how is the cloud different? depends on service scope/intent –concur (auth only) versus box...
TRANSCRIPT
![Page 1: How is the cloud different? Depends on service scope/intent –Concur (auth only) versus Box (collaboration/storage) Existing Identity Management compromises](https://reader036.vdocuments.mx/reader036/viewer/2022083006/56649f385503460f94c547e7/html5/thumbnails/1.jpg)
How is the cloud different?• Depends on service scope/intent
– Concur (auth only) versus Box (collaboration/storage)
• Existing Identity Management compromises persist– Limited independent leverage
• Consumer-centric– Enterprise administrative controls can lag behind
![Page 2: How is the cloud different? Depends on service scope/intent –Concur (auth only) versus Box (collaboration/storage) Existing Identity Management compromises](https://reader036.vdocuments.mx/reader036/viewer/2022083006/56649f385503460f94c547e7/html5/thumbnails/2.jpg)
Identity In the Cloud?• Goal:
– Campus-hosted system of record for entitled/active services– End-user self-provisioning for all services
• Requires:– Vendor-provided user-management APIs– Disabling cloud-based identity management tools
• Password change, account name change, etc.
– Institution/cloud reconciliation– Automated de-provisioning of cloud accounts
• Results in:– Institution is not dependent on cloud providers to know which
services affiliates are provisioned for– Attestation capability
![Page 3: How is the cloud different? Depends on service scope/intent –Concur (auth only) versus Box (collaboration/storage) Existing Identity Management compromises](https://reader036.vdocuments.mx/reader036/viewer/2022083006/56649f385503460f94c547e7/html5/thumbnails/3.jpg)
How Can You Help?• Spread the message:
– Federated authentication• Institutions should manage credentials – not cloud providers• Continue to push vendors in this direction
– Account Name does not equal Email Address• All our users have multiple institutional email addresses
– We need role-based security• User-centric controls are insufficient for a managed service
![Page 4: How is the cloud different? Depends on service scope/intent –Concur (auth only) versus Box (collaboration/storage) Existing Identity Management compromises](https://reader036.vdocuments.mx/reader036/viewer/2022083006/56649f385503460f94c547e7/html5/thumbnails/4.jpg)
Biggest Challenges• Identity Management compromises in favor of
end-user features– Vendor maturity– Revoking campus credentials may not revoke access
• Identity clean up for consumer-centric services• Affinities
– No elegant solution for groups
• Define the horizon