Old Dominion U Streamlines Identity Management with Business Process Automation

• By Leila Meyer
• 01/22/15

Shutterstock.com

Old Dominion University (ODU) in Norfolk, VA, has implemented a workflow automation system to streamline the process of approving user accounts for the institution's identity management system.

Manual Workflow

ODU uses its own identity management system, called MIDAS (Monarch Identification and Authorization System), that provides faculty, staff and students with a single username and password to access various network resources. The system also allows people to request a new user account or changes to their account (such as access to new resources), and to request a password reset.

Before the IT department at ODU can create, delete or make changes to network user accounts, the change must be approved — and depending on which network resources the user needs to access, the request may require approvals from multiple people.

The account approval process at ODU used to be a manual one. The change request system was paper-based, and a form would traverse the campus snail-mail system from person to person until it had all of the required signatures. It would then return to the IT department, where the account managers would create, delete or modify the account as requested. The procedure was tedious and time-consuming, and the staff wanted to move it online.

The Search for Workflow Automation

In addition to automating the process through an online system, the IT department wanted the ability to generate reports about the number of requests going through the system, how much time they take to process, and so on, and they wanted an easy-to-use graphical user interface (GUI) for non-technical staff.

"We intended for the workflow system to be available to the whole university, not just to those highly technical people in the Information Technology Services department, and we were looking for something that would be intuitive to use," said Natalie Metzger, software engineer of middleware in the IT Services department at ODU.

For the technical people in the IT department, Metzger also wanted a workflow automation system that would be accessible by a REST (representational state transfer) client, so she could communicate with the system on a computer programming level rather than just through the GUI.

Metzger and her team researched potential solutions and whittled the list down to three contenders: Bonita BPM (business process management), jBPM and Activiti BPM, and then they compared and evaluated them on their ability to scale to ODU's requirements. "We finally settled on Bonitasoft primarily because it had a functioning REST interface, something that Activiti was just starting to develop at the time, so the relative ease of design really made us choose Bonita in the end," said Metzger.

Implementation Process

While implementing Bonita BPM, Metzger was also developing the rights system that operates in the background to define which systems a user is allowed to access. "It was a huge undertaking that was a big part of our accounts request process," said Metzger "It required a lot of database work, business logic development, and it also needed to have information about who our approvers are. We had to consolidate information from a lot of different systems so we could have quick access to that data."

The implementation of Bonita BPM itself was not overly complicated, according to Metzger, because the GUI is just drag-and-drop. However, the process of integrating it with ODU's custom rights system was not as straightforward as Metzger would have liked, mainly due to the lack of sufficient documentation. "To integrate with our rights system, I have independent code that I just load into the Bonita system so I can change it more easily, rather than implementing it in the Bonita system itself." Despite the challenges she faced, Metzger noted that the  documentation of Bonita BPM has improved significantly in the couple of years since she implemented the system.

Results

Bonita BPM has streamlined ODU's user account approval process by bringing it into the digital age. Users requesting accounts, changes to accounts or password retrievals don't see the Bonita interface; they see only the MIDAS identity management interface, which uses a wizard to guide them through the process of account requests, including asking them what type of account they need, who they work for and who their supervisor is. Once the user submits a request, MIDAS communicates with Bonita BPM in the background, and then Bonita determines who needs to approve the request, sends the task to them and those people receive an e-mail notification. The approvers can then log on to MIDAS to approve or deny the request.

The implementation of Bonita BPM has reduced the turnaround time for account requests from three days to one, on average. "It's not the creating the account that takes so long; it's getting all of the approvals," said Metzger. "Before, they would send the pieces of paper across campus, wait for a signature, wait till it comes back to us, and then create the account. Now it's just online where somebody clicks the button and says 'yes, I do approve' or 'no, I don't.'"