...
Short Management-Level Use Case Description of Your Project
At Oregon State, we see our outreach to and engagement with the state Oregon as critical to our mutual success. That outreach effort is growing through traditional and newer digital means. Each year we see increased demand to provide access to systems and technology as part of our outreach.
Our current “entity registry” exists in Banner and does not easily facilitate the creation of identities and accounts for anyone outside of our traditional population of students, employees, and campus associates. The current architecture is a significant barrier to meeting the needs of the institution and our mission. We do not adequately serve our 13,000 trained extension volunteers, the 9,000 people who participate in our Professional and Continuing Education (PACE) programs annually, parents of students, or the public at large.
The Identity & Access Management department developed a solution utilizing social logins and Cirrus Identity’s Gateway product for our PACE students. This is a point solution and struggles to expand as we add additional technology to the course delivery ecosystem. Because the identities exist only within the vendor proprietary PACE system, additional system integrations are challenging.
Other systems that require logins from extended populations have implemented their own local login solutions. It is difficult for users to interact with Oregon State across multiple systems. For example, if you are a parent of a current student, you need register separate local account credentials for access to tuition bills and adding money to student dining plans. Assistance in resetting passwords on each system require you to contact separate support organizations.
...
The implementation of a stand alone entity registry is a key component to the overhaul of OSU's IAM infrastructure. It is step one in a longer term project to expand the account base that we support.
We plan to implement the TIER midPoint entity registry and populate it from our existing systems of record. Scope details for outbound provisioning will be determined during the fall term scoping.
Expected Deliverables:
- Scope midPoint project – Fall term 2017
- Deploy midPoint development environment environment – Winter term 2018
- Feed data from Banner to midPoint - Winter-Spring terms 2018
Scope
Implement midpoint as an Entity Registry for OSU.
Excluded from Scope
Significant changes to existing IAM infrastructure for Grouper and Shibboleth.
Key Stakeholders
| Sponsor | Erica Lomax, Director, Identity & Infrastructure |
| Campus Success Program Contact(s) | Erica Lomax, Director, Identity & Infrastructure, erica.lomax@oregonstate.edu |
| Communications contact | [name, title, contact information] |
| Project manager | [name, title] |
| Project team members | Andy Morgan, Identity & Access Management, Information Services Josh Zojonc, IT Infrastructure, Information Services Stacy Brock, Infrastructure Integrations, Information Services |
| Deployment Partners/Contractors | Unicon |
...
The IAM team is currently working on adding nodes of Shibboleth IdP and LDAP into AWS for redundancy and resiliency of our SSO environment. This project will complete in fall term 2017.
IdP Proxy
Through the fall of 2017, Oregon State will install and configure an IdP proxy. We currently provide social logins for our Professional and Continuing Education (PACE) students through Cirrus Identity’s Gateway product. A recently acquired software for course delivery provides only a single SAML configuration, so a proxy will allow all students access to the resources. The evaluation of purchased versus in-house built solutions is required before the technology direction is decided.
...