie Broad Director, Alumni Affairs & Development Technology A CASE OF IDENTITY
  • 15. Diverse Alumni Populations from Multiple Sources More than 380,000 alumni Executive Education Programs One semester or 9+ weeks of program work Degree Recipients 16 HAA: A SEAMLESS TRANSITION
  • 16. Harvard Alumni Association Supports Online Directory ToolsDonate Event HubEvents Clubs Online Career Advising ServicesNetworking 17 HAA: A SEAMLESS TRANSITION
  • 17. Process Challenges and Cranky Users •  New admits are in the system right away •  Regular updates flow from Registrar •  But as graduation approaches, we ask students to register (huh?) so we can issue them a new, separate account REGISTER •  Challenging to know if user registering is who they say they are •  Lack of a process for HUID/PIN to be reset after graduation frustrates recent grads CREDENTIAL •  Some schools have their own separate credentials and services •  Multiple Helpdesks add to user confusion SUPPORT 18 HAA: A SEAMLESS TRANSITION
  • 18. • Eliminate the need to register with HAA • Allow student accounts to work forever • Use standard processes for password reset, account management • Enable separate help desk and tailor process designs for alumni • Standard Harvard credentials make it simpler for application owners to extend access to HAA-approved resources • Provide information on what resources are available • Standard credential model provides opportunities to offer services to new groups of people in future — donors, parents, etc. • Improve self-service password reset by enabling option to specify both phone and email recovery information • Tailor onboarding and proofing to HAA populations • Provide standard protocols for easier integration of new applications IAM Objectives Support Alumni Engagement 19 HAA: A SEAMLESS TRANSITION Improve End User Experience Expand Access to Resources Balance Convenience and Security
  • 19. 2 0 Stakeholder Experience Today Future Goals End Users Different user names and credentials to access Harvard and non-Harvard apps and data Creating and managing user accounts is manual and paper-based No access to external sites, or forced to register for accounts Access to services and resources interrupted when users change, add, or leave roles Access information and perform research across schools (and with other institutions) using a single credential Manage own accounts and sponsor others through a centralized web application Use internal Harvard credentials to access common external sites Use the same set of credentials despite changes in status, roles, or affiliations Application Owners Tough to integrate access management, meaning long implementation timelines and higher costs Forced to grant application access to users with the same rights on a one-by-one basis Easily integrate Harvard users with internal and external applications via an application portal Control user access in groups, not individuals People Administrators Must create sponsored guest identities manually, resulting in delays and loss of productivity Can’t streamline deprovisioning of users’ access privileges across multiple systems Sponsors can create and manage external parties’ identity and access Automated provisioning reduces the burden on people administrators of disparate systems and improves Harvard’s security posture HOW DOES THIS BENEFIT ME?
  • 20. (Didn’t pick up a chart? Raise your hand, we’ll get you one.) 21 HOW DOES THIS BENEFIT ME?
  • 21. 22 •  Identity begins at the first login screen •  IAM exists to make onboarding, day-to-day use, role changes and access to resources easier for everyone in the Harvard Community •  Our efforts will improve productivity and make day- to-day life simpler for faculty, staff, students, researchers, people administrators, application owners, and more •  And when IAM services are done right, you don’t even notice the effects — things just work IAM: IN SUMMARY
  • 22. Take the mystery out of identity. Learn more about our program at iam.harvard.edu