Enterprise Identity Management -Leveraging Participation Management (PM) to Provide Single Sign-On for COD
Bridget-Anne Hampden | Nov. 2012
U.S. Department of Education
2012 Fall Conference
Contents
Current State
Objectives of the Enterprise Identity Management Service (EIMS) Project -Phases 1 and 2
Approach
EIMS Target State
Changes
Important Dates
Next Steps
Questions
Current State: User Feedback
We Heard You Loud and Clear:
Multiple log-ins for COD are frustrating and inefficient.
EIMS is a solution which allows a single user sign-on for COD and other FSA systems.
Current State
Objectives of EIMS Project Phases 1 and 2
Objective: To make registration and sign-on for users a more efficient process while still maintaining security for FSA systems by:
Simplifying access to FSA systems with single (reduced) sign-on
Creating a standardized solution supporting the entire user community and all business systems
Removing Personally Identifiable Information (PII), such as the current use of Social Security Numbers (SSN) and Date of Birth from log-in
Maintaining a consistent data security posture across all FSA systems
Approach
Step1: Placing all FSA systems behind a single authentication application (AIMS) e.g. National Student Loan Data System (NSLDS), eCampus-Based System (ECB), Central Processing System (CPS)
Step 2: Leverage PM system for COD enrollments to provide privileged users a single FSA ID for COD
Step 3: Create non-identifiable standard user IDs and passwords for students and borrowers to access FSA systems
Step 4: Move from physical (hard) tokens to the use of soft tokens
EIMS Target State
EIMS Target State
Changes: COD online access
Changes: PM
Changes: The Transition Period
During the transition period from the first week of March 2013 to the first week of May 2013:
Primary DPAs will need to enroll current COD online users in PM
Users will need to register in PM, if they do not have an FSA ID (john.doe.fsa)
During this period, new COD online users will need to be enrolled in both systems
After 1st week of May, Primary DPAs will only be able to use PM to enroll COD online users
Changes: Summary of Required Actions
Changes: Privacy and Security Improvements
FSA requires that all users accept their responsibilities regarding the use of FSA systems and information as is written in the Privacy Statement and the Rules of Behavior
In addition, FISMA requires that FSA track this information and provide audit information as requested
On a daily basis, users will be asked to accept both these statements when they first log-in to COD
Changes: Annual Security Training Notification
Users are required to complete an Annual Security Training
Provides an understanding of the security responsibilities associated with accessing FSA systems
Reminds users of their responsibilities to protect the information in FSA systems especially the PII data of the students, borrowers, and users
Specifies certain activities as not allowed, such as the sharing of FSA IDs
For the ten (10) days prior to expiration, users will be notified of the expiration of their security training when they log-in to COD
If the Annual Security Training is not complete, user will not be able to access COD
Changes: COD Enrollments and Log-in
Important Dates
February 2013
Initial information available on IFAP website
March 2013 -May 2013
Detailed instructions available on IFAP website
Primary Destination Point Administrators (DPA) enroll COD users in PM
COD users register and create a profile in PM to get a new FSA ID and Password
First Week of May 2013
Single (reduced) sign-on for COD goes live!
Next Steps for EIMS
Complete enhancements to PM
Send out communications through IFAP (Feb/March/May)
Implement new COD single (reduced) sign-on -COD Release 12.1, first week of May 2013
Begin work on removing PII for non-privileged users -Late Fall 2014
Perform feasibility testing with InCommon Federation
Provide ongoing progress information through IFAP
QUESTIONS?
Contact Info
Bridget-Anne Hampden
E-mail: [email protected]
Phone: 202-377-3508