April 25, 2018
Identity and Access Management has begun the 14th consecutive quarter of planning and commitments. This quarter we have committed to 17 items across 4 categories: Customer Commitments (5 items), Stability (5 items), Cloud (4 items), and Stability (3 items). Sprint 1 is now complete and included the deployment of an upgrade to a key Authentication component IDP. Further details are as follows:
Changes to Commitments in Sprint 1
-
In Progress items (8 commitments)
- O365 Self Service Opt-In Stabilization for Students
- Improvement for Authentication (CAS Server)
- IAM Database to the Cloud
- Authentication Environment Updates
- Provision HU-LDAP branch
- AuthLDAP branch to Unified LDAP (SHA-1 only)
- Optimize IIQ deployments (Cloud Formation templates)
- IIQ Upgrade
The full list of Commitments and status below:
|
#
|
Q'4 Posture
|
Feature
|
Value Statement
|
Due
|
Status
|
Category
|
|
1
|
Carryover
|
Improvement for Authentication (IDP)
|
Upgrade a core component of Authentication infrastructure
|
4/18
|
Complete
|
Stability
|
|
2
|
Commit
|
O365 Self Service Opt-In Stabilization for Students
|
Ensure smooth rollout and adoption of newly released Office365 opt-in feature
|
|
In Progress
|
Customer Commitment
|
|
3
|
Commit
|
Improvement for Authentication (CAS Server)
|
To allow decommissioning of Auth-LDAP servers application registrations must move to a new branch in Unified LDAP
|
5/3
|
In Progress
|
Stability
|
|
4
|
Commit
|
IAM Database to the Cloud
|
Successfully move all write applications to point to IAM Database in the cloud.
|
6/1-3
|
In Progress
|
Cloud
|
|
5
|
Commit
|
Authentication Environment Updates
|
To support server decommissioning, provide enhanced services, and modernize technologies determine a strategy to upgrade Auth infrastructure this Fiscal Year
|
|
In Progress
|
Improvement
|
|
6
|
Commit
|
Provision HU-LDAP branch
|
To allow decommissioning of HU-LDAP servers IIQ must provision a new branch in Unified LDAP
|
|
In Progress
|
Cloud
|
|
7
|
Commit
|
Provision a group to University AD for Papercut application
|
Enable the FAS printing service (Papercut) migration before June 15 2018
|
|
To do
|
Customer Commitment
|
|
8
|
Commit
|
AuthLDAP branch to Unified LDAP (SHA-1 only)
|
To support ITS' autoreg application move the AuthLDAP user branch from legacy host to new Unified LDAP
|
|
In Progress
|
Cloud
|
|
9
|
Commit
|
Optimize IIQ deployments (Cloud Formation templates)
|
Establish a more automated deployment process for IIQ to reduce operational risk during deployment.
|
|
In Progress
|
Improvement
|
|
10
|
Commit
|
Deprovision users in University Active Directory using grace and speration rules
|
Support email short-term Out of Office message for separated users. Ensure security with the cleanup of permissions on accounts.
|
|
To do
|
Customer Commitment
|
|
11
|
Commit
|
Provisioning access for users who are Withdrawn, Not Registered and Leave of Absence
|
Automates enforcement of FAS On-Leave Policy for extended access to accounts and services.
|
|
To do
|
Customer Commitment
|
|
12
|
Commit
|
IIQ Upgrade
|
Ensure ongoing vendor support and lay the foundation for improved core provisioning functionality and feedback, such as tightly interacting with 0365.
|
|
In Progress
|
Stability
|
|
13
|
Commit
|
Review and Address HK Self Service user improvements
|
Ensure all users can interact with all site functionality effectively.
|
|
To do
|
Customer Commitment
|
|
14
|
Commit
|
DUO update user alias and user information from HarvardKey self-service
|
Expand the set of usernames to enable two factor authentication for other services like O365
|
|
To do
|
Stability
|
|
15
|
Commit
|
Scramble (or lock) Students who didn't enable MFA
|
Finish the last population of users
|
|
To do
|
Stability
|
|
16
|
Commit
|
Move XID schema to the Cloud
|
As part of IAM commitment to move our IAM Database to the cloud, the XID application will be the first to write directly to the Cloud RDS instance in Production.
|
|
To do
|
Cloud
|
|
17
|
Commit
|
Work with Security to define the OU provisioning strategy for UNIVAD for future implementation
|
Define a future model that will meet University AD needs in a scalable and secure fashion
|
|
To do
|
Improvement
|
|
18
|
Commit
|
Grouper does not include people when an active role is added, if person had no prior active roles
|
Mitigates group membership integrity issue. Prevents seemingly random people from not accessing applications and un-needed time spent supporting these instance
|
|
To do
|
Stability
|
Operational Statistics
|
Sprint |
Harvard Keys Claimed |
# Changes Processed |
Application Onboarding | Service Now Tasks |
# Tickets Updated |
# Tickets Resolved |
# Tickets Open |
Duplicate / Overwritten IDs |
Priority 1 & 2 Incidents |
|||||||
| In-Flight | Completed | In-Flight | Completed | |||||||||||||
| 1: 4/13 - 4/24 | 1,885 | 7 | 14 | 8 | 14 | 20 | 1071 | 410 | 191 | 9 | n/a | |||||
| 2: 4/25 - 5/8 | ||||||||||||||||
| 3: 5/9 - 5/22 | ||||||||||||||||
| 4: 5/23 - 6/5 | ||||||||||||||||
| 5: 6/6 - 6/19 | ||||||||||||||||
| 6: 6/20 - 7/3 | ||||||||||||||||
| Quarterly Total | 1,885 | 7 | - | 8 | - | 20 | 1,071 | 410 | - | 9 | 0 | |||||
| Fiscal Year to Date (6/28/17 - now) | 44,530 | 194 | - | 154 | - | 350 | 22,949 | 11,330 | - | 222 | 22 | |||||
 | pi-14_-_sprint_1_-_summary_report.pdf | 78 KB |
| pi-14_-_sprint_1_-_priorities.pdf | 59 KB |