Monash Enterprise Active Directory

Vision

A unified enterprise identity management architecture built upon a scalable & robust Microsoft Active Directory platform, encompassing the business needs of the whole university including faculties, administrative divisions and international campuses.

Description

Monash ITS has for many years run a LDAP directory service to provide authentication services (username/password & certificate) & authorization services (allowed services & privileges). Other IT services such as Novell file & print, email and calendar have leveraged off this authentication store via the LDAP protocol.

This single point of reference for identity management within the one IT group has enabled an easy to use single password environment for users and removed the need for application administrators to manage user accounts.

The exception to this centralized authentication architecture has been applications/services which only support authentication to a Microsoft Active Directory. The result is over the years IT groups within the Monash faculties and divisions have implemented local instances of active directory to support their own IT services. A limitation of these installations has been the ability to link these directories into the enterprise identity infrastructure.

Building one central enterprise wide Microsoft Active Directory hierarchy would simplify the faculties/divisions administration of their own server & desktop windows environments because they could leverage off central identity (Authcate) and server/workstation configuration policies.

• Phase 1: Enterprise design encompassing the business needs of the whole university including faculties, administrative divisions and international campuses.
• Phase 2 building the core Monash active Directory Service and synchronizing it with the existing Monash Directory Service.