University of North CarolinaWILMINGTON MABUG 2010
Coordinating Identity Management – a partnership between HR and IT
Western Carolina University; Cullowhee, NCDiana CatleyPatti JohnsonStan Hammer
MABUG 2010
University of North CarolinaWILMINGTON
BackgroundHistory◦~1400 permanent faculty and staff◦~9000 students
Motive◦IT – who’s who? when to terminate accounts? accounts for
new employees – when? for whom? for how long?◦HR - Implementation of Banner HR/Payroll
MABUG 2010
University of North CarolinaWILMINGTON
ChallengesSilos of outdated HR/IT procedures and policies
◦IT – account policy dated 2000; signature required – but who signed?
◦HR - needed new forms and processes to accurately enter data into Banner
MABUG 2010
University of North CarolinaWILMINGTON
Challenges, cont.Determining balance and needs of stakeholders◦HR / Payroll / Budget ◦Academics◦Administrative (departments)◦Student portal and LMS systems (Blackboard)◦Information Technology◦Guests / volunteers
MABUG 2010
University of North CarolinaWILMINGTON
Challenges, cont.When to grant / revoke access?How to handle in-between periods?
ĐĐĞƐƐ
E ŽĐĐĞƐƐ
ZĞĚƵĐĞĚĐĐĞƐƐ
Last Access DateLast Work DateIdeal world
MABUG 2010
University of North CarolinaWILMINGTON
Challenges, cont.
MABUG 2010
University of North CarolinaWILMINGTON
Challenges, cont.PEATMVF - Employee Termination who is active in PEAEMPL but terminated Job Record
MABUG 2010
University of North CarolinaWILMINGTON
Challenges, cont. – Early/Late AccessNon-returning leave-earning EPA non-faculty, using
up some earned leave
Non-returning instructors - contract ends with some students in incomplete status
Re-hired / returning instructors (having space between end of previous access, begin of current access)
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes - ApproachJoint ownership of problems and solutions between
HR and IT
◦Only stakeholders involved in the beginning (HR/IT)◦Evolution of design – continuing to evolve
Now: reaching out to more stakeholders
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Business ProcessesForms and processes – university policies drive
processesReports and usages – HR and IT Help Desk can
answer questions from campus on accessApplication & Data integration between systemsRole-based security
Users Groups Roles Permissions
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes - GoalsEasy to figure out problems and solutionsWide application for use campus-wide
PeopleAdmin
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals / Online Directory
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals / Corrections Form
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals / Synchronize EMail/Active Directory/Outlook
Values updated/sync’d from Database of Record, Banner
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals / Selection of groupsWITH BB_Users AS (SELECT * FROM TABLE (wcuidm.f_group_members ('E'))UNION SELECT * FROM TABLE (wcuidm.f_group_members ('35'))UNION SELECT * FROM TABLE (wcuidm.f_group_members ('SA'))UNION SELECT * FROM TABLE (wcuidm.f_group_members ('8')))
Group Codes
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals, cont.Precise understandingStability / error reductionSingle source of dataAccountability for both hiring supervisor and
employee◦no access until all compliance paperwork has been
completed◦termination takes place on predetermined dates
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals, cont.Auditable◦Banner data drives group membership
◦Banner data drives access control
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals, cont.Auditable, cont.◦Banner data drives access control
MABUG 2010
University of North CarolinaWILMINGTON
Outcomes – Goals, cont.
…
MABUG 2010
University of North CarolinaWILMINGTON
ConclusionAudit defensible system◦Revising policies to meet auditor and WCU business
practices◦Clarifying early access / late access based on
stakeholders/audit requirementsCreated efficienciesProvide timely service to campusAccountability
MABUG 2010
University of North CarolinaWILMINGTON
Conclusion, cont.Future direction:
◦Completely automating the process
◦Further training & communication
◦Exceptions, exceptions, exceptions – how to handle exceptions to group membership based exclusively on HR data vs. organizational vs. adhoc
MABUG 2010
University of North CarolinaWILMINGTON
Conclusion – Future directions, cont.
Faculty Student Employee
Financial User
Organizational Groups
Department Head Dean
Functional Groups
Travel Administrator
Work Order Requester
Department
General Groups
Instructor
Automated Groups
Manually Managed
MABUG 2010
University of North CarolinaWILMINGTON
Questions?
Diana Catley – [email protected] Johnson – [email protected] Hammer – [email protected]