IAM EXECUTIVE STATUS DASHBOARD | Nov. 21, 2014 PROGRAM NARRATIVE KEY NO SIGNIFICANT CONCERNS SIGNIFICANT CONCERNS/RISKS; NEEDS IMMEDIATE ATTENTION RISKS IDENTIFIED; MITIGATION FEASIBLE AND UNDER REVIEW MAJOR RISKS TO DELIVERABLES/ MILESTONES; NO PLAN YET EXECUTIVE ATTENTION NEEDED Accomplishments include official Bronze certification from InCommon; completion of identity APIs in support of the SIS strategic initiative and Alumni provisioning; and delivery of a finalized Alumni data model. Additional effort to complete HMS provisioning has been identified; see right for details. IAM analysts will assist HMS with discovery while shifting IAM developer focus to FAS onboarding. Upon completing PI-1, the team met Nov. 20 to begin planning the next 12-week effort, which will focus on continuing Alumni provisioning and beginning analysis and implementation for FAS provisioning. Issue: HMS provisioning requirements and business rules require additional research. Description: Additional analysis and exploration are required to properly understand the HMS provisioning codebase. Mitigation: In partnership with HMS, IAM will provide additional technical analysts to work in conjunction with HMS teams to review the current HMS codebase and document requirements for SailPoint IIQ provisioning. The additional effort is projected to take 3-4 months. CRITICAL SUCCESS FACTORS Executive Sponsorship Transition Planning Budget Planning • Executive Committee to review and consider proposed changes to the IAM Program Plan for the Provisioning project • Program has joined TIER and has committed to active participation in evolving identity and access management practices for the higher-ed community • PI-1 demo scheduled for 10 a.m. Dec. 2 • Interviews and knowledge transfer with cross-functional team to inform new release and transition process • Quick win: Release calendar that announces upcoming events via email • Signing SOW by Dec. 1 with El El See to consult on DevOps in the cloud • Identified $25,000 to participate in TIER for the next three calendar years Resource Planning Community & School Engagement Cross-Program Collaboration • New staff: Matt Mazer (Transition Manager), Usman Mutawakil (Associate Software Engineer) • Final state of candidate selection for QA position • Continued work with PIN3 web gate owners to meet Dec. 22 migration deadline • Initiated periodic IAM program email updates to stakeholders (via Salesforce) • HMS requirements gathering underway; discovery meetings being held with HSPH, HLS, and HKS • Schedule for SEAS O365 migration defined, with work underway • Revived bimonthly cross-program planning meetings with Collaboration • With UC, developing a joint plan to onboard FAS into O365 PROJECT PLAN SUMMARY, STATUS, AND MILESTONES KEY 2014 PROGRAM PROJECT STATUS NEAR-TERM MILESTONES Q1 Jan Provisioning Jan: Improve experience for IIQprovisioned end users by providing selfOn track to complete Alumni service portal for completing onboarding commitment for PI-1: Database and setting account passwords. changes and data migration method Feb: Improve experience for IIQdefinition. provisioned end users by giving them the ability to change and reset passwords. Feb Q2 Mar Apr May Nov Dec Jan Feb Q2 Mar Apr May Jun Jul Aug One-Way Fed No near-term milestones. No near-term milestones. Dec: Decommission PIN3 to improve user experience, simplify support, and save costs. Feb: Support Alumni user authentication. SIS Wave 0 release completed; SIS team can now use IAM API to read and write user data. July: Enable SIS to benefit from IAM data by granting data access in production. July: Make authorization admin tasks easier by enabling creation of user groups. External Directories No near-term milestones. No near-term milestones. Expanded Provisioning FIM/IdDB sync for HMS O365 migration in final P-1 (stage) testing; will move to prod at end PI-1. No near-term milestones. On track to complete POC for IdDB in the cloud by end PI-1, and deploy a new Harvard LDAP to P-1 environment for IAM team use. Feb: Move LDAP to the cloud, saving costs and improving performance. Feb: Migrate PIN to the cloud, keeping it current with other IAM infrastructure improvements while reducing costs. Sep Oct Nov Q1 Dec Jan Feb 2017 Q2 Mar Apr Q3 May Jun Jul Aug Q4 Sep Oct Nov Q1 Dec Sponsored Account Self-Service Jan Feb Q2 Mar Apr May Identity Analytics & Risk Assessment Expand Provisioning Targets Decommission Waveset idP Functionality for New Targets InCommon Bronze Self-Certification Preparation (AD, PIN/CAS) Automation of Internal Partner Configuration External Partner Enhanced idP Functionality for Privacy Federation for Hospitals New Cloud LDAP (HU