Center for Information Technology Services

Home > CITS > Communications > Archives > Priorities > October 2004 > Authentication

UMB Directory/Authentication Strategy
Update November 2003

Goal:
To have a robust, secure campus Directory/Authentication environment that provides seamless, intuitive connectivity to contemporary systems and that protect against security breaches while supporting appropriate access to data for UMB research, teaching, and administrative operations.

Objectives:

  • To implement and maintain a LDAP solution for Identity Management, Authentication, Authorization and integration for central systems.
  • To build an identity management database which is an accurate and up-to-date authoritative identity repository for people, organizational units, roles, groups and other attributes.
  • To implement a directory service solution that would address authentication and authorization issues for the purpose of gaining access to central applications through the use of one userid and password.
  • To implement a web portal that will give users simple, quick, secure access to needed information.

 Current State:
UMB currently has many central applications and servers with separate and distinct userids and passwords. Authorizations to these systems are difficult to obtain and the access removal process is very manual in nature. Most users have several different userids and passwords which are difficult to manage and the current manual account management process presents security problems.

Schedule:

Jan./Feb. 2003: Developed Directory Services vendor evaluation chart.

Feb. 2003: Meeting with UMB and UMBC IT Leaders to discuss directory services.

Feb./ March 2003: Identified directory software solution.

Feb./ March 2003: Developed Scope document

March/April 2003: Developed Draft Implementation Plan (Phased approach)

April/May 2003: Developed an inventory of campus applications.

May 2003; Developed diagrams of current account add and remove processes.

May/June 2003: Developed a document recommending rules based approach.

May/June 2003: Developed NetID recommendation document.

July/August 2003: Worked with HR, Academic Affairs and CITS staff to develop rules and processes for adding and removing computer accounts for faculty/staff and students to central applications and servers.

August/Sept 2003: Acquired knowledge of PeopleSoft portal technology.

Sept/October 2003: Setup hardware and software for prototype directory.

November 2003: Develop programs and processes for adding and removing faculty/staff and student data.

January 2004: Develop new LDAP version of campus white pages.

Outcome:
UMB will design and build a directory service that provides Identity Management, Authentication, Authorization and integration of multiple systems. This system will allow for the creation of a campus portal. This system will allow for the timely management of identities and access control to our applications more quickly and effectively. Using authoritative applications to provide access to our many systems will allow the university to provide more accurate solutions for protecting data, while at the same time, ensuring data access for those who need it. UMB faculty, students and staff can rest assured that their data and systems are protected and that only the users who are authorized to have access do.