CSU Identity Management Architecture
Identity Establishment
Processes
Identity
Verification
Vendors
Students
Adjuncts Contractors
Staff
Affiliates
Identity Gateways
Authoritative
Source for
Affiliation
Attributes
Alesco
Banner
Local
Application
Identity
Reconciliation
Temp Access
Identity Repositories
Rules
Evaluation of
Affiliation
Attributes
to group
identities
IGMS & Dynamic Rules
Management System
(DRMS)
User Interface
Operators Page
Dynamic Rules
Identity Data & Services
Identity, Group & Service
Data
Legacy Auth
Identity & Group Management
System (IGMS)
Management
Manual Groups
Suspensions
Account Activation
Password Mgt
Identity Data and
Groups Provisioning
Active Directory
Applications
Authentication
Complete
Enterprise
Identity
Reconciliation
Access
Control
Data
OpenLDAP
Shibboleth SSO
Authentication
Methods
Windows
Authentication
Direct LDAP Auth
Identity Management
Architecture
Legend
Data Entry or data load
Web-Methods Data flow
User Interface
Authentication confirmation
Div. Information Technology
Keywords: Identity, Acces s Control, Single Sign-On, Dynamic Rules,
Comp liance, PSI
DATE
Enterpris e Architecture
08/12/2015
AUTHOR
Kieran Fromholtz
VER
0.1
CSU Identity Management Architecture
Identity Verification
Gain appropriate level of confidence the identity is who they say they are
Affiliation Data Capture
Generating data that defines the persons relationship to CSU (e.g. Enrolment data)
Application-Based Identity Reconciliation
Comparing identities against existing application identities to identify and resolve Duplicates.
Identity Gateways
Identity Data Capture
Soliciting and storing attributes about a person in a System of Record
Procedural Activity
Application Function
Enterprise Identity Reconciliation
Comparing identities against all existing identities to identify and resolve Duplicates.
Group and Service Relationship Management
Linking groups to the Services they are permitted to access with a specific Role.
Manual Group and Service Management
Manually assign identities to groups and Services.
Service Suspension Management
Manage date-based suspensions of services for identities.
Identity Repositories
Automated dynamic groups
Allocate identities to groups based on Affiliation attributes .
Password Management
Manage aspects around passwords (e.g. Expiry, History, Account Activation, Password Reset).
OpenLDAP Accounts
Provisioned Account profiles.
Active Directory Accounts
Provisioned Account profiles.
Authentication
Single/Same Sign-on via various Authentication methods (e.g. Shibboleth, basic-auth & kerberos)
Access Control
Application Accounts
Provisioned Account profiles.
Identity Management
Architecture
Div. Information Technology
Keywords: Identity, Acces s Control, Single Sign-On, Dynamic Rules,
Compliance, PSI
DATE
Enterpris e Architecture
08/12/2015
AUTHOR
Kieran Fromholtz
VER
0.1