implementing identity management, provisioning, and ldap authentication for peoplesoft june 8, 2007...

Implementing Identity Management, Provisioning, and

LDAP Authentication for PeopleSoft

June 8, 2007

USM Conference

Coppin State University

CoppinState

University

Presenter(s)

• Chris KennedyChris Kennedy

Sr. PeopleSoft Administrator/AnalystSr. PeopleSoft Administrator/Analyst

• Leda McNairLeda McNair

Sr. DBA / PeopleSoft AdministratorSr. DBA / PeopleSoft Administrator

2

CoppinState

University

OverviewCoppin State University uses the Fischer Identity Management and Provisioning suite to automatically create student and employee accounts for Microsoft Active Directory and PeopleSoft. This presentation will discuss which events are used in PeopleSoft to trigger the account creation process and how the campus is using the Fischer Directory for LDAP authentication

3

CoppinState

University

Agenda/Contents

1.1. Network / PeopleSoft Environment Network / PeopleSoft Environment Overview/LayoutOverview/Layout

2.2. Event TriggersEvent Triggers– Students Students – EmployeesEmployees

3.3. LDAP AuthenticationLDAP Authentication

4.4. Lessons LearnedLessons Learned

4

CoppinState

University

Coppin State University

Baltimore, MD

Liberal Arts University

Founded in 1900

Enrollment between

4,000 – 4,500 students

5

CoppinState

University

PeopleSoft Applications

• Live:Live:• Financials 8.9MP4 / PeopleTools 8.47.11Financials 8.9MP4 / PeopleTools 8.47.11• Enterprise Portal 8.8 / PeopleTools 8.45.13Enterprise Portal 8.8 / PeopleTools 8.45.13• HR/SA/CR 8 / PeopleTools 8.22.13HR/SA/CR 8 / PeopleTools 8.22.13

• Future:Future:• Upgrading to HCM/CS 9.0 (go-live Summer 2008)Upgrading to HCM/CS 9.0 (go-live Summer 2008)• Upgrading to Enterprise Portal 9.0 (go-live Fall Upgrading to Enterprise Portal 9.0 (go-live Fall

2008)2008)

6

CoppinState

University

PeopleSoft Environment (Production Only)

• Each Application (Portal, HR/SA, Financials):• 2 web servers

• 1 report server (due to load balancing of web servers)

• 2 application servers (one for application messaging and one for user logins)

• 1 database server

• 1 fileserver

7

CoppinState

University

Web/App. ServerFor App. Msg. Tfc.

FileSvr

DB ServerProc. Sch.

App Server

Web Server(PSReports pickup)

Web ServerWeb Server

Web/App. ServerFor App. Msg. Tfc.

FileSvr

DB ServerProc. Sch.

App Server

Web Server(PSReports pickup)

Web ServerWeb Server

Web/App. ServerFor App. Msg. Tfc.

FileSvr

DB ServerProc. Sch.

App Server

Web Server(PSReports pickup)

Web ServerWeb Server

To & FromAlteon

To & FromAlteon

Alteon Load Balancer

Alteon SSL Accelerator

Encrypt / Decrypt

FW

FW

Web Server

EagleLINKS.coppin.edu

Internet FWAt 1st

connect

At 1st connect

All traffic after 1st connect

PA(PORTAL)

SA/HR(StuAdmin/HumResc)

FN(FINANCIALS)

AppMsg Traffic only

8

Network / PeopleSoft Environment Configuration

CoppinState

University

Network / PeopleSoft Environment Configuration

PS Portal

Fischer.Coppin.edu

Student.Coppin.edu

PS SA/HR PS FN

Fis

cher

Pro

visi

on

ing

&

Iden

tity

Fischer App.Msg.

PS Triggers

Coppin.edu

Provisioning Workflows

PS App.MsgAccount

Maintenance

9

CoppinState

University

Event Triggers (Students)

Matriculation (ADM_APPL_PROG record) Creates network account, network home

directory, web folder, and email account Writes temporary table for creating PeopleSoft

account

10

CoppinState

University

Event Triggers (Employees)

Hire (Job record) Based on their empl class Creates network account, network home directory, and

email account PeopleSoft account created manually

Termination, Leave of Absence, Retirement (Job record) Writes record to temporary table for review to disable

account Reason - employee may have multiple jobs

11

CoppinState

University

Event Trigger(Component PeopleCode)

• ADM_ACT_ENTRY.GBL.SavePostChange• Example:

/* * Fischer PeopleCode to Publish Messages */Declare Function PublishMessage PeopleCode FISC_FUNC_LIB.FISC_FUNC_LIB FieldFormula;&ReturnValue = PublishMessage(GetLevel0());

12

CoppinState

University

Event Triggers (Future Enhancements)

Automate creation of PeopleSoft accounts for both students and employees

13

CoppinState

University

LDAP Configuration

PS Portal

Fischer.Coppin.edu

Student.Coppin.edu

PS SA/HR PS FN

Fis

ch

er

Pro

vis

ion

ing

&

Ide

nti

ty

Fischer App.Msg.

PS Triggers

Coppin.edu

Provisioning Workflows

PS App.MsgAccount

Maintenance

14

LDAP Authentication

Password Synchronization

CoppinState

University

LDAP Configuration

• Reasons for using Fischer Active Directory for LDAP authentication:

– PeopleSoft does not use multiple directories– Needed one directory with all student and

employee accounts

15

CoppinState

University

LDAP Configuration• PeopleTools > Security > Directory > Configure Directory

16

CoppinState

University

LDAP Configuration• PeopleTools > Security > Directory > Authentication Map

17

CoppinState

University

Lessons Learned

• Leave encrypt flag in PSOPRDEFN set to 1 (otherwise batch processes in HR/SA will fail)

• Set password in PSOPRDEFN to some plain text value

• Disable password controls in PeopleSoft• Make sure password controls are consistent

between active directory domains• LDAP failover configuration not available until

PeopleTools 8.48

18

CoppinState

University

Questions?

19

CoppinState

University

Contacts

• Chris KennedyChris KennedySr. PeopleSoft Administrator/AnalystSr. PeopleSoft Administrator/AnalystCoppin State UniversityCoppin State UniversityE-mail:E-mail: ckennedy@coppin.edu

• Leda McNairLeda McNairSr. DBA / PeopleSoft AdministratorSr. DBA / PeopleSoft AdministratorCoppin State UniversityCoppin State University

E-mail: E-mail: lmcnair@coppin.edu

20