implementing identity management, provisioning, and ldap authentication for peoplesoft june 8, 2007...
TRANSCRIPT
Implementing Identity Management, Provisioning, and
LDAP Authentication for PeopleSoft
June 8, 2007
USM Conference
Coppin State University
CoppinState
University
Presenter(s)
• Chris KennedyChris Kennedy
Sr. PeopleSoft Administrator/AnalystSr. PeopleSoft Administrator/Analyst
• Leda McNairLeda McNair
Sr. DBA / PeopleSoft AdministratorSr. DBA / PeopleSoft Administrator
2
CoppinState
University
OverviewCoppin State University uses the Fischer Identity Management and Provisioning suite to automatically create student and employee accounts for Microsoft Active Directory and PeopleSoft. This presentation will discuss which events are used in PeopleSoft to trigger the account creation process and how the campus is using the Fischer Directory for LDAP authentication
3
CoppinState
University
Agenda/Contents
1.1. Network / PeopleSoft Environment Network / PeopleSoft Environment Overview/LayoutOverview/Layout
2.2. Event TriggersEvent Triggers– Students Students – EmployeesEmployees
3.3. LDAP AuthenticationLDAP Authentication
4.4. Lessons LearnedLessons Learned
4
CoppinState
University
Coppin State University
Baltimore, MD
Liberal Arts University
Founded in 1900
Enrollment between
4,000 – 4,500 students
5
CoppinState
University
PeopleSoft Applications
• Live:Live:• Financials 8.9MP4 / PeopleTools 8.47.11Financials 8.9MP4 / PeopleTools 8.47.11• Enterprise Portal 8.8 / PeopleTools 8.45.13Enterprise Portal 8.8 / PeopleTools 8.45.13• HR/SA/CR 8 / PeopleTools 8.22.13HR/SA/CR 8 / PeopleTools 8.22.13
• Future:Future:• Upgrading to HCM/CS 9.0 (go-live Summer 2008)Upgrading to HCM/CS 9.0 (go-live Summer 2008)• Upgrading to Enterprise Portal 9.0 (go-live Fall Upgrading to Enterprise Portal 9.0 (go-live Fall
2008)2008)
6
CoppinState
University
PeopleSoft Environment (Production Only)
• Each Application (Portal, HR/SA, Financials):• 2 web servers
• 1 report server (due to load balancing of web servers)
• 2 application servers (one for application messaging and one for user logins)
• 1 database server
• 1 fileserver
7
CoppinState
University
Web/App. ServerFor App. Msg. Tfc.
FileSvr
DB ServerProc. Sch.
App Server
Web Server(PSReports pickup)
Web ServerWeb Server
Web/App. ServerFor App. Msg. Tfc.
FileSvr
DB ServerProc. Sch.
App Server
Web Server(PSReports pickup)
Web ServerWeb Server
Web/App. ServerFor App. Msg. Tfc.
FileSvr
DB ServerProc. Sch.
App Server
Web Server(PSReports pickup)
Web ServerWeb Server
To & FromAlteon
To & FromAlteon
Alteon Load Balancer
Alteon SSL Accelerator
Encrypt / Decrypt
FW
FW
Web Server
EagleLINKS.coppin.edu
Internet FWAt 1st
connect
At 1st connect
All traffic after 1st connect
PA(PORTAL)
SA/HR(StuAdmin/HumResc)
FN(FINANCIALS)
AppMsg Traffic only
8
Network / PeopleSoft Environment Configuration
CoppinState
University
Network / PeopleSoft Environment Configuration
PS Portal
Fischer.Coppin.edu
Student.Coppin.edu
PS SA/HR PS FN
Fis
cher
Pro
visi
on
ing
&
Iden
tity
Fischer App.Msg.
PS Triggers
Coppin.edu
Provisioning Workflows
PS App.MsgAccount
Maintenance
9
CoppinState
University
Event Triggers (Students)
Matriculation (ADM_APPL_PROG record) Creates network account, network home
directory, web folder, and email account Writes temporary table for creating PeopleSoft
account
10
CoppinState
University
Event Triggers (Employees)
Hire (Job record) Based on their empl class Creates network account, network home directory, and
email account PeopleSoft account created manually
Termination, Leave of Absence, Retirement (Job record) Writes record to temporary table for review to disable
account Reason - employee may have multiple jobs
11
CoppinState
University
Event Trigger(Component PeopleCode)
• ADM_ACT_ENTRY.GBL.SavePostChange• Example:
/* * Fischer PeopleCode to Publish Messages */Declare Function PublishMessage PeopleCode FISC_FUNC_LIB.FISC_FUNC_LIB FieldFormula;&ReturnValue = PublishMessage(GetLevel0());
12
CoppinState
University
Event Triggers (Future Enhancements)
Automate creation of PeopleSoft accounts for both students and employees
13
CoppinState
University
LDAP Configuration
PS Portal
Fischer.Coppin.edu
Student.Coppin.edu
PS SA/HR PS FN
Fis
ch
er
Pro
vis
ion
ing
&
Ide
nti
ty
Fischer App.Msg.
PS Triggers
Coppin.edu
Provisioning Workflows
PS App.MsgAccount
Maintenance
14
LDAP Authentication
Password Synchronization
CoppinState
University
LDAP Configuration
• Reasons for using Fischer Active Directory for LDAP authentication:
– PeopleSoft does not use multiple directories– Needed one directory with all student and
employee accounts
15
CoppinState
University
LDAP Configuration• PeopleTools > Security > Directory > Configure Directory
16
CoppinState
University
LDAP Configuration• PeopleTools > Security > Directory > Authentication Map
17
CoppinState
University
Lessons Learned
• Leave encrypt flag in PSOPRDEFN set to 1 (otherwise batch processes in HR/SA will fail)
• Set password in PSOPRDEFN to some plain text value
• Disable password controls in PeopleSoft• Make sure password controls are consistent
between active directory domains• LDAP failover configuration not available until
PeopleTools 8.48
18
CoppinState
University
Questions?
19
CoppinState
University
Contacts
• Chris KennedyChris KennedySr. PeopleSoft Administrator/AnalystSr. PeopleSoft Administrator/AnalystCoppin State UniversityCoppin State UniversityE-mail:E-mail: [email protected]
• Leda McNairLeda McNairSr. DBA / PeopleSoft AdministratorSr. DBA / PeopleSoft AdministratorCoppin State UniversityCoppin State University
E-mail: E-mail: [email protected]
20