Identity Management Choosing and Using Sun’s Identity Management Suite

March 13th, 2007

Kim TracyExecutive DirectorUniversity Computing Services Northeastern Illinois University

+1 773-442-4374K-tracy@neiu.edu

Northeastern Illinois University (NEIU)

• Public university on northwest side of Chicago

• ~12,000 students, ~2,200 faculty & staff

• Commuter campus (no housing)

• Large number of transfers

Kim W. Tracy – 3/13/2007 2

Starting NEIU Environment

• In process of implementing full SGHE Banner suite (including Luminis portal)

• Independent accounts on systems– Exchange for faculty/staff– SunOne e-mail for students– Novell file shares– Blackboard– Luminis portal– Other LDAP-controlled resources

• Used homegrown tools to sync and populate accounts from existing SIS (Jenzabar/CARS)

• Had sync-ed account names for LDAP/Novell/AD

Kim W. Tracy -- 3/13/2007 3

Kim W. Tracy – 3/13/2007 4

Our Scope and Problems to Address

• Account and password integration across all resources

• Web-based Single Sign On via Luminis to Blackboard & e-mail systems

• Feed from existing SIS to IdM to create roles, account and e-mail addresses

• Something that would evolve to integrate with Banner as we deploy it

• Initial phase in about 2 months from project start– To synchronize and provision accounts and passwords on

all major resources– Needed to coincide with Luminis portal deployment– SSO between Luminis, Blackboard, and e-mail

• Later phases to handle deprovisioning, other resources

Kim W. Tracy – 3/13/2007 5

The Decision Process

• Used an RFP process to get bids from major IdM vendors– Only gave vendors a couple of weeks to respond

• Required an integrated response (implementation, HW, & SW)– Required coordination between vendors & implementors

• Key factors:– Ability to implement in short timeframe– Software capability– Consistency with planned architecture

• Narrowed to two vendors– Got more detailed proposals

• Choose a Sun/Simplesoft proposal that best addressed our RFP requirements and factors

Kim W. Tracy – 3/13/2007 6

Solution Implementation

• Got an integrated response from Simplesoft/Sun that included:

– 5 Sun Servers– The Sun Identity Management Suite– Simplesoft implementation services

• Most functionality was “out of the box”

• User interface for account initialization and password reset was tuned to our requirements

• Used LDAP for Blackboard & Luminis to simplify process

• Used SSO in Luminis instead of Sun Access Manager

• Integrations for Blackboard and Luminis written to their respective specifications

• Built a back-feed to populate SIS with e-mail and account ID’s created by IdM

Kim W. Tracy – 3/13/2007 7

Summary & Status

• Phase 1 pretty much on time– Was difficult and took a lot of coordination – Still working on:

• SSO w/Blackboard• Fully automating provisioning of accounts to

Luminis & Blackboard

• We have cleaned up many long standing account management issues by taking our lumps now

– Users had to reset passwords to adhere to strong password policy

– Now, users have access to all their resources with one account initialization

• Now have a platform on which to – build further role-based services to support alumni,

retirees, prospective students, etc.– Integrate SSO with most major systems

Kim W. Tracy – 3/13/2007 8

Questions?