KEY

IAM EXECUTIVE STATUS DASHBOARD | April 2, 2015

PROGRAM NARRATIVE

NO SIGNIFICANT CONCERNS

SIGNIFICANT CONCERNS/RISKS;
NEEDS IMMEDIATE ATTENTION

RISKS IDENTIFIED; MITIGATION

FEASIBLE AND UNDER REVIEW

MAJOR RISKS TO DELIVERABLES/

MILESTONES; NO PLAN YET

EXECUTIVE ATTENTION NEEDED

Accomplishments this month include implementation of consolidated database schemas for IAM databases reducing support and testing overhead and
enabling faster cloud migrations as well as the deployment of a SailPoint IIQ release enabling Alumni provisioning. Program Increment 3 is underway,
and handoff of final deliverables from El El See (for cloud deployment tools) and Isobar (for user-facing design patterns) is expected this month. First cloud
migration of an IAM app in concert with Cloud & DevOps program (Phonebook) is underway.

No items requiring executive attention.

CRITICAL SUCCESS FACTORS

Executive Sponsorship
Executive Committee to assist with
FAS- and Alumni-related rollout and
communications activities throughout the
summer

Transition Planning

Budget Planning

First major release with transition manager a

success, with good coordination among
stakeholders, multiple CAB meetings, and colocation; post-deployment follow-up complete
IAM DevOps matures via continued app
migration
Vendor (El El See) failed to deliver entirety of
CDP solution, but app migration is still moving
as planned; development automation is in
progress using internal team resources

Resource Planning

FY16 budget has been approved by HUIT

finance team

Community & School Engagement

Interviewing for QA contractor

Positions will be posted shortly for two
AD engineers
Position will be posted shortly for lead
software development manager (replacing
Greg Freiter)

PROGRAM PLAN SUMMARY, STATUS, AND MILESTONES

KEY
2014

TRACK

PROJECT STATUS

NEAR-TERM MILESTONES

Q1
Jan

Provisioning

Federation

Directory
Services

Alumni feature development

expected to conclude in May, with
data migration and go-live schedule
determined by Alumni teams
milestones. First round of HMS
analysis documentation is ready for
final approval.
IdP meets known regulatory and
customer needs; latest deployment
expands attribute release to better
support service providers/app
owners.
No near-term milestones.

June: Support provisioning and account

self-service for FAS users.
June: Support provisioning and account
self-service for Alumni users.
June: Finish HMS analysis Phase 2: AD
account lifecycle, IT resource provisioning.

Q2

Feb

Mar

Apr
Jan

May

Jun

Jul

Aug

Q4
Sep

Oct

Nov

Q1
Dec

Q2

Feb
Nov

Mar
Dec

Apr
Jan

May

Aug

Readiness

Q4
Sep

Q1

NOT STARTED

Oct

Feb
Aug
FIM Replacement for O365

2017

Q2
Mar
Sep

Apr
Oct

Q3

May

Q4

Jun Jul
Sponsored Account Self-Service

Nov
Jun

Q1
Dec

Jan

Feb

Q2
Mar

Apr

May

Alumni
Foundation

Expansion (Office 365)

Waveset

Expand Provisioning Targets

Account Claiming Self-Service

Decommission Waveset

PIN/AD Credential Management

idP Functionality Expansion

External Partner

Enhanced idP Functionality for

Privacy

No near-term milestones.
InCommon Bronze Self-Certification Preparation (AD, PIN/CAS)

No near-term milestones.

UNDER DEVELOPMENT

2016
Q3

Jun Jul

Continued meetings for cross-program

communications
Support for SIS release in March; working
on stories to support June release
Provided TLT with communication
templates
Migrated Cloud & DevOps into Salesforce
(using for tracking)

RELEASE COMPLETED

2015
Q3

Cross-Program Collaboration

All stakeholders received invitation to PI-2

demo; many accepted
Continued discussions with FAS leadership
about HarvardKey rollout and tie-in with
Security campaign
Meetings with HMS and HLS to discuss
proposals for their rollouts
Town Hall with small subset of PIN app
owners about reconfiguring for HarvardKey

Federation for
Hospitals

LDAPUpdates(HU/ Auth
)
UUID Enhancement

New Cloud LDAP (HU and AUTH

LDAP)

LDAP Functional Enhancement

LDAP Attribute Expansion

Decommission FAS
AD
AD Migration (FAS/Central)

Identity APIs

App Owner
Support
One-Way Fed

Identity Access
Governance

Reference Implementation release

is underway.

