IAM PI-14 Sprint 2 Complete

May 10, 2018
The second sprint of the 14th quarter of IAM development is complete and it included lots of operational tasks completed and beginning of Provisioning access for users who are Withdrawn, Not Registered and Leave of Absence. Lots of work continues behind the scenes to meet our other quarterly goals. The details of Sprint 2 are as follows:

Changes to Commitments in Sprint 2

  • Moved to In Progress (1 commitment)
    • Provisioning access for users who are Withdrawn, Not Registered and Leave of Absence

The full list of Commitments attachments with details are below:

# Q'4 Posture Feature Value Statement Due Status Category
1 Carryover Improvement for Authentication (IDP) Upgrade a core component of Authentication infrastructure 4/18 Complete Stability
2 Commit O365 Self Service Opt-In Stabilization for Students Ensure smooth rollout and adoption of newly released Office365 opt-in feature 5/15 In Progress Customer Commitment
3 Commit Improvement for Authentication (CAS Server) To allow decommissioning of Auth-LDAP servers application registrations must move to a new branch in Unified LDAP 5/13 In Progress Stability
4 Commit IAM Database to the Cloud Successfully move all write applications to point to IAM Database in the cloud. 6/1-3 In Progress Cloud
5 Commit Authentication Environment Updates To support server decommissioning, provide enhanced services, and modernize technologies determine a strategy to upgrade Auth infrastructure this Fiscal Year   In Progress Improvement
6 Commit Provision HU-LDAP branch To allow decommissioning of HU-LDAP servers IIQ must provision a new branch in Unified LDAP 6/10 In Progress Cloud
7 Commit Provision a group to University AD for Papercut application Enable the FAS printing service (Papercut) migration before June 15 2018 5/30 To do Customer Commitment
8 Commit AuthLDAP branch to Unified LDAP (SHA-1 only) To support ITS' autoreg application move the AuthLDAP user branch from legacy host to new Unified LDAP 6/14 In Progress Cloud
9 Commit Optimize IIQ deployments (Cloud Formation templates) Establish a more automated deployment process for IIQ to reduce operational risk during deployment.   In Progress Improvement
10 Commit Deprovision users in University Active Directory using grace and separation rules Support email short-term Out of Office message for separated users. Ensure security with the cleanup of permissions on accounts.   To do Customer Commitment
11 Commit Provisioning access for users who are Withdrawn, Not Registered and Leave of Absence Automates enforcement of FAS On-Leave Policy for extended access to accounts and services. 5/30 In Progress Customer Commitment
12 Commit IIQ Upgrade Ensure ongoing vendor support and lay the foundation for improved core provisioning functionality and feedback, such as tightly interacting with 0365.   At Risk Stability
13 Commit Review and Address HK Self Service user improvements Ensure all users can interact with all site functionality effectively.   To do Customer Commitment
14 Commit DUO update user alias and user information from HarvardKey self-service Expand the set of usernames to enable two factor authentication for other services like O365   To do Stability
15 Commit Scramble (or lock) Students who didn't enable MFA Finish the last population of users 6/15 To do Stability
16 Commit Move XID schema to the Cloud As part of IAM commitment to move our IAM Database to the cloud, the XID application will be the first to write directly to the Cloud RDS instance in Production. 5/15 To do Cloud
17 Commit Work with Security to define the OU provisioning strategy for UNIVAD for future implementation Define a future model that will meet University AD needs in a scalable and secure fashion   To do Improvement
18 Commit Grouper does not include people when an active role is added, if person had no prior active roles Mitigates group membership integrity issue. Prevents seemingly random people from not accessing applications and un-needed time spent supporting these instance   To do Stability


Operational Statistics


Harvard Keys Claimed

# Changes Processed

Application Onboarding Service Now Tasks

# Tickets Updated

# Tickets Resolved


Duplicate / Overwritten IDs

Priority 1 & 2 Incidents

In-Flight Completed In-Flight Completed
1: 4/13 - 4/24 1,885 7 14 8 14 20 1,071 410 191 9 n/a
2: 4/25 - 5/8 2,416 11 18 8 13 27 1,391 718 248 4 4/26: 2: HKS Alumni app authorization issue (3d)
5/2: 2: StarRez authorization for some students (3d)
3: 5/9 - 5/22                      
4: 5/23 - 6/5                      
5: 6/6 - 6/19                      
6: 6/20 - 7/3                      
Quarterly Total 4,301 18 - 16 - 47 2,462 1,128 - 13 2
Fiscal Year to Date (6/28/17 - now) 46,946 205 - 162 - 377 24,340 12,048 - 226 24



pi-14_-_sprint_2_-_summary_report.pdf79 KB
pi-14_-_sprint_2_-_priorities.pdf60 KB