IdMgmt: total effort is Relatively Large to research impact of Workday on provisioning and de-provisioning, model new processes, and prototype, design and develop provisioning tools.


These notes are a result of CIT's brainstorming meetings about Workday on 4/12 and 4/13 2011.

Assumptions

  1. They manage reference groups from PS and they are responsible for provisioning and de-provisioning. They feed AD and exchange.
    1. Provisioning: they need to query the data of record and and write back, transactionally. New NETID: goes to Workday.
  2. New employees will get made in Workday
  3. PS will work the same way; Workday will have to check to see if the person exists in PS first; if they aren’t then they will be created in PS; Students will be in Workday to support Student Employment. 
  4. Every person will still have an EmplID in PS
  5. Pushing to Workday is via ‘iload’ = batch. Workday can provide some records record by record via WSs.
  6. Authorization: For Workday it is all done in Workday so CU has nothing to do. 

Tasks

  1. Prototype the integration technically. Connect to Workday and try it. Do a prototype to inform how the data, processes, etc could be done.
  2. Authentication:
    1. Investigate custom auth service and prototype Shibboleth with Workday and decide which to use.
    2. Investigate and prototype authentication of non-humans using the web services. Web Service interactions ought to be auditable, controllable..... 
  3. Model the provisioning and deprovisioning that would happen with Workday.
  4. Understand the data in Workday and the impact to department data and reference groups. Workday is about supervisory relationships and can also be customized and is expected to match KFS orgs too.
  5. Decide on approach to Groups: do we redefine the group management or just make it work the way it does now? What’s the worst case scenario for reference groups for employees? Who decides this - aren’t the Data Stewards supposed to decide? Need to assess, recommend, take to data stewards, get approval, and then pursue.
  6. Revisit all job code specific logic in provisioning. Assess and review the directory feed , directory display and services people get.
  7. Review the Use Cases of duplicate netIDs, etc... Currently IdMgmt justs fixes all the data stores manually if they have to. Specialized tools used to reconcile these situations for Cornell people by the help desk and ID Mgmt need to be reworked. BILL will provide data for that. Ad hoc tools are used too. HelpDesk and IdMgmt are also probably Workday users.
  8. Analyze public and non-public records / elements in the SUN 1 Directory from PS that will be impacted.

Open Questions

Shibboleth - Does anyone else use it?