Identity Management at George Mason University

1
Identity Management at George Mason University

• Charlie Hofmann
• chofmann_at_gmu.edu

2
What is Identity Management

• Awareness of all users with their associated data
  
• Management of the users identities across all
  varieties of computing infrastructure and
  application environments.
• Authorization and authentication of their
  identity for access
• Provisioning into systems and applications based
  on a persons attributes.
• Removal of people from systems as required by
  business rules or on demand

3
Scope of Project

• Produces a true enterprise LDAP
• Combines ITU and academic systems
• Phase I Systems

4
The Sun Identity Manager

• Automates user provisioning and de-provisioning
• Centralizes and standardizes password management
• Includes user self-service and delegated
  administration
• Automates user data synchronization
• Non-invasive, flexible web architecture
• A customizable and brandable product
• Comprehensive auditing and reporting

5
Project Teams

• Technical Team ITU and ITE Staff along with
  Sun and Aegis consultants
• Functional Team

6
Logic Flow
NetId
LDAP
Banner
IDM
New Mason Users
IT E
E-Mail
Others
IDM / Banner Interface Table
7
Enterprise LDAP

• Enterprise LDAP Private
• Secure directory open to privileged users
• Contains information on a persons roles
• Based on the eduPerson schema
• Expandable as needed
• LDAP Policy and procedure is being developed

8
White Pages or Public LDAP

• Open to the General Public
• Respects Privacy Flags and TD Holds
• Contains names and the email address for all
  people
• Contains office location and job information for
  employees
• Contains major and level for students

9
The Mason NetId

• The Mason NetId is your login id on all systems
  and uses the same password everywhere
• Existing email addresses are grandfathered into
  the system as Mason NetIds
• New Mason NetIds follow this format FLLLLLLN
• F First initial of the first name
• L Up to six characters of the last name
• N A number
• As number space fills, L is truncated e.g.
  chofman20

10
Passwords

• Format
• At least 8 characters with 12 recommended
• May be reused after 10 generations
• Upper case, lower case, numbers, special
  character must contain at least one from three
  groups
• Change policy Every 180 days
• Existing passwords are grandfathered
• A password change web site is provided allowing
  users to change their own passwords
• Security quizzes must be taken with every 2
  password changes.

11
Project Status

• Initial coding of Mason customizations completed
  in late April
• Acceptance and Functional testing began in
  mid-May
• IDM 6.0 installed July 17 20 with Service Pack
  2 installed August 15
• Go Live date October 30, 2006

12
Issues Account Claiming

• New users claim their Mason NetId using their G
  Number and a claim code
• New students Use their admissions PIN as the
  claim code
• New employees A random code can be generated,
  but HR wants to use the SSN or a portion of the
  SSN
• Random codes if neither exist
• Both instances need to be communicated

13
Issues Email Addresses

• Email aliases IDM allows three email aliases
  per person without controls
• CharlieHofmann_at_gmu.edu
• ThatGuyFromNorthCarolina_at_gmu.edu
• LotsOfBadWords_at_gmu.edu
• Display Names Free Format
• Only allowed for Faculty and Staff

14
Open Issue Miscellaneous

• Knowledge transfer from Sun to Mason
• Communication Ongoing
• New login to Banner Self Service/Patriot Web
• Password changes
• Claim codes
• Former students requesting transcripts
• RAK employees and students

15
Questions

• Charlie Hofmann
• chofmann_at_gmu.edu
• 703-993-3425