Last spring, ITS Identity Management (IdM) started an effort to provision and deprovision University systems within midPoint. Now, the team is extending the use of midPoint to tackle three new projects. The projects include the deprovisioning of Microsoft OneDrive and Onyen accounts, and the provisioning of an Application Registry.
MidPoint is a software system used by the University to connect systems that hold digital records like ConnectCarolina and the University Directory. MidPoint connects each record system and uses triggers to remind the systems to update user information and access.
Provisioning is the industry term for providing new users access to things they need, and deprovisioning is removing access when they depart.
Operationalizing these processes by provisioning and deprovisioning with midPoint will save the University time and resources, and automate previously manual processes.
“This has been an extremely manual process up to this point. We had to keep a list of what users should have access to, it could be up to 40 different systems for a single individual,” said IT Manager of Identity Management Celeste Copeland. “Eventually, we want all of these systems to be automated.”
Increasing automation is a key component of the University’s Carolina Next strategic plan to optimize operations.
In mid-November, the IdM team will use midPoint to roll out its OneDrive deprovisioning project.
The midPoint software will detect when a staff or faculty member has left or changed positions. Then, the system will send an email to that individual’s supervisor notifying them of the change and asking if there is any information on OneDrive they would like to save before the deletion of the account.
Before OneDrive was automated in midPoint, different University employees had to make all of the system updates and reach out to supervisors manually.
This project will make the OneDrive system more secure by quickly removing access from users when needed.
Until now, the IdM team has used a script within a database to group people based on their Onyen expiry dates. This process has been challenging for the IdM group because of the need to postpone an increased number of Onyen expiration dates for students taking gap years this academic year due to COVID-19.
Now, the Onyen deprovisioning with midPoint and use of Grouper groups will make it easier to identify which students’ Onyens need to be expired.
Grouper is a utility that enables users to create individual groups through its user interface and either put people in place manually or add them dynamically based on access protocol.
“This should be much easier because now we’ll be able to group students based on each population and just change the rules for that group instead of for the whole script,” Copeland said.
Application Registry project
Unlike how the Onyen and OneDrive projects are upgrades to existing software systems, the Application Registry update is a new system suggested by the Information Security Office.
With this project, the IdM group will introduce a new way of keeping track of service accounts associated with campus groups. It will keep track of when these accounts need to reset passwords, who is the contact person for the account and what kind of access they have.
“This information is all non-centralized right now and this will centralize the ability to administer all of these accounts,” Copeland said.