New solution for Identity Management
Novell identity Manager takes care of standardized and automated process sequences in user and authorization administration for our customer, the Universität Kassel
The administration and provisioning of ca. 30,000 user and group information for a wide variety of target systems was in the past organized by the IT Service Center (ITS) of the University of Kassel with a self-developed IDM system. Since it no longer made sense to continue development on the system for economic reasons, those responsible at the ITS at the end of 2009 decided to commission Peak Solution with the planning and introduction of a new solution for identity management.
The objective was to further standardize and automate the processes of user and authorization administration, which had become very diverse. Paper-based processes were to be replaced by an electronic application and approval procedure, and decision-making competencies to be moved to the departments responsible. It was also the intention to structure user passwords and mail addresses on the basis of predefined policies and according to a uniform pattern.
In view of further requirements, for example with respect to access management and public key infrastructure (PKI) for the later addition of a federated web single sign-on or the reproduction of user hierarchies, the specialists from Peak Solution recommended a solution based on Novell products.
The basic version of the Novell Identity Manager provides a modern platform which, among other things, contains the Novell eDirectory as a central repository for identity data, as well as powerful components for user self service and delegated administration. This is supplemented by various integration modules for LDAP directories and mail systems (e.g. Exchange and Lotus Notes). With the Designer, the Novell Identity Manager in addition has a user-friendly dialog interface for the professional configuration of all connectors and workflows. The basic module is supplemented by the Roles Based Provisioning module, which contains the components for the mapping of application and approval workflows, role management and functions for the segregation of duties and recertification of assigned roles.
The product portfolio of Novell also offers a series of important components if the solution needs to be expanded at a later stage: The Novell Access Manager, for example, enables you to access Web applications and network resources, making control beyond technical and organizational borders possible.
During the implementation, consultants from Peak Solution first took care of setting up the central identity repositories and of the migration of data from the legacy system. Subsequently, the target systems Lotus Notes, Mail Service, Active Directory, Citrix Terminal Service, File Service and two other single sign-on services were connected to the Novell Identity Manager. As source systems for personal and organizational core data, SAP-HR, SAP-OM and SOSPOS were used. Whereas the employee and organizational structures of the University of Kassel are administrated in SAP-HR and SAP-OM, SOSPOS is an application of the company HIS for student management.
The user self service of the Novell Identity Manager was configured so that users can maintain certain identity data themselves and apply for authorizations as well as IT resources via a role catalog. After approval by the persons responsible, the required user data are automatically supplied to the respective target systems via corresponding connectors.
The entire planning and implementation of the project was done on the basis of the predecessor model PIA (Peak Identity Management Approach), which was developed by Peak Solution specifically to carry out identity management projects. PIA provides various best practices, checklists and templates, among other things, which provide selective support for the project team when creating specifications. Thanks to this, a high degree of productivity and quality is achieved in project work.
In the course of the 5-months project, the following beneficial effects were already achieved:
- Automation of time-consuming manual administration processes
- Enabling access to systems, applications and appliances according to requirements
- Cleaning up user data and eliminating orphaned accounts
- Password management and synchronization
- Maintaining security policies
- Simple and traceable application and approval sequences
After the system was successfully put into production in April 2010, Peak Solution has now taken over ongoing support services. Further project stages are already being worked on.
P +49 911 800927-70