CIT Password Portal Enrollment Update
IAM Project Updates
Status of joining computers to AD
AD Users and Computers Cleanup
mark, rwallis, simonw, dattilo, bruckerd, chartier, sandoval, kimn, jtanner, ogg, buss, fredrick, hharris (remote), jdister (remote), estradar, borst (remote), aaron, jlampe (remote),
Any followup from last meeting? Question about offsite users getting CIT passwords. Rudy: Strategy is to send letter with a temporary password and instructions a few weeks before timecard switches over. Have 120 offsite users. Web-based authentication via AD? Garth has note to talk to SWEG.
CIT Password Portal enrollment update: have 475 as of now, so about ⅓ of users. About 100 more than last month. Group assignment to security groups is automated, script runs hourly. Have seen one instance of someone trying to enroll in portal before the script ran, so be aware.
Some discussion about handling people whose passwords are set to never expire. Or admin accounts that are also regular user accounts. Aaron: We need to kill those, use me as the bully. Related to FISMA auditing requirements for privileged actions. Kay knows how to change password expiration for a “never expires” account without immediately locking it.
Cleanup of users that haven’t been active – some cleanup has been done but still nearly 400. Please check. Some people may be idle because their work doesn’t require them to use their CIT passwords – that will change, so check again after we’re confident people are using their accounts.
IAM Project updates: Many people out over last month, but progress on ADFS production infrastructure. Doing testing for resiliency.
Discussion of when to throw switch on Time Card and Signature Authority apps. Aaron has meeting tomorrow to set timeline. Possibly also Proposal & Awards.
Status of joining computers to AD? Garth thinks we’d get more traction with a firmer transition date, with luck after tomorrow’s meeting. Looking at 4-6 weeks, possibly – user notification an issue. EOL finished last night! Is RAL still for hire? “Always.”
For provisioning tools, hope is RFP for this summer.
Garth interested in 2FA.
Please feel free to mention technologies you’d like us to look at.
Kim: When you’re configuring your Windows (or Macs) do you still put local admin account on? Most do, via SCCM.
Some difficulty getting wireless-only systems online before user accounts installed. Simon: E-mail me and I’ll look at the Cisco tool for that.
Discussion of future of KROLE framework vis-a-vis AD.
Discussion of use of AD to authenticate G Suite. Biggest issue is making sure role accounts get created and passwords set before throwing the switch.
Wrapped at 11:00.