July: Make integration easier for HUIT

app owners and improve app security by
providing standard libraries.

No near-term milestones.

No near-term milestones.

No near-term milestones.

July: Reduce user risk profile by truncating

SSN, ensuring it is no longer stored in
places where it is not absolutely needed.
Aug: Protect end-user privacy by aligning
with Barron Committee recommendations.

Application Registration

Customer Test Data

OWF Onboarding for

HBS
Program-Level KPI Reporting

IAM Service Usage & Access

Reporting

IAM External-Facing Website

RefinePrivacy Protocols

Aug: Reduce end-user risk of identity and

account compromise by adding support
for multifactor authentication.

Decommission PIN3

Authorization
Enhancements

Integration testing and API

enhancements underway for SIS
Wave 2.

July: Enable SIS to benefit from IAM data

by granting data access in production.
Aug: Make authorization admin tasks easier
by enabling creation of user groups.

SIS Wave 0

No near-term milestones.

No near-term milestones.

AD & FIM support hires approved.

Oct: Give end users not provisioned through

Waveset or IIQ access to the full O365
toolset.

Cloud
Migration

May: Migrate PIN, saving costs and

keeping it current with other IAM
infrastructure. Aug: Sunset legacy
hardware to cut cost. Sep: Boost
stability/performance for people admins
and cut cost by migrating IIQ.
Sep: Cut cost and improve support,
performance and stability for IAMowned databases used by downstream

CAS Bridge

Identity Proofing
Cloud Authentication

Adaptive Access

Bring Your Own Identity

Desktop & Mobile Native

Apps

SIS Wave 2
Group Management

Coarse-Grained Authorization

Expand Groups

Connections Update

Connections UI Improvements
FIM Support
Stand Up Cloud-Based LDAP

Connections Migration

Add Data to Warehouse

Identity Analytics & Risk

Assessment
Business Intelligence Tool Set

Automated Alerting and Monitoring

Multifactor Authentication

Cloud Architectural Reference Model

School-Level KPI Reporting

Metric Dashboard

SSN Truncation

Multifactor Authentication vendor

selected; formal agreement in
progress.

IAM app migration is underway in

coordination with Cloud & DevOps
program. Public LDAP has been
retired in dev environment.

Application Usage Statistics

IAM Reference Implementations

Authentication
Enhancements

External
Directories
Expanded
Provisioning

Federation Updates

Authenticable Credentials for Machines

Retire Legacy LDAP

IdDB Migration and Database Export/View Migration

Self-Service
Migration

PIN/CAS Migration
SailPoint IIQ Migration

Yellow Pages Improvements

MIDAS Migration

Phonebook & Public LDAP Cloud

Migration

KEY

IAM EXECUTIVE STATUS DASHBOARD | April 2, 2015

NO SIGNIFICANT CONCERNS

SIGNIFICANT CONCERNS/RISKS;
NEEDS IMMEDIATE ATTENTION

RISKS IDENTIFIED; MITIGATION

FEASIBLE AND UNDER REVIEW

MAJOR RISKS TO DELIVERABLES/

MILESTONES; NO PLAN YET

STRATEGY AND PLANNING: TOPICS & TREND LINES

PI-2 was extended by one sprint to allow more development time for incomplete features and minimize carryover, with no impact to customers or program plan. PI-3 now is underway,
and the development teams remain focused on features for Alumni and FAS, supporting IAM customers and HUIT programs and migrating IAM applications to the cloud. The goal is to
finalize all Alumni features in PI-3 in order to spend the bulk of PI-4 development time on features for FAS. The team received a final build kit and assets from Isobar for implementing
user-facing
design patterns, and will conclude front-end development on HarvardKey account management features in PI-3. Planning for PI-4 began this week with definition of the increments
business objectives and a draft of the candidate features list. Technical analysis and decomposition of features into high-level stories will begin in Sprint 3 of PI-3, the week of April 6.

