...
Use Case | UC-Wide? | Outsourced? | Responsible UC Location | User Community | Provisioning Already Deployed? |
|---|---|---|---|---|---|
Y | Y | UCOP | UC travelers | Y | |
Y | Y | UCOP | UC employees, plus others | Y | |
UCLA Administrative Applications Shared by UCOP and UC Merced | N | N | UCLA | Most employees | Y, but considering a replacement |
N | Y | UCLA | Most employees | N | |
Y | Y | UCOP | A few delegated employees per campus | Y | |
Y ? | Y | Participating campuses? | Significant number of employees | N |
Connexxus
| Anchor | ||||
|---|---|---|---|---|
|
| Wiki Markup |
|---|
Connexxus is a travel booking system that incorporates UC's rates negotiated with airlines, hotels, etc.; Single sign-on is implemented via UCTrust/Shibboleth, but travelers must be known to the system before a login is permitted, so all campuses produce a nightly feed that is sent to Trondent, the company that was contracted to perform the user management and authentication for Connexxus. This process is described in [System Design Issues for Connexxus]. \[At Trondent's request, access has been restricted to that document. Only participating ITLC groups have been allowed access.\] |
...
- Anyone affiliated with a campus may, potentially, be a traveler, not just employees or students.
- Not all campuses send the same information about their travelers, although all campuses share a common file format for their feeds.
- The fact that travelers are sent to the system on a nightly basis prevents creating new travelers on demand.
- The unique key for all feeds is eduPersonPrincipleName, which provides the "join" with Shibboleth assertions at the start of online sessions with Connexxus.
The Human Resources Learning Management System (HRLMS)
| Anchor | ||||
|---|---|---|---|---|
|
The HRLMS system's initial application was compliance-related training for UC employees. At some campuses, it has also been used for other forms of training, not necessarily for employees. Users must be created in the HRLMS before their first login. Basic information about employees is extracted from UCOP's copy of the campus employee records. Campuses can add additional learners and enhance the information provided about employees by creating a nightly feed to a system at UCOP that merges all of the sources of user information and sends all users to SumTotal, the company that has been contracted to operate the HRLMS. This is described in User Provisioning and Authentication for the SumTotal Learning Management System at the University of California.
...
- Anyone affiliated with a campus may, potentially, be a learner, not just employees or students.
- All campuses send the same information to the merge program at UCOP, in the same file format.
- The fact that learners are sent to the system on a nightly basis prevents creating new learners on demand.
- There are two options for the "join" with Shibboleth assertions, UCnetID and UCTrustCampusIDShort, because UCnetIDs are currently assigned reliably only for employees. UCnetIDs are used for employees, and UCTrustCampusIDShort is used for others. There is, however, a current project to assign UCnetIDs to learners who are not employees at certain campuses.
UCLA Administrative Applications Shared by UCOP and UC Merced
| Anchor | ||||
|---|---|---|---|---|
|
UCLA operates several key administrative systems, including Financial, Purchasing, and Payroll for UCOP and UC Merced. These systems rely on DACSS, UCLA's access management system, to manage user access. There are currently approximately 7500 users across 3 campuses using these applications. UCLA is currently in negotiation with another campus to provide administrative systems hosting.
...
Ideally, the email data should should come through each campus's IAM system.
Service-now.com
| Anchor | ||||
|---|---|---|---|---|
|
Service-now.com is a popular ITIL compliant ITSM application. It is a cloud-based, hosted solution. UCLA has adopted it for its ITSM implementation. UCSF and several other universities have also adopted Service-Now as well.
...
UCLA's current deployment is bilateral (i.e., all users have to sign in using UCLA's IDP). However, because UCLA provides administrative application hosting services for other campuses, users from other UC's will eventually need to sign in to Service-now.com. We'd like to push Service-now.com to integrate with other UC IDPs. But that means other involved IDPs will also need to provide comparable user data feeds to service-now.com.
Ethics Point
| Anchor | ||||
|---|---|---|---|---|
|
Ethics Point was deployed by UCOP in 2009 to support UC's management of "whistle blower" incidents. It has approximately 100 authorized users spread over UC's locations who manage the incidents; it also supports anonymous access for reporting incidents. Each UC location has an officially-delegated person who authorizes access for others at that campus. Since Ethics Point is already deployed, it will not participate in our project, but the use case is interesting.
e-academy
| Anchor | ||||
|---|---|---|---|---|
|
e-academy is an electronic software distributor. It has partnered with Microsoft to deliver software download service to UC employees who are eligible to purchase MS software under UC's Microsoft's Work at Home program.
...