Implementing Identity Management, Provisioning, and LDAP Authentication for PeopleSoft

1
Implementing Identity Management, Provisioning,
and LDAP Authentication for PeopleSoft

• June 8, 2007
• USM Conference
• Coppin State University

2
Presenter(s)

• Chris Kennedy
• Sr. PeopleSoft Administrator/Analyst
• Leda McNair
• Sr. DBA / PeopleSoft Administrator

3
Overview

• Coppin State University uses the Fischer
  Identity Management and Provisioning suite to
  automatically create student and employee
  accounts for Microsoft Active Directory and
  PeopleSoft. This presentation will discuss which
  events are used in PeopleSoft to trigger the
  account creation process and how the campus is
  using the Fischer Directory for LDAP
  authentication

4
Agenda/Contents

• Network / PeopleSoft Environment Overview/Layout
• Event Triggers
• Students
• Employees
• LDAP Authentication
• Lessons Learned

5
Coppin State University

• Baltimore, MD
• Liberal Arts University
• Founded in 1900
• Enrollment between 4,000 4,500 students

6
PeopleSoft Applications

• Live
• Financials 8.9MP4 / PeopleTools 8.47.11
• Enterprise Portal 8.8 / PeopleTools 8.45.13
• HR/SA/CR 8 / PeopleTools 8.22.13
• Future
• Upgrading to HCM/CS 9.0 (go-live Summer 2008)
• Upgrading to Enterprise Portal 9.0 (go-live Fall
  2008)

7
PeopleSoft Environment (Production Only)

• Each Application (Portal, HR/SA, Financials)
• 2 web servers
• 1 report server (due to load balancing of web
  servers)
• 2 application servers (one for application
  messaging and one for user logins)
• 1 database server
• 1 fileserver

8
Network / PeopleSoft Environment Configuration
9
Network / PeopleSoft Environment Configuration
10
Event Triggers (Students)

• Matriculation (ADM_APPL_PROG record)
• Creates network account, network home directory,
  web folder, and email account
• Writes temporary table for creating PeopleSoft
  account

11
Event Triggers (Employees)

• Hire (Job record)
• Based on their empl class
• Creates network account, network home directory,
  and email account
• PeopleSoft account created manually
• Termination, Leave of Absence, Retirement (Job
  record)
• Writes record to temporary table for review to
  disable account
• Reason - employee may have multiple jobs

12
Event Trigger(Component PeopleCode)

• ADM_ACT_ENTRY.GBL.SavePostChange
• Example
• /
• Fischer PeopleCode to Publish Messages
• /
• Declare Function PublishMessage PeopleCode
  FISC_FUNC_LIB.FISC_FUNC_LIB FieldFormula
• ReturnValue PublishMessage(GetLevel0())

13
Event Triggers (Future Enhancements)

• Automate creation of PeopleSoft accounts for
  both students and employees

14
LDAP Configuration
LDAP Authentication
Password Synchronization
15
LDAP Configuration

• Reasons for using Fischer Active Directory for
  LDAP authentication
• PeopleSoft does not use multiple directories
• Needed one directory with all student and
  employee accounts

16
LDAP Configuration

• PeopleTools gt Security gt Directory gt Configure
  Directory

17
LDAP Configuration

• PeopleTools gt Security gt Directory gt
  Authentication Map

18
Lessons Learned

• Leave encrypt flag in PSOPRDEFN set to 1
  (otherwise batch processes in HR/SA will fail)
• Set password in PSOPRDEFN to some plain text
  value
• Disable password controls in PeopleSoft
• Make sure password controls are consistent
  between active directory domains
• LDAP failover configuration not available until
  PeopleTools 8.48

19
Questions?
20
Contacts

• Chris Kennedy
• Sr. PeopleSoft Administrator/Analyst
• Coppin State University
• E-mail ckennedy_at_coppin.edu
• Leda McNair
• Sr. DBA / PeopleSoft Administrator
• Coppin State University
• E-mail lmcnair_at_coppin.edu