Schedule

Budget

Scope

Reporting

Staffing

Community Outreach

Release Management

FUNCTIONAL STATUS: TOPICS & TREND LINES

The HarvardKey team is currently modifying the application to reflect designs delivered by Isobar. Alumni data imports will begin soon. The provisioning team is working on deploying SailPoint
IdentityIQ to the cloud and, in parallel, refactoring how source data updates are processed to make more efficient use of the product and simplify our implementation. MIDAS enhancements are
being developed to allow for viewing of Alumni data and the creation of new types of sponsored affiliations. PI-4 business objectives and features for the next program increment are being
reviewed in preparation for design planning.

Policy Governance

Service Support

Documentation

Requirements Assessment

Service Definition

Quality Assurance

Service Transition

TECHNICAL STATUS: TOPICS & TREND LINES

The team has successfully completed the database rationalization production release, making it now possible to move the database and IIQ to the cloud for the provisioning expansion. PIN/ CAS, IdP,
and AuthZProxy are all also on track to move to the cloud in the near future. The team has improved the design for importing data into IIQ, allowing for faster detection of changes, larger volumes,
and the introduction of group functionality. The team has also been working with an MFA vendor, and a proof of concept for this vendors solution is in progress with the aim of enabling release later in
the year.

Identity Management

Cloud Migration

Access Management

Infrastructure

Directory Services

Data

User Experience

COMMUNITY OUTREACH: HARVARD UNITS & TREND LINES

Alumni, SIS, SEAS, FAS, and HMS work progresses, with ongoing outreach efforts to
keep them informed. Working with HUIT programs around combined outreach to FAS,
including our IAM information in a single, coordinated message. Cloud team tracking
Wave 1 migrations via Salesforce and will start on reporting for them next. Further
work to create coordinate rollout activities plan across programs.

Faculty of Arts and Sciences

Graduate School of Design

Harvard School of Public Health

Harvard Library

Graduate School of Arts and Sciences

Graduate School of Education

Radcliffe Institute for Advanced Study

Registrars

Harvard Business School

School of Engineering & Applied Sciences

Alumni Affairs

SIS

Division of Continuing Education

Harvard Kennedy School

Campus Services

TLT

Harvard School of Dental Medicine

Harvard Law School

FSS

Unified Communications

Harvard Divinity School

Harvard Medical School

Human Resources

Other HUIT Departments

KEY PERFORMANCE INDICATORS

Account Management Help Desk
Requests
2 0 00

1700

IAM Incidents as Percent of Total

Total Identities in SailPoint IIQ

Monthly Provisioning Transactions

(55386 originally populated)

1800

65000 0

35000

1700

6 4 00 0 0

28 000

6 30 0 0 0

21000

620000

14000

610000

7000

5
1400

Total Authentication Services Registrations

1600

4
1500
3

1100

1400

2
800

500

1300

1
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb
14
15
Mar

Account Management Help Desk

Requests

Aside from academic-year cyclical trends, we

expect a decline in requests as self-service
functionality is introduced, offset by the increase in
user population.

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb
Mar 14
15

IAM Percentage of Total

We expect a reduction in IAM incidents over time as

a percentage of total ServiceNow incidents, with
modest temporary increases for Spring and Fall
Starts.

1200

Feb Mar
Mar 14

Apr May Jun

15

Jul Aug Sep

Oct

Nov Dec Jan

Feb

Registered Applications

Number of registrations is expected to fluctuate

over time but grow overall based upon new
applications added and removal of unused
applications.

600000

July
14

Aug
Sept

Oct

Nov

Dec

Jan
15

Feb

Number of Identities

The number of identities illustrated will

increase over time as overall migration from
Waveset to SailPoint IIQ progresses.

Mar

Feb 14Mar Apr May Jun July Aug Sep

Mar

Oct Nov Dec Jan 15 Feb

Create/Update

Deprovision

(WS)

(WS)

Create/Update (IIQ)

Deprovision (IIQ)

Distribution is expected to shift from Waveset to IIQ

over time, with outlier data points due to bulk
migrations, Spring/Fall Starts, or other isolated
changes.