SGHE Summit – Banner Enterprise Identity Management (BEIS)

 conference, enterprise architecture  1 Response »
Apr 272010
 

SGHE Summit – Banner Enterprise Identity Management (BEIS) – Dan Sterling and Mark B

Definitions (Identity Management in Action)

  • Provisioning (Create IDs)
  • Authentication (AuthN) – is the user allowed to access the system
  • Authorization (AuthZ) – is the user allowed to access services within the system

Identity Mgmt in Banner ODC

  • Standardization
  • Banner Database Components
  • Middle Tier Components
  • Provisioning Support and Architecture
  • Authentication Architecture
  • Authorization Architecture

IDM Goals

  • adopt a standard UDC Identity definition with UDC Identitfier (GUID for SGHE apps)
  • support user provisioning from Banner
  • support user provisioning to SGHE apps

Common Identity Definition

  • foundation of BEIS architecture is common
    • using W3C XML Schema – using SPML and HR XML standard
      UDCIdentity some of the data can be mapped to eduPerson attributes
  • if you license any Banner product you can download, install and use BEIS without any licensing

Software Prerequisites

  • Banner General 8, Intcomp 7.3.0.1, Oracle 10gR2 DB and App Server
  • Data mining via Oracle Streams and Advance Queuing
  • Banner Streams Capture and Apply API – gp_streams_utils
  • Banner Streams Metadata Form – guasadm
  • Banner General Rules Form – gorrsql
  • CAS 3.2.1.1 and 3.3.1.1

Identity Data Export Utilities

  • UDCIdentifier Assigner
  • UDCIdentifier Extractor
  • LDIF Generator
  • SPML LDAP Adapter

Authentication Support

  • local native authn
  • ldap authn
  • claims based authn – applications are configured to not authn and accept an assertion (CAS is an example)

Supported are INB, BSS, Travel & Expense, BDMS

SGHE Summit – Electronic Banner Access Request (eBAR) Workflow

 conference  1 Response »
Apr 272010
 

Electronic Banner Access Request (eBAR) Workflow – Portland State University

Replace paper form routing from Portland State University

Electronic routing – replaced two paper forms with Banner Self Service online form – uses Banner Workflow to route the request

Advantages of eBAR Workflows

  • faster than paper request process
  • can be routed to multiple users in parallel
  • no time wasted delivering paper between offices
  • no lost paper forms
  • password delivery via BSS = security
  • copy permissions from an existing user
  • “I Agree” checkbox for Acceptable Use Policy
  • dynamically routes to supervisor (right now user picks their supervisor)
  • auto creates workflow account for supervisor
  • supervisors can assign any workflow user as proxy
  • created a way to determine segregation of duties when applying Banner user classes and in particular objects (requester must explain why they are requesting access that violates the segregation of duty conflicts)

Business Decisions

  • Authn
    • Banner INB
    • Enterprise LDAP
  • user creation
    • used workflow

Workflow Setup

  • workflows can not span orgns but a workflow can initiate a workflow in another orgn
  • TIP – design your workflow around your orgn not around Banner modules

Roles

  • System Administrators = IT Staff
  • Business Analysts = IT Staff, Banner Coordinators
  • Request Approvers = supervisors
  • HR Employee = Human Resources staff
  • Banner Coordinators
  • Business Affairs Director
  • Account Creator = DBA
  • eBAR Admin

Demo … run through Banner Self Service and Banner Workflow

Challenges

  • modeler hangs when trying to validate model – had to reduce the number of activities in the model by moving processing to dB procedures, save results in temp tables, etc
  • mapping external event parameters to workflow model – load all 30 parameters into a temp table before event fires, map one parm  to find others
  • using javascript in custom activities – use a dbproc to gen javascript
  • custom activity forms are very limited – create a custom activity with only a few text areas, use a dbproc and javascript to create the functionality

Lessons Learned

  • design for easy maintenance – making changes to the Workflow model can be tedious – put as much into dbprocs to keep model simple
  • design for user friendliness – generate HTML view to display over the Workflow form, use drop down menus and checkboxes, dynamically create these menus and checkboxes

SGHE Summit – An Efficient Means for IT Planning

 conference, it governance, strategic planning  1 Response »
Apr 272010
 

An Efficient Means for IT Planning – Aims College

Andria Brabo – andria.brabo@aims.edu, Dr Gary Bardsley gary.bardsley@aims.edu

  • used project portfolio planning process – using Word Docs and a Wiki to coordinate projects across a small IT shop of 26 people.

Challenges

  • lack of communication
  • staff turnover
  • project managers making promises without checking with implementers
  • cross platform – Mac vs PC

Approach

  • create a PPP document that articulates the dependencies and deliverables required from each area to make the project a success
  • looks to me like a blend of project plan and project charter
  • the PPP held the teams accountable
  • if the project requires more than one dept then you need to create a PPP
 Older Entries  Newer Entries

Switch to our mobile site