Enabling the Pack

New Identity Management System delivers self-service password services

Last spring, NC State replaced its aging account management infrastructure with a new integrated Identity Management (IdM) system that:

• improves the automation of account and access provisioning and deprovisioning for various university services, such as Unity accounts, G Suite (Google Apps), and WolfTech/Affiliates Active Directory.
• serves as the official source of record for user identification information, including Unity ID, roles, and university affiliations, such as student, faculty, and staff.
• manages access to accounts and systems, based upon defined roles or events.

IdM features

The first phase of the multi-year project provides all campus users with these benefits:

• Self-service User Identification and Authentication (UIA) security questions
  These question and answer pairs are used to verify your identity for certain self-service and manual password functions.
• Self-service password change and reset
  The password change interface dynamically shows your password’s strength as you create it. Maybe best of all, for most users at the university, if you forget your password, you will be able to reset it yourself, without assistance from the NC State Help Desk or local IT staff.
• Password expiration notifications
  You will receive several email notices prior to your password expiration date. Password change requirements also will be extended for many campus users:

• Thirty-day requirements will change to 90 days.
• Some 90-day requirements will change to 180 days.
• Twelve-month requirements will not change.

OIT deploys new version of MyPack Portal, Financial System and Employee Self-Service

The Office of Information Technology Enterprise Application Services recently upgraded the MyPack Portal and the Financial System to version 9.2 and implemented a new mobile-friendly Employee Self-Service.

The MyPack Portal upgrade, in conjunction with the Financial upgrade, provides significant navigation improvements, including a modern look and more mobile and user friendly interfaces. For videos, training information, documents, and handouts, see Financial 9.2 Upgrade and Training Info.

In a concurrent deployment, a new mobile-friendly version of Employee Self-Service also provides a responsive and modern interface for the most commonly used features. Now employees can view their paychecks, manage personal information, report and track their time, review benefits, and perform other functions from their mobile devices. For additional information, see the Human Resources Information Management website.

System Access Removal Procedure aids separating employees and their supervisors

When an employee separates from the university, many departmental actions are triggered. To ensure systems access to employee data is properly managed during this transition, OIT updated the university’s System Access Removal Procedure.

This procedure and accompanying checklist help supervisors preserve access to separating employees’ electronically stored information, systems and applications, which may include but not be limited to: email, Google docs, items stored on departmental file shares, account names, encryption keys, and associated encryption passwords.

Some of the recent updates to the procedure include:

• Enhanced usability for managers and staff to follow recommendations in the printable System Access Removal Checklist (PDF).
• Addition of a reference chart to explain Data Access Availability after a separated employee’s account has been deactivated.
• Updated references and links to Human Resources (HR) checklists and employee relations guidance:
  • Human Resources – Separation Checklist (PDF)
  • Human Resources – Transfer Employee Separation Checklist (PDF) (new)
  • Employee Relations – Separating Employees

Supervisors should review all checklists when employees announce their separation and take special note of what is not available after an account is deactivated. OIT and HR also recommend that supervisors involve their departmental IT support early in the separation process to help identify stored items and points of access. The practical guidance in these documents will help both the supervisor and the employee make a smooth organizational transition.

