BCNET IDM Workshop – Past, Present and Future of IDM

Mike Shore, Sabrina da Silva and Oscar Shen

Past – Mike

• Banner ERP used for Student and Staff information = Source of Record
• leveraged Novell eDirectory Identity Vault using Novell Identity Manager product
• Blend of custom scripts, Novell IDM and Luminis Integration to provision identities
• Due to problems with Novell IDM not allowing groups with more than 5000 members, BCIT had to drop using Novell IDM and migrated to use custom scripts

Present

• Banner ERP used for Student and Staff information = Source of Record
• Focus on using Active Directory as the main source for Authentication for applications – approximately 800K accounts in AD
• the custom scripts written in FoxPro to load AD

Banner Business Processes – Sabrina

• roles Staff, Faculty, Student, Guest
• groups created in AD – current employee, current instructor, current student, current guest
• discussed how groups in AD are used

Central Authentication Services / Web SSO – Oscar

• BCIT heavily leverages CAS to secure web applications
• BCIT’s implementation of CAS is only used for AuthN, it just transfers a password back to the application so it can do the AuthZ against our AD
• CAS is used to secure Web Pages, iTunes University, MSDN AA download site

Future – Mike

• use Banner Enterprise Identity Services to replace the custom scripts
• BCIT has a phased approach to moving BCIT’s IDM strategy forward (see the slide deck)

Related posts:

1. BCNet IDM Workshop – Primary Candidates for Identity Stores @TRU
2. BCNet IDM Workshop – Identity and Access Managment @ UBC
3. BCNET IDM Workshop – Oracle IDM
4. BCNET IDM Workshop – BC Campus IDM Initiatives
5. BCNet IDM Workshop – SFU LDAP, CAS, Shibboleth and OpenRegistry (Oh My!)