# IAM PI-14 Underway - Sprint 1 Complete April 25, 2018 Identity and Access Management has begun the 14th consecutive quarter of planning and commitments. This quarter we have committed to 17 items across 4 categories: Customer Commitments (5 items), Stability (5 items), Cloud (4 items), and Stability (3 items). Sprint 1 is now complete and included the deployment of an upgrade to a key Authentication component IDP. Further details are as follows: **Changes to Commitments in Sprint 1** - In Progress items (8 commitments) - O365 Self Service Opt-In Stabilization for Students - Improvement for Authentication (CAS Server) - IAM Database to the Cloud - Authentication Environment Updates - Provision HU-LDAP branch - AuthLDAP branch to Unified LDAP (SHA-1 only) - Optimize IIQ deployments (Cloud Formation templates) - IIQ Upgrade The full list of Commitments and status below: Sort **\#** **Q'4 Posture** **Feature** **Value Statement** **Due** **Status** **Catego**ry 1 Carryover Improvement for Authentication (IDP) Upgrade a core component of Authentication infrastructure 4/18 ***Complete*** Stability 2 Commit O365 Self Service Opt-In Stabilization for Students Ensure smooth rollout and adoption of newly released Office365 opt-in feature In Progress Customer Commitment 3 Commit Improvement for Authentication (CAS Server) To allow decommissioning of Auth-LDAP servers application registrations must move to a new branch in Unified LDAP 5/3 In Progress Stability 4 Commit IAM Database to the Cloud Successfully move all write applications to point to IAM Database in the cloud. 6/1-3 In Progress Cloud 5 Commit Authentication Environment Updates To support server decommissioning, provide enhanced services, and modernize technologies determine a strategy to upgrade Auth infrastructure this Fiscal Year In Progress Improvement 6 Commit Provision HU-LDAP branch To allow decommissioning of HU-LDAP servers IIQ must provision a new branch in Unified LDAP In Progress Cloud 7 Commit Provision a group to University AD for Papercut application Enable the FAS printing service (Papercut) migration before June 15 2018 To do Customer Commitment 8 Commit AuthLDAP branch to Unified LDAP (SHA-1 only) To support ITS' autoreg application move the AuthLDAP user branch from legacy host to new Unified LDAP In Progress Cloud 9 Commit Optimize IIQ deployments (Cloud Formation templates) Establish a more automated deployment process for IIQ to reduce operational risk during deployment. In Progress Improvement 10 Commit Deprovision users in University Active Directory using grace and speration rules Support email short-term Out of Office message for separated users. Ensure security with the cleanup of permissions on accounts. To do Customer Commitment 11 Commit Provisioning access for users who are Withdrawn, Not Registered and Leave of Absence Automates enforcement of FAS On-Leave Policy for extended access to accounts and services. To do Customer Commitment 12 Commit IIQ Upgrade Ensure ongoing vendor support and lay the foundation for improved core provisioning functionality and feedback, such as tightly interacting with 0365. In Progress Stability 13 Commit Review and Address HK Self Service user improvements Ensure all users can interact with all site functionality effectively. To do Customer Commitment 14 Commit DUO update user alias and user information from HarvardKey self-service Expand the set of usernames to enable two factor authentication for other services like O365 To do Stability 15 Commit Scramble (or lock) Students who didn't enable MFA Finish the last population of users To do Stability 16 Commit Move XID schema to the Cloud As part of IAM commitment to move our IAM Database to the cloud, the XID application will be the first to write directly to the Cloud RDS instance in Production. To do Cloud 17 Commit Work with Security to define the OU provisioning strategy for UNIVAD for future implementation Define a future model that will meet University AD needs in a scalable and secure fashion To do Improvement 18 Commit Grouper does not include people when an active role is added, if person had no prior active roles Mitigates group membership integrity issue. Prevents seemingly random people from not accessing applications and un-needed time spent supporting these instance To do Stability **Operational Statistics** Sort Sprint Harvard Keys Claimed # Changes Processed Application Onboarding Service Now Tasks # Tickets Updated # Tickets Resolved # Tickets Open Duplicate / Overwritten IDs Priority 1 & 2 Incidents In-Flight Completed In-Flight Completed 1: 4/13 - 4/24 1,885 7 14 8 14 20 1071 410 191 9 n/a 2: 4/25 - 5/8 3: 5/9 - 5/22 4: 5/23 - 6/5 5: 6/6 - 6/19 6: 6/20 - 7/3 **Quarterly Total** **1,885** **7** **-** **8** **-** **20** **1,071** **410** **-** **9** 0 Fiscal Year to Date (6/28/17 - now) 44,530 194 - 154 - 350 22,949 11,330 - 222 22 --- Attachments- [ picture\_as\_pdf pi-14\_-\_sprint\_1\_-\_summary\_report.pdf ](/sites/g/files/omnuum12676/files/iam/files/pi-14_-_sprint_1_-_summary_report.pdf) - [ picture\_as\_pdf pi-14\_-\_sprint\_1\_-\_priorities.pdf ](/sites/g/files/omnuum12676/files/iam/files/pi-14_-_sprint_1_-_priorities.pdf) --- Share on:- [ Facebook ](#) - [ Twitter ](#) - [ Linkedin ](#)