and AUTH LDAP) LDAP Functional Enhancement LDAP Attribute Expansion Decommission FAS AD AD Migration (FAS/Central) Identity APIs LDAP Security Update Application Registration All customers scheduled to move off PIN3 by end 2014: 52% already retired. Q4 FIM Replacement for O365 idP Functionality Expansion No near-term milestones. July: Reduce the risk profile for all users by truncating SSN, ensuring that this PII is no longer stored in places where it is not absolutely needed. NOT STARTED PIN/AD Credential Management No near-term milestones. Identity Access No near-term milestones. Governance UNDER DEVELOPMENT 2016 Q3 Alumni App Portal Cloud Migration Oct Account Claiming Self-Service Feb: Boost convenience for HUIT dev LDAP Updates (HU/Auth) teams that interact with IAM data by UUID Enhancement providing a data-layer web service interface that supports searching, user create/ update, and a variety of read operations. Authorization Enhancements Sep Foundation Waveset SIS team working with v.1 of FindPerson API; on track to begin use in Production Nov. 22. Authentication Enhancements Aug Q1 Expansion (Office 365) Jan: Maintain InCommon Bronze certification by improving the encryption level for Harvard’s IdP. Directory Services Jul Q4 Readiness InCommon Bronze self-certification application approved, with team committed to enhancements required to maintain certification. Federation 2015 Q3 Jun RELEASE COMPLETED Dev Sandbox Release Federation Updates Application Usage Statistics IAM Reference Implementations OWF Onboarding for HBS Program-Level KPI Reporting IAM Service Usage & Access Reporting IAM External-Facing Website Metric Dashboard School-Level KPI Reporting Refine Privacy Protocols SSN Truncation Business Intelligence Tool Set Decommission PIN3 Identity Proofing CAS Bridge Adaptive Access Multifactor Authentication SIS Wave 0 Bring Your Own Identity Connections Update Expand Groups Coarse-Grained Authorization Expose LDAP Directory Data Yellow Pages Improvements Connections UI Improvements FIM Support New Cloud LDAP Connections Migration Desktop & Mobile Native Applications SIS Wave 2 Group Management Cloud Architectural Reference Model Automated Alerting and Monitoring Retire Old LDAP Authenticable Credentials for Machines PIN/CAS Migration IdDB Migration and Database Export/View Migration Phonebook & Public LDAP Cloud Migration Self Service Migration MIDAS Migration SailPoint Migration Jun IAM EXECUTIVE STATUS DASHBOARD | Nov. 21, 2014 KEY NO SIGNIFICANT CONCERNS SIGNIFICANT CONCERNS/RISKS; NEEDS IMMEDIATE ATTENTION RISKS IDENTIFIED; MITIGATION FEASIBLE AND UNDER REVIEW MAJOR RISKS TO DELIVERABLES/ MILESTONES; NO PLAN YET STRATEGY AND PLANNING: TOPICS & TREND LINES PI-1 is scheduled to end Dec. 3. Team expects to complete work on 15 of the 17 features originally proposed. Key accomplishments include FIM development to support HMS Office 365 migrations, work to support migration and onboarding of Alumni users (database and API), and meeting customer-driven deadlines for work to support SIS, PeopleSoft, and Unified Communications (“AD Lockout”). For PI-2, which ends in late Feb. 2015, the team has prioritized additional development for Alumni and FAS self-service and execution of data migration, retirement of database-related tech debt, analysis and discovery for HMS, and an ongoing commitment to meet customer-driven timelines for external teams and applications. Schedule Budget Scope Reporting Staffing Community Outreach Release Management FUNCTIONAL STATUS: TOPICS & TREND LINES Two additional releases to SailPoint IIQ added features welcomed by the UC team and Support Services. Testing with PeopleSoft and SIS is complete, with production deployment imminent. HMS Office 365 provisioning using FIM and the IdDB Sync process are now in pilot after a period of comprehensive testing. Customers continue to retire PIN3 web gates, and we are on track for retiring PIN3 at the end of December. The requirements analysis template for school onboarding with provisioning has been posted. Outreach to schools and programs to refine our program planning projections continues, particularly with HMS. The next PI will focus on account management and provisioning for Alumni and FAS. Policy Governance Service Support Documentation Requirements Assessment Service Definition Quality Assurance Service Transition TECHNICAL STATUS: TOPICS & TREND LINES The team has delivered the FindPerson/Create ID API that enables SIS go-live with Wave 0. We are also making significant progress to support the Alumni release by delivering an API that enables Alumni to import and maintain their user population with us. The team has also created a new