OIT has undertaken a project to update and remediate deficiencies in its Identity Management service by replacing the legacy Sun Identity Manager product with the Oracle Identity Management Suite product.
Active IT Project
OIT will update and remediate deficiencies in its Identity Management (IdM) service by replacing the legacy Sun Identity Manager product with a new solution using the Oracle Identity Management Suite product. The work will be done in collaboration with UIS (University Information Systems), UCD (University of Colorado at Denver), and UCCS (University of Colorado at Colorado Springs).
- Enhanced workflows for managing persons, affiliations, users, entitlements, accounts and resources associated with identity management.
- Simplification of the login process, including a reduction of the number of login processes and passwords required.
- Simplification of the authentication and authorization process.
- Enhanced auto provisioning and deprovisioning based upon business roles, including a reduction in time required.
- Enhanced information regarding populations at all CU campuses and UIS.
- Ability to obtain a complete view of a university person, including affiliations and access privileges.
- Achievement of a shared service model implementation with university partners.
- Established process for “on-boarding” new services to be provisioned.
A summary of the current project status can be obtained on the Project Portfolio page.
The project has completed phase I, which included the following milestones:
- No changes to existing SunIdM (CUIdM) interface for end-users
- Parallel creation of primary accounts on IdM and OIM
- Parallel creation of non-primary (aka secondary) accounts on IdM and OIM
- Persistent search will capture LDAP changes made by IdM and update OIM
- IdM continues to provision existing LDAP environment
- OIM provisions OUD (which uses the new LDAP schema)
Phase II is underway and includes the following milestones:
- Account management fully performed and supported within OIM
- Replace Uniquid with a combination of AD authentication and Grouper authentication
- Replace MIT Kerberos with AD Kerberos
- Replace SelectAccess with a combination of Grouper and Shibboleth
- Account connectors for AD and Google
Estimated Target Dates:
- Phase I - 10/31/16
- Phase II - 9/1/17
- Phase III - TBD
Contact the project manager (David Normann) for additional information regarding plans for subsequent phases.