[unisog] Soft Tools for Managing AD Accounts:PeopleSoft Integration?

Martin Manjak MManjak at uamail.albany.edu
Thu Sep 6 15:54:06 GMT 2007 

Jon,

Thank you for your reply. Would you or someone on your staff be willing
to share some of the technical aspects of your PS AD integration, e.g.,
what language did you write your web scripts in? You ca reply off list
if you prefer to mmanjak at albany.edu.

Martin Manjak
CISSP, GIAC GSEC-G, GCIH
Information Security Officer
University at Albany
MSC 209   437-3813 
"Information security controls should be considered at the systems and
projects requirements specification and design stage."
ISO/IEC 17799 Code of Practice for Information Security Management

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Jon E. Mitchiner
Sent: Thursday, September 06, 2007 9:08 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Soft Tools for Managing AD Accounts:PeopleSoft
Integration?


Martin,

The process at Gallaudet for account creation and termination is 
exclusively tied into Peoplesoft.  For Faculty and Staff, if the user is

to get an account, they need to be activated into Peoplesoft.  Our web 
based application which we developed in house about 5 years ago pulls a 
list of active employees in Peoplesoft and then compares it with Active 
Directory. 

Account termination is another thing and I've never been comfortable 
having it automated.  I'd hate to come in one morning and find one of 
the top administrator's account has been deleted.  Even worse, if all 
accounts were deleted because of a bug.  We would probably keep this as 
a manual process where someone has to approve any account deletion.  In 
reality, we don't delete accounts and instead disable them for about 30 
days.  If no one complains then the account is deleted.

Essentially, what we have done, is shift the burden for account creation

to Human Resources.  If someone claims that they already submitted the 
paperwork then I tell them to talk to the Human Resources department.  
When Human Resources stops paying someone and takes them off the active 
pay status, then they are considered no longer an employee.

We do permit department heads to contact us directly to let us know if 
we need to terminate or disable an account at a moment's notice without 
having to go through human resources.

Jon

Jon E. Mitchiner
ITS Director
(202) 651-5300
(202) 651-5477 (Fax)

More information about the unisog mailing list