SSO
We assume this issue is relatively solved as our assumption is that the Oracle HCM will serve as a standard SAML 2 Service Provider and users will log in with their local credentials via the campus Shibboleth Identity Provider
Data provisioning - data from HCM to our IAM systems and vice versa
We need to design common interfaces that will work across the system. Some campuses need the ability to write an identifier back to the HCM. UCSF currently writes an identifier back to PPS in real time to assign the employee number at the point a new HR record is created. This could be modified to be out of band, but would be costly for UCSF. UCLA also expressed a need to write back their campus key identifier.
Most campuses are interested in moving toward realtime integration with HR data, but most campuses do not run a local ESB or have deep middleware expertise on their campuses.
Access management
Based on what we know so far, it appears that all access control (i.e. specific user role assignment) will be handled inside HCM, so this may not be an important integration topic
Shared secret
Once a new employee has an HR record, the next step on many campuses is to issue a digital identity. The business and technical processes involved in creating a digital credential is central to a campus' ability to meet InCommon Silver certification requirements for Level of Assurance. It could save campuses a great deal of effort in certifying for InCommon Silver if the identity vetting process which takes place via HR can be leveraged. In order to do that, there needs to be a trusted chain between the HR process and the process to create the digital ID. This requires that the HR process generate a shared secret that only the new employee can know and which the employee can then use to boot strap their digital identity.
Person data update
Many campuses have different ways of allowing users to update profile data. We will need to know if the HCM self-service tools for updating person data will be implemented and if so, how that relates to profile data update systems on campus. Also, how does HR self-service relate to AYSO updates.