User Provisioning Project - UC ITLC Middleware Project
Child pages
  • User Provisioning Use Cases

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

User Provisioning Use Cases

Connexxus

Connexxus is a travel booking system that incorporates UC's rates negotiated with airlines, hotels, etc.  Single sign-on is implemented via UCTrust/Shibboleth, but travelers must be known to the system before a login is permitted, so all campuses produce a nightly feed that is sent to Trondent, the company that was contracted to perform the user management and authentication for Connexxus.  This process is described in System Design Issues for Connexxus.  [At Trondent's request access has been restricted to that document.  Only participating ITLC groups have been allowed access.]

Some relevant aspects of this use case:

  • Anyone affiliated with a campus may, potentially, be a traveler, not just employees or students.
  • Not all campuses send the same information about their travelers, although all campuses share a common file format for their feeds.
  • The fact that travelers are sent to the system on a nightly basis prevents creating new travelers on demand.
  • The unique key for all feeds is eduPersonPrincipleName, which provides the "join" with Shibboleth assertions at the start of online sessions with Connexxus.

The Human Resources Learning Management System (HRLMS)

The HRLMS system's initial application was compliance-related training for UC employees.  At some campuses, it has also been used for other forms of training, not necessarily for employees.  Users must be created in the HRLMS before their first login.  Basic information about employees is extracted from UCOP's copy of the campus employee records.  Campuses can add additional learners and enhance the information provided about employees by creating a nightly feed to a system at UCOP that merges all of the sources of user information and sends all users to SumTotal, the company that has been contracted to operate the HRLMS.  This is described in User Provisioning and Authentication for the SumTotal Learning Management System at the University of California.

Some relevant aspects of this use case:

  • Anyone affiliated with a campus may, potentially, be a learner, not just employees or students.
  • All campuses send the same information to the merge program at UCOP, in the same file format.
  • The fact that learners are sent to the system on a nightly basis prevents creating new learners on demand.
  • There are two options for the "join" with Shibboleth asertions, UCnetID and UCTrustCampusIDShort, because UCnetIDs are currently assigned reliably only for employees.  UCnetIDs are used for employees, and UCTrustCampusIDShort is used for others.  There is, however, a current project to allowing UCnetIDs for learners who are not employees at certain campuses.

UCLA Administrative Applications Shared by UCOP and UC Merced

Summary: UCLA operates several key administrative systems, including Financial, Purchasing, and Payroll for UCOP and UC Merced. All of these systems rely on UCLA's DACSS access management system to manage users. DACSS relies on a number of data feeds from UCOP and UC Merced to populate and update user contact information.

Current Situation

  • UCLA receives daily FTP feeds containing employee email addresses from UCOP and UC Merced. The applications requires

Opportunities for Improvement

  • No labels