Harvard LDAP instance for storing credentials for all new and existing populations, including Alumni, in addition to building a first version of the account management application for Alumni to allow their users to onboard. All of these have been deployed to the cloud, and will be used by all Schools we onboard in the future. Finally, the FIM/IDDB Sync work used for HMS O365 migration is undergoing final testing in P-1 (stage) before being moved into production. Identity Management Cloud Migration Access Management Infrastructure Directory Services Data User Experience COMMUNITY OUTREACH: HARVARD UNITS & TREND LINES Development work with Alumni is progressing very well. SEAS and HMS are moving through planning. Holding ongoing discovery meetings with HKS, HLS, and HSPH. Presented on behalf of IAM at HR Directors, CAIT, and FAS IT Managers meetings. Attended Dreamforce conference to boost skill set for ongoing Salesforce ramp-up. Coordinating communications with PIN3 and PIN/Shib app owners for end-of-year termination and/or changes. Coordination with UC continues to be problematic, with recent surfacing of VoIP issue. Faculty of Arts and Sciences Graduate School of Design 2000 Graduate School of Arts and Sciences Graduate School of Education Harvard Business School School of Engineering & Applied Sciences Division of Continuing Education Kennedy School of Government Harvard School of Dental Medicine Harvard Divinity School 1700 1700 1700 1400 1400 1400 1100 800 500 1100 800 IAM Incidents as Percent of Total 7 6 1100 800 7 6 7 5 5 5 4 4 3 3 3 2 2 2 500 500 0 Oct Nov OctDec Nov Oct Jan Dec Nov Feb Jan Dec Mar Feb Jan Apr Mar Feb May Apr Mar Jun May Apr JulJun May Aug Jul Jun Sep Aug Jul Oct Sep AugOct Sep Oct 13 13 1314 14 14 1700 1800 17 SIS 1600 16 TLT 1500 15 Unified Communications 1400 14 Other HUIT Departments 1300 13 1200 12 Feb 14 6 Alumni Affairs 5 5 Campus Services 4 4 3 3 2 2 1100 1100 FSS Harvard Medical School 800 800 Human Resources 1 500 Oct Nov Oct Dec Nov Jan Dec Feb Jan Mar Feb Apr Mar May Apr Jun May Jul Jun Aug Jul Sep Aug Oct Sep Oct 13 14 13 14 0 1 0 Oct Nov Oct Dec Nov Jan Dec Feb Jan Mar Feb Apr Mar May Apr Jun May Jul Jun Aug Jul Sep Aug Oct Sep Oct 13 14 13 14 1700 1700 1600 1600 1600 1500 1500 1500 1400 1400 1400 1300 1300 0 0 1200 Oct Nov OctDec Nov Oct Jan Dec Nov Feb Jan Dec Mar Feb Jan Apr Mar Feb May Apr Mar Jun May Apr JulJun May Aug Jul Jun Sep Aug Jul Oct Sep AugOct Sep Oct 13 13 1314 14 14 1200 Feb 14 1200 Mar Feb 14 Monthly Provisioning Transactions 80000 640000 640000 630000 630000 610000 Apr Mar Feb 14 We expect a reduction in IAM incidents over time as a percentage of total ServiceNow incidents. In October, 80000 80000 80000 we checked in at under 5% for the first time. May Apr Mar Jun May Apr May Jul Jun Aug Jun Jul Sep Aug Jul Oct Sep Aug Nov Oct Sep Nov Oct Nov Registered Registered Applications Registered Applications Applications IAM Percentage IAM Percentage IAM ofPercentage Totalof Totalof Total 70000 70000 70000 Total Identities in SailPoint IIQ 620000 620000 1 60000 60000 60000 IAM Percentage of Total of Total IAM Percentage 650000 650000 1800 1300 1 Account Account Management Account Management Management Help Desk HelpRequests Desk HelpRequests Desk Requests 640000640000640000 18 1700 6 Harvard Law School Total Authentication Services Registrations 1800 6 4 1 Aside from academic-year cyclical trends, we expect a decline in requests as self-service functionality is 650000650000650000 introduced, offset by the increase in user population. 1800 Account Management Help DeskHelp Requests Account Management Desk Requests Account Management Help Desk Requests 1700 7 Registrars 1400 KEY PERFORMANCE INDICATORS 2000 2000 1700 Harvard Library 7 Radcliffe Institute for Advanced Study 1400 500 2000 Harvard School of Public Health 2000 Number of registrations is expected to fluctuate over time based upon new applications added and removal of unused 10 10 applications. 10 9 9 9 8 8 8 610000 600000 600000 July 14 Aug July 14 Sep Aug Oct Sep Nov Oct Dec Nov Number of Identities Number of Identities The number of identities illustrated will increase over time as migration from Waveset to SailPoint IIQ progresses. Dec 80000 70000 70000 60000 60000 50000 50000 40000 40000 30000 30000 20000 20000 10000 10000 0 Feb 14 0 Mar 14 Feb Apr Mar May Apr Jun May July Jun Aug July Sep Aug Sep Deprovision (IIQ) Create/Update (IIQ) Deprovision (IIQ) Create/Update (IIQ) Deprovision (WS) Create/Update (WS) Deprovision (WS) Create/Update (WS) Distribution of provisioning transactions is expected to shift from Waveset to SailPoint IIQ over time, with outlier data points due to bulk migrations.
© Copyright 2024