Celeste Copeland headshot
Celeste Copeland

In this Q&A, ITS Identity Management Manager Celeste Copeland discusses what her group is working on and why the work is important, and she highlights some of Identity Management’s recent successes.

This Q&A is the second post in a Getting to Know series about ITS Identity Management.

What is Identity Management focusing on this year?

At the moment, we’re working on integrating Duo with Shibboleth, evaluating replacements for our Person Services, using the new Grouper API, migrating from SVN to Git for our source-code repository and making changes to our monitoring for Single Sign-On.

We’re also doing some cross training on portions of C# code that works with Office 365 and Microsoft Identity Manager. The C# code is the self-service email provisioning and the mass-mail utility used to send mass email across campus.

We will also be supporting the upcoming PeopleSoft upgrades to Campus Solutions, Human Capital Management (HCM) and Finance.

What is the size of your team?

Our group has five technical staffers and one manager. We also have one open position, which will handle Office 365-related software development.

Why is this work important?

Identity Management ensures users have secure access to the systems and data that they need. This also means denying access to any users who should not have it. We’re closely related to ITS Security. They’re one of our most important customers.

What are your recent successes?

We had some very successful projects over the past year or so. We upgraded our Kerberos, Shibboleth Single Sign-On and Grouper software, and also implemented Duo 2-Step Verification registration.

Implementing Duo 2-factor was a big innovation. Such tools help deter intruders and hacking incidents.

It’s important to stay on top of ways of preventing security holes and approaches to authentication and authorization. Authentication verifies that you are who you say you are. Authorization is what you can do now that we know who you are.

Consider your driver’s license. Your license matches your face and confirms your identity. That’s authentication. Your driver’s license also says what you can and can’t do, such as drive a motorcycle or a commercial motor vehicle, which is authorization.

For us, authentication is Shibboleth. Grouper and Lightweight Directory Access Protocol (LDAP), meanwhile, help applications make authorization decisions. Just because you’ve authenticated, it doesn’t mean you can do whatever you want. For example, you could be a student, parent or staff member with no need for sensitive information.

Our identity is used in more ways than people imagine. Explain.

Very little of the work that we do is customer-facing. A user may sign up for an Onyen or Guest ID, and change their password every so often, but they probably do not realize that most University systems that they log into are using our services for authentication and authorization, and the identity data contained in LDAP is used by hundreds of systems around campus.

Ideally, identity management is done right and you don’t have to concern yourself with it. You don’t think about identity management, but every time you log in, update your personal information, sign up for Duo or change or password, you’re interacting with identity management.

When you lose access, you learn how identities are intertwined with applications.

What do you enjoy about this work?

It’s never boring! We have more than enough to do, and are involved in many projects within ITS and outside of it. The identity management field was new when I started with it in 2004. The field is constantly evolving as more and more participants are coming together to better understand the space.

Internet2, the advanced technology community, has provided a communal space for education and research organizations to innovate and solve common challenges. Through Internet2, the identity and access management space has a new initiative called TIER (Trust and Identity in Education and Research) where we can exchange ideas with colleagues at other campuses. UNC-Chapel Hill is a TIER sponsor. It’s exciting to see how other institutions are solving the same issues that we face.

How can the campus community help you and your efforts?

We could use some feedback on our work. if you have any feedback, please email idman@listserv.unc.edu.

 

Leave a Reply