2. Agenda
● Project Overview and Updates
● Key Features
● Demo
● Next Steps
3. Project Overview and Updates
User ID maintenance challenges:
● Multiple channels for requests
● Unsecured and time-consuming process for delivering passwords to users
● No central view of the user for ITO-managed applications
Project Objectives:
● To streamline and standardize the end-to-end user ID maintenance process.
● To provide a common channel for user ID related requests and follow-ups.
● To incorporate standard and/or automated tools in the process
4. Project Overview and Updates
Key decisions made:
● Create a separate, simpler front-end for common users vs. authorized requestors
● Remove ESS from the proposed application architecture
●
Introduce verification of requester identity instead as 2nd authentication factor
● Divide the project into phases, based on functionality to be delivered
Project Phases & Scope:
● Phase 1: Self-service requests (Reset and Unlock) and password delivery
● Phase 2: Requests requiring approval (e.g. Creation, Deletion, Modification, etc.)
● Phase 3: User ID database
5. Application Architecture Roadmap
3
ID 5
RT
5a
Administrator Password Business
Generator Application
4
BU 7
Approver 6
DB
User ID Maintenance Application
10
1 8
2
BU Windows
User 2a User ID User 9 Approver
Requestor Active
DB
Directory
Approver
Demand Process Deliver Password
6. Application Architecture Roadmap
3
ID 5
RT
5a
Administrator Password Business
Generator Application
rate
4
pa
Se ject
pro Approver
BU 7 6
DB
User ID Maintenance Application
10
1 8
2
3
a se
User
BU 2a
Ph User ID Windows
User 9 Approver
Requestor Active
DB
e 2 Directory
Ph as
Approver
Demand Process Deliver Password
7. Product Overview
The User ID Maintenance Application
● is a web-based application
● will be made accessible over the BDO intranet (https://userid.bdo.com.ph)
● will serve as the default channel for requests and follow-ups from BDO users
● will cover user IDs managed by ITO only
● will interface with but not replace ITO's central ticketing system (RT)
● will not be integrated with business applications (ex. ICBS, OPICS, etc.)
● will have major releases corresponding to the 3 project phases
8. Key Product Features (Release 1)
Works with Windows AD
● Uses Windows AD authentication
● Retrieves relevant employee information from AD (name, employee number,
email address, etc.)
Works with Request Tracker
● Web front-end connects to Request Tracker
● Creates RT ticket
● Assigns ticket to RT Coordinator based on the business application
● Closes ticket upon password delivery
9. Key Product Features (Release 1)
Secures password delivery to user
● Removes the need for administrators to remember / write down passwords
● Requires 2-factor authentication for password retrieval:
Windows password + password key
OR 2 password keys
● Deletes encrypted password in the database N days after resolution (N = 7 )
Secures viewing of requests
● Allows viewing of requests by the requestor or approvers only after log-in
● Exception: requests for Windows IDs (log-in not required)
10. Key Product Features (Release 1)
Guides the user
● User chooses among limited options to get to desired page
● Tool tips, hints and reminders
Manages privileged users via roles
● ID administrator
● Website administrator
Keeps an audit trail for critical actions:
● Action: login, create/approve/view request, retrieve password
● Information: IP address, session ID, Windows ID, timestamp
Email notification capability
12. Demo
User RT Coordinator Servicing Personnel
(ID Administrator)
Request
Tracker
Application
(ex. ICBS,Opics,
Cadencie)
User ID
Website
13. Demo – Unlock ID
User RT Coordinator Servicing Personnel
(ID Administrator)
Review & Open
Request assign assigned
Tracker ticket ticket
Set ticket
Steal status to End
ticket “Resolved”
Application
Unlock
(ex. ICBS,Opics, ID
Cadencie)
Start
Submit
request
User ID
Website
14. Demo – Reset Password
User Approver RT Coordinator Servicing Personnel
(ID Administrator)
Review & Open
Request assign assigned
Tracker ticket ticket
Steal
ticket
Application Reset
(ex. ICBS,Opics, password
Cadencie)
Start
Submit Approve Search for
request request RT ticket #
Send new
Retrieve
User ID End password
password
Website to user
15. Demo – Reset Password (Windows)
User Approver 1 Approver 2 RT Coordinator Servicing Personnel
(ID Administrator)
Review & Open
Request assign assigned
Tracker ticket ticket
Steal
ticket
Application Reset
password
(ex. ICBS,Opics,
Cadencie)
Start
Submit Approve Approve Search for
Request request request RT ticket #
Send new
Retrieve
User ID End password
password
Website to user
16. Next Steps
Key Dates:
Dates Activities
9/14 - 9/26 Product testing
Pilot deployment preparations
10/6 Application deployment (bdoulx023)
10/10 - 10/31 Pilot to selected business units
Technical support and fixes as needed
Performance testing and tuning parallel to pilot (bdoulx024)
Bank-wide rollout and timeline will be decided after the pilot.
18. Application Architecture Roadmap
User ID
RT
3
ID Administrator
Password 5
Business
Website Generator Application
8
7
4
1
User BU
User ID 9
Approver
DB Approver
DB
6 User ID
Website
BU
2 10
Requestor
11
Windows
Active
Directory
Approver 2a
User
Demand Process Deliver Password
19. Application Architecture Roadmap
User ID
RT
3
ID Administrator
Password 5
Business
Website Generator Application
8
7
4
1
User BU
User ID 9
Approver
te 3
ase
DB
ara
DB Approver
p
Se ject Ph
6 User ID
Website
BU
Requestor 2 pro 10
2
se
11
a Windows
PhApprover
Active
Directory
2a
User
Demand Process Deliver Password