Identity Management 2.0


Improve or replace the system currently used to create and manage user accounts and manage/authorize/control user access to all IT resources across the HSU campus. This project will also clean up existing data in the identity management system, ensuring that University services are only made available to eligible individuals and that all eligible individuals have access to the IT resources they need to do their jobs.

Project Request Documents
Requesting Department
Info Tech Services Dir Office

Primary Customers

Josh Callahan
Dale Sanford
Peter Johnson
Jeff Stebbins
Bethany Rizzardi

Project status
Green On Time

Status Update

8/24/2016: Phase 2a was successfully deployed on schedule. The team completed a requirements review and sent the remaining Phase 2b requirements to the vendor for inclusion in a draft statement of work. The next  steps are to conduct Phase 2a Lessons Learned sessions internally and with the vendor team and to finalize preparations for Phase 2b, the final stage of this project.

7/27/2016: The dry run has been completed and validated; validation of the production version is in process and expected to go live on the morning of 7/28/2016. Once this process is complete, Phase 2a of this project will be complete. Two Lessons Learned sessions are planned -  a joint session with the vendor team and an internal session - and the requirements review and preparation for Phase 2b will start after those sessions have taken place.

6/30/2016: The dry run is scheduled to be complete on 7/11/2016. The team has begun to synchronize user data with the new system behind the scenes; change control has approved full synchronization to begin on 7/6/2016 and run for about one week. The Help Desk has been notified of this work and will monitor for any performance degradation; no customer impact is anticipated.

5/25/2016: The deployment plan and timeline for Phase 2A are in process; the team is fleshing out tasks and ancillary systems dependent on Account Center that will be impacted by the cutover to Account Settings. With a target go-live of 7/16/2016, we are working on setting up and doing dry runs in the development environment in order to establish actual deployment tasks and timeline, and help desk staff are being trained.

Work is now in progress to understand the timeline and magnitude of work required for Phase 2B, which is due to procurement by mid June.

4/27/2016: It has been determined that Phase 2A will not be ready for a 5/19/2016 go-live, but this is still expected to happen before the contract expires at the end of June. Discussions and planning are in process and a new go-live date will be communicated shortly.

3/30/2016: Phase 2 has been split into Phase 2A and Phase 2B. Phase 2A will include everything in the original Phase 2 scope except the Access Request (ARF) piece, and adds Username Change, and Phase 2B will cover the ARF piece. Phase 2A is scheduled for a 5/19/2016 go-live; Phase 2B has yet to be scheduled.

2/24/2016: The new contract end date has been tenatively set for 6/30/2016. A new go-live date has been set, and phase 2 is progressing at an acceptable rate to meet the new deadlines.

1/27/2016: The joint project plan is now in place and daily team check-ins are happening. We are currently testing the 1/8/16 deliverables from the Fischer team; the next deliverables are due 2/8/16. Once those deliverables are in, the expected development completion date and new contract extension date can be discussed, as well as what deployment to production will look like - including how to handle Account Center functionality that the Fischer product does not replace.

12/15/2015: The design documents have been received from Fischer, and the task list is now expected 12/18/2015. Areas for initial testing have been defined, and test scripts are being worked on.

11/17/2015: The Fischer team will deliver design documents to HSU 11/23/2015; a review and discussion meeting with Fischer will take place at the beginning of December. 

Fischer has provided a detailed task list relating to the three functional elements to be delivered to HSU for testing on 12/15/2015: SOA Switch; Part 1 - Account Creation, Provisioning, Deprovisioning; Part 2 - Account Creation, Provisioning, Deprovisioning. The project team will create test scripts before this date to enable testing to begin immediately.

Both teams will reconvene 1/5/2016 to schedule out the remainder of the plan.

10/14/2015:  We have scheduled a meeting with Fischer for later this month to get Phase 2 back on track. This process will begin with the adoption of a define/do/verify cycle that will enable meaningful work to start immediately and help to keep us on track for a timely completion.

8/27/2015: The supplemental design and functional requirements, user stories, and resource matrix were delivered to Fischer for their scheduled 8/17 planning session. The proposed Phase 2 schedule will start with delivery of the technical design to HSU by Fischer technical lead Tyler. The two teams will ensure that the design addresses all documented Phase 2 requirements and plan a staggered roll-out to campus with the support of three Fischer resources. The roll-out is expected to be completed by 1/31/16.


8/13/15:  Phase 1 is complete and password expiration notices are being delivered as expected. The team is now focused on preparing for Phase 2, scheduled to begin 8/17/2015.  A contract extension has been negotiated to allow time for completion of Phase 2 by 3/31/2016.

