Transition to Oracle Identity Management (OIM)

Last Updated: 02/18/2019

Overview

OIT has undertaken a project to update and remediate deficiencies in its Identity Management service by replacing the legacy Sun Identity Manager product with the Oracle Identity Management Suite.

Project Status

Active IT Project

Project Manager

David Normann

Description

OIT will update and remediate deficiencies in its Identity Management (IdM) service by replacing it with a new solution using the Oracle Identity Management Suite. The work will be done in collaboration with UIS (University Information Systems), UCD (University of Colorado at Denver), and UCCS (University of Colorado at Colorado Springs).

Customer Benefits

  • Enhanced workflows for managing persons, affiliations, users, entitlements, accounts and resources associated with identity management.
  • Simplification of the login process, including a reduction of the number of login processes and passwords required.
  • Enhanced auto provisioning and deprovisioning based upon business roles, including a reduction in time required.
  • Enhanced information regarding populations at all CU campuses and UIS.
  • Ability to obtain a complete view of a university person, including affiliations and access privileges.
  • Achievement of a shared service model implementation with university partners.
  • Established process for “on-boarding” new services to be provisioned.

Project Updates

The project has completed phase I and II, which included the following milestones:

  • No changes to existing SunIdM (CUIdM) interface for end-users
  • Parallel creation of primary accounts on IdM and OIM
  • Parallel creation of non-primary (aka secondary) accounts on IdM and OIM
  • Persistent search will capture LDAP changes made by IdM and update OIM
  • IdM continues to provision existing LDAP environment
  • OIM provisions OUD (which uses the new LDAP schema)
  • Replace Uniquid with a combination of AD authentication and Grouper authentication
  • Replace MIT Kerberos with AD Kerberos
  • Replace SelectAccess with a combination of Grouper and Shibboleth
  • Implement account connectors for AD, Google, and REST API messaging queue

Final phase

OIT is currently completing the transition to IdentiKey Manager. This includes:

Contact us

If you have questions about this project, please contact the IT Service Center at help@colorado.edu or call 303-735-4357 (5-HELP from a campus phone).