Identity Management: The Legacy and Real Solutions MIIS Implementation.
-
Upload
andrew-elliott -
Category
Documents
-
view
226 -
download
0
Transcript of Identity Management: The Legacy and Real Solutions MIIS Implementation.
![Page 1: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/1.jpg)
Identity Management:
The Legacy and
Real Solutions
MIIS
Implementation
![Page 2: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/2.jpg)
Copyright @ 2007Washington State UniversityThis work is the intellectual propertyOf WSU. Permission is grantedfor this material to be shared fornon-commercial, educationalpurposes, provided that this copyright statement appears on the reproduced materials andnotice is given that the copyingis by permission of the copyrightowner. To disseminate otherwise or to republish requires writtenpermission.
![Page 3: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/3.jpg)
Implementation Approach
• Define the project
![Page 4: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/4.jpg)
Implementation Approach
• Define the project
• Build the team
![Page 5: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/5.jpg)
Implementation Approach
• Define the project
• Build the team
• Training
![Page 6: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/6.jpg)
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
![Page 7: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/7.jpg)
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
• Plan the design
![Page 8: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/8.jpg)
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
• Plan the design
• Coding
![Page 9: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/9.jpg)
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
• Plan the design
• Coding
• Getting help
![Page 10: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/10.jpg)
Define the project
• Why are we doing this
![Page 11: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/11.jpg)
Define the project
• Why are we doing this
• What directories are involved
![Page 12: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/12.jpg)
Define the project
• Why are we doing this
• What directories are involved
• Who is the custodian of the data
![Page 13: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/13.jpg)
Define the project
• Why are we doing this
• What directories are involved
• Who is the custodian of the data
• Which product to use
![Page 14: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/14.jpg)
Training
• MIIS training: Oxford Computer Group viaSQLSoft+
![Page 15: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/15.jpg)
Training
• MIIS training: Oxford Computer Group viaSQLSoft+
• Beginning and Advanced classes
![Page 16: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/16.jpg)
Determine extent of the project
• Break the project into manageable pieces
![Page 17: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/17.jpg)
Determine extent of the project
• Break the project into manageable pieces
• Start with a simple beginning
![Page 18: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/18.jpg)
Determine extent of the project
• Break the project into manageable pieces
• Start with a simple beginning
• Revise the plan after the first phase
![Page 19: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/19.jpg)
Planning
• One authority: the Metaverse
![Page 20: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/20.jpg)
Planning
• One authority: the Metaverse
• Need unique ID
![Page 21: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/21.jpg)
Planning
• One authority: the Metaverse
• Need unique ID
• Which directories contribute to the MV
![Page 22: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/22.jpg)
Planning
• One authority: the Metaverse
• Need unique ID
• Which directories contribute to the MV
• Which directories draw from the MV
![Page 23: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/23.jpg)
![Page 24: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/24.jpg)
Design and Planning Worksheets
• Utilize the MIIS 2003 Sample Worksheetshttp://download.microsoft.com/download/9/e/0/9e0c929d-10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc
![Page 25: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/25.jpg)
Connected Data Sources
Prepared By Date
Management Agent Type
Connected Data Source
Owner
Contact (who can change)
Backup and restore policy
Security Issues
All connection and container details appropriate for this MA type
INSTRUCTIONS: Complete one data sheet for each connected data source in the solution. Include a row for each object. Do not include objects that are not part of your solution. List all objects in the specified connected data source that represent any real-world objects.
Name Unique ID Notes and Other Policies
![Page 26: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/26.jpg)
Included Attributes
Prepared ByDate
Management Agent
Connected Data Source Object
INSTRUCTIONS: Complete one data sheet for each object in the connected data source directory. List all appropriate attributes. Include a row for each attribute, and leave out those attributes that are not appropriate. For those attributes that are required to follow from the metadirectory to the connected data source, complete the Outbound Attribute section of the table.
Inbound Attribute Outbound Attribute
Name Data Type
Multi-
Values
Y/NContent
Structure Outbound Y/NRequires
Validation Y/N
May be Overwritten
with Null Y/NBusiness
Justification
Quality and
Precedence Notes
Notes
![Page 27: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/27.jpg)
Outbound Attribute Flow
Management Agent Date
INSTRUCTIONS: Complete one worksheet for each object in the solution. List all outbound attributes Fill out one worksheet for each connected data source. Map each metaverse attribute to a data source attribute in the outbound attribute flow.
Connected Data Source Attribute Metaverse Attribute
Name Validation Transformation Name(s)Considerations orPolicies Needed
![Page 28: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/28.jpg)
Design and Planning Worksheets
• Utilize the MIIS 2003 Sample Worksheetshttp://download.microsoft.com/download/9/e/0/9e0c929d-10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc
• Keep them up to date
![Page 29: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/29.jpg)
Design and Planning Worksheets
• Utilize the MIIS 2003 Sample Worksheetshttp://download.microsoft.com/download/9/e/0/9e0c929d-10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc
• Keep them up to date
• Consider the Oxford Computer Group’s Documentorhttp://www.oxfordcomputergroup.com/
![Page 30: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/30.jpg)
Metaverse attributes
Attribute Connector space
WSUEduEmailAddress Manual precedence used
Imported using AD Update from user object using a custom flow rule called mail which uses mail, msExchHomeServerName.