The Fischer team spent a week working with us on campus to review the implementation at a technical, architectural, and administrative level as well as the Phase 2 requirements. The meeting resulted in a better understanding of the product and how HSU is and will be using it to meet identity management mandates and policies, as well as a renewal of our partner relationship. The HSU deliverables identified include:

  • Phase 2 provisioning requirements in User Story format cross-referenced to requirements
  • Role request matrix

While these supplemental requirement documents are being developed to improve team communication and understanding of HSU processes, the original signed requirements remain the ultimate source of authority for the Phase 2 deliverables.

6/24/15: The Phase 1 rollout was completed on 6/21/15; no major issues have been reported. The team is working on final tasks before starting to end out password expiration emails; the goal is to have the first set of old passwords expire while the Fischer team is on site to assist with any possible problems. The visit is scheduled for 7/7/15-7/9/15, with the following goals:

  • Expire old passwords successfully without causing undue pressure on customers or the Help Desk
  • Walkthrough of the Fischer "black box" areas
  • Review, understand, and refine Fischer's proposed solutions to meet the Phase 2 requirements
  • Discuss and formulate an implementation strategy to roll out Phase 2 via a series of staggered deployments

Phase 2 working sessions are in progress to diagram out expected behavior of the Phase 2 requirements to be used in discussions of proposed solutions, create a shared understanding of requirements across the team and Help Desk personnel, and identify any necessary HSU tasks to facilitate Fischer's work. The last deliverable for the Phase 2 work is Views, which we anticipate reviewing with Fischer next week.

5/28/2015: Phase 1 is almost complete. Go-live has been set for 6/3/15, and the initial campus announcement was posted to myHumboldt 5/21/15. We will start sending out password expiration emails on 6/23/15; actual expirations will begin 7/8/15. Help desk familiarization is in process.

The Phase 2 role request demo is taking place today. We are coordinating onboarding the new Fischer technical rep and the upcoming site visit by Fischer technical personnel to ensure everyone understands the complexity of the project. We are also negotiating a contract extension to accommodate the completion of Phase 2.

4/30/15: Phase 1 performance issues have been resolved, so we are now able to set a Phase 1 go-live schedule: 

  • 5/18/15 - notify campus that go-live will take place in two weeks
  • 5/31/15 - go-live

The team is finalizing preparations for these events, and we have asked Fischer if we can have Bryan on-site for go-live week. Awaiting confirmation.

Meanwhile, we are arranging a final review with Fischer on the Phase 2 views prior to completion and delivery. Requirements review discussions to ensure a full understanding of the Phase 2 work across both teams have been initiated in order to establish a timeline for Phase 2. We are also scheduling a demo of role request with Fischer.

3/26/15: Performance has improved, but issues remain in certain Phase 1 areas/modules that require further investigation, do the following tasks are in process:

  • Production of a detailed comparison between development and production environments to pinpoint differences
  • Collaboration with Fischer to resolve issues identified as a result of the comparison

Work is continuing on view development for Phase 2, with a target delivery to Fischer of 4/3/15. A demonstration of role requests is being set up with Fischer and relevant ITS personnel.

2/23/15: The team believes they have identified the cause of the performance problems and and are finishing the remediation work now. Testing by the ITS PO and Helpdesk will take place after the remediation to ensure that the load balancer revisions are tested by multiple groups from multiple perspectives. Discussions to clarify the construction of the Phase 2 - Affiliations views with Fischer have been successful and the Views are in progress; all other deliverables required for Fischer to begin Phase 2 have been delivered.

Post Phase 1 Go Live discussions are planned regarding Access Requests and integrating the rest of Account Center functionality into the Fischer Account Settings.

1/29/2015: The vendor work is complete for Phase 1 - Password Reset. However, testing has revealed a performance issue that needs to be resolved before a final go-live schedule can be set.

For Phase 2 - Affiliations, five of the six requirements have been delivered to the vendor; the final requirement will be submitted as soon as it is complete. The contract has been extended to June 2015.


  • Phase 1 - Password Reset
    • Completion of work and sign off is expected by 12/19/14
    • Go-live schedule and timeline is completed - kick-off will be scheduled on sign off
    • Tentative go-live date is 2/2/15
  • Phase 2
    • Requirements document reviewed and agreed to by both HSU and Fischer teams
    • Task list completed - start date expected to be early January 2015
    • Contract extension to June 2015 is being discussed
    • Project end date will be adjusted as necessary once the above information is in place.

10/30/14: The bulk of the development and configuration for Phase 1 - Password Reset is complete. The team will meet the week of 11/3/14 to work on the go-live plan and schedule training, as well as any additional testing that may be required.