Additional Highlights

• PCR·360 – Migrated the campus telecom and IT billing system from the MySoft environment to PCR·360. Available to on-campus personnel who request telecommunication services for their campus units.
• eRA (electronic Research Administration) System – Leading, in conjunction with the Office of Research, Innovation and Economic (ORIED), a campus team to implement a new platform that will streamline research activities across the university and integrate with the Financial and Human Resources (HR) systems.
• Absence and Time Management – Implemented within the HR System to eliminate the signed paper copies of Leave records. The time management system has been extended for use by all employees subject to the Fair Labor Standards Act.
• REPORTER – Expanding the internal and non-credit training system to all units (e.g., ORIED, Classmate, Training Organization and Development, Environmental Health & Public Safety, Industry Expansion Solutions), to provide registration and tracking that includes required training, reducing the number of systems supported on campus.
• Financial System – Deploying the Service Center module to streamline management of financial activities for shared campus resources. From March 1, 2016 to July 13, 2017, 1,059 Service Center rate changes were processed electronically.
• PCard Improvements in the OnBase Document Management System – Implemented two PCard enhancements by integrating with OnBase to reduce printing across campus:
  • Cardholders can now directly upload electronic receipts into the Financial System instead of emailing them to admin/business support staff who formerly printed and scanned them for processing. From July 26, 2016 to July 13, 2017, more than 840,000 PCard receipts were uploaded.
  • Monthly statements that each card holder formerly had to print, sign and scan for processing have been made electronic. These enhancements were rolled out July 26, 2016, and in the first four business days, 10,537 receipts were uploaded instead of printed. From July 26, 2016 to July 13, 2017, more than 21,000 PCard statements were processed electronically.
• OIT Managed Desktop Team – Responded to over 3,198 service and support incidents for the OIT Managed Desktop (OITMD) environment. For 2016-17, the average incident time to close was eight hours and 10 minutes, a decrease of eight hours from last year.
• Microsoft System Center Endpoint Protection – Completed the transition from Kaspersky Antivirus to Microsoft-provided tools for campus workstations.
• SHA2 Secure Certificates – Updated encryption technology by moving from SHA1 to SHA2 secure certificates on all Hosted Services systems. Also implemented a monitoring tool to notify staff of upcoming certificate expiration, so they can be renewed without service interruptions.
• Citrix – Deployed Microsoft’s Remote Desktop Service, along with Virtual Computing Lab images and SCCM-packaged applications, to retire Citrix, saving the university significant licensing costs.
• NC State University Help Desk – Increased monitoring of suspicious account activities has resulted in new processes for handling and resolving these incidents. The help desk has worked closely with Security and Compliance to develop these processes and continues to work to improve them. The help desk has processed over 1,400 requests for account reactivation, 70 percent of which regained access within eight business hours after their compromise.
• Windows Print Environment – Completed a redesign for student printing, including the replacement of Samba printing with use of the Internet Printing Protocol. This change provides better redundancy and improved load balancing for better fault-tolerance and performance. PaperCut print management software has also been upgraded to version 16.4, providing multiple performance and service improvements.
• Windows 10 Migration – Migrated 1,921 of the 3,188 machines in 42 organizational units. As part of the migration, each department was delivered a complete inventory of its computers, and out-of-warranty machines were highlighted. This will help OITMD client departments manage their computer inventory and comply with the UNC Combined Pricing Initiative purchasing guidelines.
• Data Center 1 and 2 – Developed a comprehensive support funding model.
• Wireless Project – Completing the final phase of WiFi installation in the remaining residence halls during summer 2017.
• Wiring – Completed the first phase of the outside wiring project to migrate from Centrex to Voice over IP (VoIP) for life safety lines.
• Switch Ports – Completed the upgrade of 17,712 switch ports, the largest switch upgrade in a single year.
• Business Continuity Plan – Completed the first-ever plan for the Data Center Operations team.
• Call Center – Moved the OIT Help Desk from Angel to the ComTech Cisco UCCX service, saving approximately $20,000 annually.
• VoIP Telephony – Continued the Appalachian State University rollout of VoIP, with 1,231 handsets deployed.
• Exadata Platform – Stood up the new infrastructure that will eventually house all of the PeopleSoft databases.
• Linux Transition – Moved MyPack Portal and Financial from Solaris to the Linux platform this year, releasing more than 150 Solaris server instances.
• WRAP – Replaced with Shibboleth, which is now the standard authentication mechanism for web services protection.
• Destiny One CE – Transitioned the customer lifecycle management software to a cloud service and transitioned many aspects to the new REPORTER system.