Imported using UPStest from organization object using a custom flow rule called UPSmail which uses mail.
Exported to user.mail using AD Update using a custom flow rule called mail
![Page 31: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/31.jpg)
case "StudentPhone":try { if (csentry["STUDENT-PHONE"].IsPresent) { string stdtphone2 =
csentry["STUDENT-PHONE"].Value; if (stdtphone2 != "UNLISTED") mventry["StudentPhone"].Value =
csentry["STUDENT-PHONE"].Value; } } catch (Exception e) { Logging.LogException(e, "ADW832SQL MA import
StudentPhone", mventry["WSUNID"].Value, true); } break;
![Page 32: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/32.jpg)
Coding
• Settle on a language within the group C# or VB
![Page 33: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/33.jpg)
Coding
• Settle on a language within the group C# or VB
• One person on a Management Agent
![Page 34: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/34.jpg)
Phase 2 - Groups
![Page 35: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/35.jpg)
Phase 2 - Groups
• Active Administrative Professional, Appointed Faculty, Admitted Graduate Students,Enrolled Undergraduate Students, etc, etc,
![Page 36: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/36.jpg)
Phase 2 - Groups
![Page 37: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/37.jpg)
Phase 3 - Provisioning
![Page 38: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/38.jpg)
Provisioning
![Page 39: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/39.jpg)
Gotchas
• Group Populator Takes a long time
![Page 40: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/40.jpg)
Gotchas
• Group Populator Takes a long time
7 days for 160,000 users and 19 groups
![Page 41: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/41.jpg)
Gotchas
• Group Populator Takes a long time Users can get separated
![Page 42: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/42.jpg)
Gotchas
• Group Populator Takes a long time Users can get separated Groups get disconnected
![Page 43: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/43.jpg)
Gotchas
• Group Populator Takes a long time Users can get separated Groups get disconnected Placeholders
![Page 44: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/44.jpg)
Gotchas
• Group Populator
• Provisioning
![Page 45: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/45.jpg)
Gotchas
• Group Populator
• Provisioning Can only run one provisioning agent at a time
![Page 46: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/46.jpg)
IMVSynchronization[] myMVDlls; string PREFIX = "MVExtension";
void IMVSynchronization.Initialize() {
string[] fileNames = Directory.GetFiles( Utils.ExtensionsDirectory, PREFIX + "*.dll");
int numFiles = fileNames.Length;
![Page 47: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/47.jpg)
Gotchas
• Group Populator
• Provisioning Can only run one provisioning agent at a time Sun requires additional care
![Page 48: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/48.jpg)
Container = ",ou=People,o=wsu.edu";CN = mventry["cn"].Value;RDN = "uid=" + CN + Container;if (0 == Connectors){
ValueCollection oc; oc = Utils.ValueCollection("top"); oc.Add("account"); oc.Add("pipuserinfo"); oc.Add("organization"); DN = ManagementAgent.CreateDN(RDN); csentry = ManagementAgent.Connectors.
StartNewConnector("organization", oc); csentry.DN = DN; csentry["o"].Value = "wsu.edu"; csentry.CommitNewConnector();}
![Page 49: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/49.jpg)
Gotchas
• Group Populator
• Provisioning
• Not real time…for us…
![Page 50: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/50.jpg)
Disaster Recovery
• SQL backup of data
![Page 51: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/51.jpg)
Disaster Recovery
• SQL backup of data
• Keep the key secure
![Page 52: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/52.jpg)
Disaster Recovery
• SQL backup of data
• Keep the key secure
• Backup of the Visual Studio source
![Page 53: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/53.jpg)
Futures
• We plan on doing deprovisioning next
![Page 54: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/54.jpg)
Futures
• We plan on doing deprovisioning next
• Replacing the Core Programs
![Page 55: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/55.jpg)
Futures
• We plan on doing deprovisioning next
• Replacing the Core Programs
• Provisioning to directories in other units
![Page 56: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/56.jpg)
Help
• MIIS Experts pagehttp://www.miisexperts.org/
![Page 57: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/57.jpg)
Help
• MIIS Experts pagehttp://www.miisexperts.org/
• Technet Forum http://forums.microsoft.com/technet/
![Page 58: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/58.jpg)
Help
• MIIS Experts pagehttp://www.miisexperts.org/
• Technet Forum http://forums.microsoft.com/technet/
• Users Grouphttp://www.microsoft.com/communities/newsgroups/
![Page 59: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/59.jpg)
Help
• MIIS Experts pagehttp://www.miisexperts.org/
• Technet Forum http://forums.microsoft.com/technet/
• Users Grouphttp://www.microsoft.com/communities/newsgroups/
• MS Tech·Ed Presentations
![Page 60: Identity Management: The Legacy and Real Solutions MIIS Implementation.](https://reader034.fdocuments.net/reader034/viewer/2022051315/56649e4e5503460f94b459bb/html5/thumbnails/60.jpg)
The Team
• Diane Dickinson ([email protected])
• Wanda Zeng ([email protected])
• Dean Guenther ([email protected])
• Many, many others….