The status of the plan for Phase 2 - Affiliations is as follows:

  • The Fischer team has provided HSU with the updated requirements document, which does not extend the scope but does refine the business rules.
  • The project team needs to review and agree that this document accurately reflects HSU's needs, and return the document to Fischer
  • The Fischer team will then review the requirements and prepare a project schedule, currestly estimated to be 4-5 weeks
  • Fischer will provide HSU with a roadmap for the project

Fischer has been informed of the need to complete Phase 2 as quickly as possible, since we will be losing some relevant institutional knowledge in ITS due to accelerated retirement plans.

9/24/14: We are working through some system and firewall issues, but continue to make progress towards completing phase 1 in the next few weeks. The phase 2 kick-off meeting has been scheduled for 10/6/14.

8/27/14: We continue to work on setting up the production environment in preparation for the phase 1 go-live. Given the work left to do, we are anticipating a phase 1 go-live date in late September. Phase 2 work on provisioning and role requests may begin in early September.

7/31/14: We have completed the testing for password resets and expirations. Fischer consultants are working with HSU programmers and system administrators to set up our production environment in preparation for the phase 1 go-live. We have run into a few delays during this process and are still working on setting a firm phase 1 go-live date.

6/24/14: Password reset testing is well underway with good results so far. We are also testing the expiration process and other smaller processes. The Fischer consultants have nearly completed preparations for loading all existing users into Fischer as well as the processes to add new users as they become active. We are targeting an early July go-live for the password reset phase and our work will then transition to working on phase 2.

5/29/14: We have made the decision to split this project into two phases: one for password expiration and resets, the area we are currently focused on, and one for account and group provisioning and role requests. While the Fischer consultants are configuring the system to our specifications, we are developing the test scripts. We expect to begin testing in the next couple of weeks and to roll this phase out before the end of June.

4/24/14: Fischer consultants are configuring the server and have begun work on the role request process. We now have access to the site and are receiving early training on how the system will work.

3/26/14: Fischer consultants are continuing the configuration process and starting early training in a sandbox environment. Plans are also under way to upgrade our LDAP systems before go-live.

2/26/14: Fischer consultants are finalizing the implementation timeline and working on configuring the tool.

1/27/14: We have reviewed the requirements document and project plan and are working with the Fischer consultants to develop the implementation plan.

11/26/13: We have completed the build-out of the server environment and are working with Fischer Identity consultants to finalize the requirements document. We expect to have that document and a project plan before the end of December.

10/31/13: Fischer Identity consultants were on campus earlier this month to review our implementation details and build the requirements document. We are installing servers to build out both the development and production environments, and are working on developing data views to provide information from PeopleSoft to Fischer. For the Access Request process, we are looking at options for the best way to display roles for users to select.

9/24/13: Fischer Identity consultants will be on campus the week of 10/16/13 to conduct in-depth discovery meetings. This will enable the consultants to put together the detailed requirements documents and begin working on our project later this year.

8/27/13: Contract details with Fischer Identity are nearly complete, and we are actively preparing material for the planning workshop to be scheduled for September or October.

7/29/13: We have chosen Fischer Identity for our Identity Management solution and are now working through contract details so we can schedule a planning workshop for September or October.

6/24/13: The campus team is now finalizing vendor selection.

5/29/13:  The vendor finalists are presenting to ITS on site 5/29/13 and 5/30/13

4/22/13:  RFQ responses are now being received and scored.  

3/25/13: The RFQ was published on 3/15/13; responses are due in April.

2/25/13: We are continuing vendor demonstrations and assembling our requirements into an RFQ format, with goal of issuing the RFQ in March 2013.

1/28/13: Participating in demonstrations of several products and refining system requirements document

12/20/12: Reviewing commercial options and refining requirements.

11/26/12: The planning process is now in full swing. Reviewing additional commercial products for viability. 

10/30/12: Now that we have a better understanding of the audit concerns, we are re-assessing the planning. This project scope will be coordinated with the Exiting Employee project if that is prioritized in the next cycle.

9/26/12: On-site audit visits are now complete; we are awaiting official draft language before proceeding with the design plans.

9/7/12: Initial planning meetings have been held. An identity management audit is underway which will provide additional information for consideration in the design plans.   

12/21/11: Project approved and scheduled. 

10/28/11: The Persons of Interest Data Cleanup project request has been merged into this project request, as the cleanup will be undertaken as part of the Identity Management project. The two requests will be scored as one project request. 

Project Documents
08-01-12 to 12-31-16

Project Documents

View ITS Department Project Master List