Educause Security Discussion mailing list archives
Re: higher education "best practices" for authenticating to campus IT resources
From: Theresa Rowe <rowe () OAKLAND EDU>
Date: Wed, 7 Oct 2009 10:55:46 -0400
I hope we can have an updated discussion about this. We've been having a campus discussion just in recent weeks. We accept our Banner systems as providing the level of assurance for proving identification. When a person (student, faculty, staff) is entered into Banner, a person-ID number (GrizzlyID) is randomly generated, and a random pin is generated. These credentials can be used to log into only Banner Self-Service, which we are trying to "phase out" and keep only for portal disaster recovery purposes. The Banner G-ID and Pin, both randomly generated and private, are used to establish NetID and password. The NetID and password are recorded in our LDAP environment, which is the source of single-signon to many campus resources: network, portal, and email / elearning systems like Moodle and Elluminate, emergency notification system, our file storage system in Xythos, library systems, etc. We still have a couple systems off-campus - TouchNet for credit card payment and PeopleAdmin for human resource job functions, for example - where we cannot tie the system into our LDAP directory, so different logins are used. We've found integration with vendors problematic, although we have a very workable solution with SAML and our Google mail environment using our LDAP directory. We have file and print services that require domain access and that requires a different ID and password, authenticated in Active Directory. Our plan is to integrate LDAP and AD, but the project is likely going to take us a couple years (and a domain consolidation). Like to hear from others - Theresa Rowe On Tue, Oct 6, 2009 at 3:48 PM, Daniel Bennett <dbennett () pct edu> wrote:
Hello All, Currently, we are trying to answer the following questions to sort of benchmark higher education "best practices" for authenticating to campus IT resources: 1. Does your institution provide separate usernames and passwords for critical and non-critical information systems (multiple authentication systems)? If no, to the above question: 2. Does your authentication system also provide single sign-on to all campus information systems? An example, the Director of Financial Operations logs into his/her workstation and once logged in he/she can access all other campus applications without providing the username/password again, through some sort of single sign-in infrastructure. Thanks, Daniel Bennett IT Security Analyst Pennsylvania College of Technology One College Ave Williamsport PA, 17701 570.329.4989
-- Theresa Rowe Chief Information Officer Oakland University **Think Green - Think before you print.**
Current thread:
- Re: higher education "best practices" for authenticating to campus IT resources Childs, Aaron (Oct 06)
- <Possible follow-ups>
- Re: higher education "best practices" for authenticating to campus IT resources Kevin Kelly (Oct 06)
- Re: higher education "best practices" for authenticating to campus IT resources Theresa Rowe (Oct 07)