Please enable JavaScript.

Coggle requires JavaScript to display documents.

BEIS (Key Concepts (Access management (Trusted based authentication…

- - - - Process of verifying the digital identity of a user who requests access to system resources.
  - - - Collects and Packages data about a users of an Ellucian Application.
      - Basis for exchanging data about a user of an Ellucian Applications and external provisioning components such as a third-party EIMS or central directory
      - Used to provision user accounts into the central identity vault.
        
        Then used to provision other Ellucian Applications as appropriate
      - Contains GUID that is assigned to each person record published in a UDCIdentity XML message.
        
        System Generated 32-character alphanumeric value
        
        <UDCIdentifier>36BE6D6D18560C44E0440003BA33B440</UDCIdentifier>
        
        Basis of claims-based authentication
      - Limited to elements
        
        EmailAddress
        
        PrimaryAddress
        
        CampusAddress
        
        CampusPhone
        
        MobilePhone
        
        Fax
  - - - Protocols
        
        exchanging user requests
        
        resource requests
        
        service provisioning requests
      - UDCIdentity XML content inside
    - - Authoritative
        
        Banner feeds the central idenity vault. Identity Events in Banner cause a central SPML Request Authority (RA), the Banner Identity Proxy, to make provisioning requests to one or more Provisioning Service Providers (PSPs)
      - Non-Authoritative
        
        Data changes in the central identity vault are sent to Banner. Banner is a Provisioning Service Target (PST) that receives provisioning requests from its PSP, the Banner Identity Gateway.
        
        Other Ellucian Products always have the non-authoritative role. PSTs
    - - Establishes standard patterns for the exchange of identity data
      - Authoritative Apps (Banner, ERP) feed the central vault
      - Changes stimulate the provisioning and processioning of accounts in other enterprise applications based on established rules.
    - - Claims based authentication (single sign on)
      - Uses UDCIdentityXML
- - - - Assign UDCIdentifier to Person
      - Extract Identity Data from the Banner Database
      - Publish identity data to SPML web service endpoints
      - Import identity data to an LDAP directory
  - - - Creates UDC Identity XML messages
      - Publishes UDC Identity XML messages
    - - Receives SPML request messages when identity data changes in the central identity vault.
- - - - Transformed to UDCIdentity XML
  - - - Third party EIMS protects the SSO manager by authenticating the user and asserting the users identity.
      - Uses a cookie, HTTP header, or parameter
    - - CAS protects the SSO manager by authenticating the user.
      - Service validates the CAS session and provides the identity of the user to the SSO Manager in an XML format.
    - - SSO Manager supports the Security Assertion Markup Lanaguage 2.0. Standard for the exchange of authentication and authorization data.
- - - - Publish additional data elements out of Banner in the UDCIdentity XML
      - IAM must be bound to a PIDM
      - Business Rules form
      - Uses variable name / alias and the value is the result of the sql
      - Data from GORRSQL is added to a child element of <Extension> (if data was returned)
      - EXAMPLE:
        SELECT GOBTPAC_EXTERNAL_USER PRINCIPAL FROM GOBTPAC WHERE
        GOBTPAC_PIDM = :PIDM
    - - Bind variable (PIDM)
      - Process Parameters form
    - - Crosswalk validation form
      - Maps Banner contact types to UDCIdentityXML structure
    - - Business Rule Code Validation form
    - - Third Party Access
      - GOBTPAC table
      - Third Party ID (LDAP username)
      - Pin (LDAP password)
      - GOBTPAC_PIN is stored in SSHA-1 storage format. Requires retrieval using API
    - - Banner Event Publisher