NetID project

1
NetID project
2
What is a NetID?

• The NetID is the account that will grant a user
  access to the MUSC network. As soon as a user
  activates their account they will be provisioned
  in each supported authentication source. In
  practical terms, the NetID is a merging of the
  MNA and AD accounts.
• All current MNA and AD authentication mechanisms
  will continue to work as they do today.

3
Who gets a NetID?

• Everyone associated with MUSC should be
  registered.
• The registration process will automatically setup
  the user with a NetID and thus provision the user
  with both an MNA and a AD account.

4
How do I get registered?

• A Registration Authority will be responsible for
  determining whether a person has an established
  identity and sponsored affiliation in the
  Identity and Access Management system.
• If not already established, the Registration
  Authority will create an identity record for the
  person in the Identity and Access Management
  System.
• The various Human Resources departments will be
  responsible for designating each Registration
  Authority.
• When in doubt, a potential user or their
  supervisor should contact HR regarding the
  registration procedure.

5
How will the NetID be implemented?

• Sun Java Identity Manager will be the foundation
  of our Identity and Access Management System
• Legacy applications (Person Registry, MUMPI Ad
  Hoc, and GAB applications, as well as the Online
  MNA request form) will be replaced
• Much of the paper request forms will be eliminated

6
What is Identity and Access Management?
7
What are the NetID standards?

• http//www.musc.edu/iams/Standards_and_Guidelines/
  NetID.html

8
What do the NetID standards address?

• Namespace
• Password Complexity
• Password Distribution
• Registration

9
Namespace

• Existing users will be assigned a NetID that has
  the same namespace as their primary MNA or AD
  account
• Existing users will be assigned an email alias
  that is the same as their current primary email
  id.
• The NetID for new users will consist of the first
  3 characters of the users initials with digits
  added as necessary.
• New users will receive an email alias based on
  their name, using the same algorithm currently
  used to generate MNA or AD accounts.
• The email alias can be changed upon request.

10
Namespace Example

• Robert Jackson Smith could receive rjs5 as his
  NetID and smithrj as his email alias
• Robert Jackson Smith would then login to the
  network as rjs5 and smithrj would be
  published in the Online directory.
• He logs into his email system as rjs5.
• He will need to configure his email system to
  publish smithrj.
• Exception - Groupwise.

11
Password Complexity

• Passwords must be between 6 and 10 characters
  long.
• The characters must contain of 3 of the
  following a numeric character, an uppercase
  character, a lowercase character, or a special
  character.
• Must not contain the username
• Must not contain the first name, preferred name
  or the last name
• Must not be in the Identity Management dictionary

12
Password Distribution

• Users must pick up their NetID username and a
  temporary password at a designated security
  station
• The user must then activate their NetID within 60
  days.
• The activation process entails
• Agreeing to the Computer Use Policy and Security
  and Confidentiality Agreement
• Establishing 3 shared secrets
• Changing their password.

13
Password Changing

• As long as the password adheres to the password
  policy, password changing will not be required.
• The NetID password may be changed by going to the
  Identity Manager website.
• NetID password changes will automatically change
  the MNA and AD passwords.
• When a user forgets her password, she will be
  encouraged to utilize the self-service website.
  The user will be required to answer 2 shared
  secrets.
• Passwords may be manually reset by going to a
  designated security station.

14
Registration Standards

• Prior to granting a password reset request, the
  user will be required to have an active
  registration.
• Thus, in preparation for implementing Sun Java
  Identity Manager, we will be working with the
  various HR personnel to establish enough
  Registration Authorities.
• As we establish Registration Authorities, well
  be auditing GAB.

15
How will the NetID standards be applied to
existing users?

• Existing MNA and AD accounts will be provisioned
  with NetID in Sun Java Identity Manager
• Existing users will be given 60 days to activate
  their NetID
• Activation will require the user to
• Login with an existing MNA or AD account
• Have an active registration (i.e. sponsorship)
• Agree to the Computer Use Policy and the Security
  and Confidentiality Agreement
• Establishing 3 shared secrets
• Change their password, if it doesnt conform to
  the new complexity standards

16
What is the NetId project timeline?

• NetID - July 06
• Implement Sun Java Identity Manager
• Begin new processes with new users.
• Existing users will have 60 days to activate
  their NetID and thus synchronize their MNA and AD
  accounts.
• After sufficient warning, users who fail to
  activate their NetID, will have their NetID (and
  consequently their MNA and AD) account disabled.
• Evaluate priority of other Identity Management
  projects - Sept 06

17
What are the other Identity Management projects?

• Single Sign-On
• Roll Based Access management
• Federated Identity Management
• Provisioning OACIS
• etc.

18
Other Questions?