IAM PI-14 Underway - Sprint 1 Complete
Identity and Access Management has begun the 14th consecutive quarter of planning and commitments. This quarter we have committed to 17 items across 4 categories: Customer Commitments (5 items), Stability (5 items), Cloud (4 items), and Stability (3 items). Sprint 1 is now complete and included the deployment of an upgrade to a key Authentication component IDP. Further details are as follows:
Changes to Commitments in Sprint 1
- In Progress items (8 commitments)
- O365 Self Service Opt-In Stabilization for Students
- Improvement for Authentication (CAS Server)
- IAM Database to the Cloud
- Authentication Environment Updates
- Provision HU-LDAP branch
- AuthLDAP branch to Unified LDAP (SHA-1 only)
- Optimize IIQ deployments (Cloud Formation templates)
- IIQ Upgrade
The full list of Commitments and status below:
# | Q'4 Posture | Feature | Value Statement | Due | Status | Category |
1 | Carryover | Improvement for Authentication (IDP) | Upgrade a core component of Authentication infrastructure | 4/18 | Complete | Stability |
2 | Commit | O365 Self Service Opt-In Stabilization for Students | Ensure smooth rollout and adoption of newly released Office365 opt-in feature | In Progress | Customer Commitment | |
3 | Commit | Improvement for Authentication (CAS Server) | To allow decommissioning of Auth-LDAP servers application registrations must move to a new branch in Unified LDAP | 5/3 | In Progress | Stability |
4 | Commit | IAM Database to the Cloud | Successfully move all write applications to point to IAM Database in the cloud. | 6/1-3 | In Progress | Cloud |
5 | Commit | Authentication Environment Updates | To support server decommissioning, provide enhanced services, and modernize technologies determine a strategy to upgrade Auth infrastructure this Fiscal Year | In Progress | Improvement | |
6 | Commit | Provision HU-LDAP branch | To allow decommissioning of HU-LDAP servers IIQ must provision a new branch in Unified LDAP | In Progress | Cloud | |
7 | Commit | Provision a group to University AD for Papercut application | Enable the FAS printing service (Papercut) migration before June 15 2018 | To do | Customer Commitment | |
8 | Commit | AuthLDAP branch to Unified LDAP (SHA-1 only) | To support ITS' autoreg application move the AuthLDAP user branch from legacy host to new Unified LDAP | In Progress | Cloud | |
9 | Commit | Optimize IIQ deployments (Cloud Formation templates) | Establish a more automated deployment process for IIQ to reduce operational risk during deployment. | In Progress | Improvement | |
10 | Commit | Deprovision users in University Active Directory using grace and speration rules | Support email short-term Out of Office message for separated users. Ensure security with the cleanup of permissions on accounts. | To do | Customer Commitment | |
11 | Commit | Provisioning access for users who are Withdrawn, Not Registered and Leave of Absence | Automates enforcement of FAS On-Leave Policy for extended access to accounts and services. | To do | Customer Commitment | |
12 | Commit | IIQ Upgrade | Ensure ongoing vendor support and lay the foundation for improved core provisioning functionality and feedback, such as tightly interacting with 0365. | In Progress | Stability | |
13 | Commit | Review and Address HK Self Service user improvements | Ensure all users can interact with all site functionality effectively. | To do | Customer Commitment | |
14 | Commit | DUO update user alias and user information from HarvardKey self-service | Expand the set of usernames to enable two factor authentication for other services like O365 | To do | Stability | |
15 | Commit | Scramble (or lock) Students who didn't enable MFA | Finish the last population of users | To do | Stability | |
16 | Commit | Move XID schema to the Cloud | As part of IAM commitment to move our IAM Database to the cloud, the XID application will be the first to write directly to the Cloud RDS instance in Production. | To do | Cloud | |
17 | Commit | Work with Security to define the OU provisioning strategy for UNIVAD for future implementation | Define a future model that will meet University AD needs in a scalable and secure fashion | To do | Improvement | |
18 | Commit | Grouper does not include people when an active role is added, if person had no prior active roles | Mitigates group membership integrity issue. Prevents seemingly random people from not accessing applications and un-needed time spent supporting these instance | To do | Stability |
Operational Statistics
Sprint | Harvard Keys Claimed | # Changes Processed | Application Onboarding | Service Now Tasks | # Tickets Updated | # Tickets Resolved | # Tickets Open | Duplicate / Overwritten IDs | Priority 1 & 2 Incidents | |||||||
In-Flight | Completed | In-Flight | Completed | |||||||||||||
1: 4/13 - 4/24 | 1,885 | 7 | 14 | 8 | 14 | 20 | 1071 | 410 | 191 | 9 | n/a | |||||
2: 4/25 - 5/8 | ||||||||||||||||
3: 5/9 - 5/22 | ||||||||||||||||
4: 5/23 - 6/5 | ||||||||||||||||
5: 6/6 - 6/19 | ||||||||||||||||
6: 6/20 - 7/3 | ||||||||||||||||
Quarterly Total | 1,885 | 7 | - | 8 | - | 20 | 1,071 | 410 | - | 9 | 0 | |||||
Fiscal Year to Date (6/28/17 - now) | 44,530 | 194 | - | 154 | - | 350 | 22,949 | 11,330 | - | 222 | 22 | |||||