WIXLIB

Session 41A Session with a Twist:Whatever Happened toSingle Sign-onPaul HillSenior Technical AdvisorFederal Student Aid0

Agenda Opening Remarks / Introduction Single-Sign On (SSO) SSO and the Data Strategy Initiative Enrollment and Access Management Routing ID (RID) Trading Partner Management (TPM) Next Steps1

Single-Sign On RevisitedWhat is SSO?Single Sign-on is the technology thatenables a user to have their credentials(username and password) authenticatedonce and, subsequently, allows the userto utilize this proof of authenticationwhenever required by multiple systems orapplications, in lieu of reentering theircredentials.2

Single Sign-On ReviewWhat does SSO really mean?A solution to simplify the login process: Improves customer access to FSA systemsby offering one user name and password Enables users to login first businessapplication using their enterprise username and password Allows access to additional applicationswithout a separate login3

Data Strategy PurposeThe Right Data to the Right People at the Right Time.11 12 110293847 6 5 Consolidation ofData into SharedSource Focus on DataQuality Trading PartnerEnrollment IntegratedStudent View Single Sign-up IntegratedSchool View AccessManagement Single Sign-on Foundation formore TimelyUpdates Routing ID (RID)4

Data Strategy InitiativesData Strategy has evolved into the integration of five core initiatives. Data Framework–– Standard Student Identification MethodRouting IDRight PeopleTrading Partner Enrollment and Access–– XML ISIRXML Registry and RepositoryCommon Identification–– As-Is and Target State Data FlowsQuality Assurance and Implementation PlanXML Framework–– Right DataTrading Partner ManagementEnrollment and Access ManagementTechnical Strategies––External Data ExchangeData Storage, Management and AccessRight Time11 12 110293847 6 55

Data Strategy Desired OutcomesThe Data Strategy defines FSA’s enterprise data vision and strategy for how it willcombine tools, techniques and processes to handle its enterprise data needs. Cross-Program Integration Business objective gathering sessions comprised of cross-channel business owners andthe establishment of Standard Identifiers for Students and Schools Improved Data Quality Through the execution of a Data Quality Mad Dog and the creation of a Quality Assuranceand Implementation Plan Improved Organization and Distribution of Data Creation of an XML Framework and Internal and External Data Exchange Strategy Establish a Data Storage Strategy Data Warehouse and Data Mart Strategy Plan for organizing data to answer broader, deeper business questions6

Trading Partner ManagementTrading Partner Management Framework(Schools, Guaranty Agencies, Lenders, Third Party Servicers, State Agencies, Software Developers and School On-Going Oversight yData Access ServiceyPortalsIntegrated View ationandEnrollmentProcessing ProcessRequests,DetermineAccessInstitutionlevel SystemEnrollmentand SingleSign Up(SSU)Initial RIDAssignment New nagement Program EligibilityOversight: Audits,financial statements,default rate calculationsCompliance Reviews:Risk assessment,accreditation, studentcomplaints, fundingparameters, referralsEligibility Actions (FPRD,Fines, LOC, LS&T,Referrals)AppealsProactive Oversight,Monitoring, and SupportFinancial Partner OnGoing Oversight Program EligibilityOversight: Audits,financialstatements,ComplianceReviews: Riskassessment,referralsEligibility ActionsAppealsProactive Oversight,Monitoring, andSupportEnterpriseReporting and Audit Services RoutingIdentifier(RID)ServicesPerformance MonitoringCompliance and Oversight EffectivenessFee and Payment Summary ReportingAd-hoc queryingProfile and Demographics ManagementyyFSAGatew ayDemographics ManagementRelationship and Affiliation Management- Enterprise RID ManagementAccess ManagementyyyIndividual User Access ManagementRoles based Single Sign On (SSO)Trading Partner Self-Administered AccessCustomer SupportWorkflow ManagementFSA; Other Government Agencies User Access Points7

Trading Partner Management –Enrollment and Access ManagementTrading Partner Management Framework(Schools, Guaranty Agencies, Lenders, Third Party Servicers, State Agencies, Software Developers and Auditors)EnrollmentManagementData Access ServiceyPortalsIntegrated View ServicesWebApplicationInterfacesy IntegratedApplicationandEnrollmentProcessing y ProcessRequests,DetermineAccessy Institutionlevel SystemEnrollmentand SingleSign Up(SSU)y Initial RIDAssignmentEligibilityManagementSchool On-Going Oversight Program EligibilityOversight: Audits,financial statements,default rate calculations Compliance Reviews:Risk assessment,accreditation, studentcomplaints, fundingparameters, referrals Eligibility Actions (FPRD,Fines, LOC, LS&T,Referrals) Appeals Proactive Oversight,Monitoring, and Support New TradingPartnerApplications Recertifications ProgramParticipationManagement Appeals ProactiveEligibilityManagementFinancial Partner OnGoing Oversight Program EligibilityOversight: Audits,financialstatements, ComplianceReviews: Riskassessment,referrals Eligibility Actions Appeals Proactive Oversight,Monitoring, andSupportReporting and Audit Services e MonitoringCompliance and Oversight EffectivenessFee and Payment Summary ReportingAd-hoc queryingProfile and Demographics ManagementyyFSAGatewayDemographics ManagementRelationship and Affiliation Management- Enterprise RID ManagementAccess ManagementyyyIndividual User Access ManagementRoles based Single Sign On (SSO)Trading Partner Self-Administered AccessCustomer SupportWorkflow ManagementFSA; Other Government Agencies User Access Points8

Existing Enrollment & AccessComplexityThe FSA information system environment for trading partners is complex: 21 information systems provide services to trading partners 5 different hardware platforms and 6 different application servers support trading partner systems 11 different call systems handle different systems and types of user problemsExisting enrollment processes are confusing and repetitive: 17 different procedures are required for trading partners to enroll and register for access in FSAsystems Over 450 data elements are collected during enrollment and registrationFSA systems require different user credentials and enforce different policies: 19 different User ID formats are used for trading partners Many different policies are enforced for minimum password length and password expiration.Management of user access represents substantial administrative overhead: Each trading partner population requires different access privilege definitions 19 different user administration methods are required to manage user accounts9

Enrollment and Access Management OverviewWhat is Enrollment and Access Management?Trading Partner EnrollmentAccess Management(Institutions)(Individual Users)Trading Partner Enrollmentincludes:Increase effectiveness ofpolicies, processes, and toolsthat control: Title IV application access to FSA systems Initial registration ofdelegated administrator what users are allowed to do subsequent changesProgramEnrollment accountabilitySystem AdminEnrollmentAccess ControlAuthenticationIdentity ManagementAuthorizationUser ProvisioningAdministrativeFunctions10

Enrollment and Access RelationshipTradingPartnerSchoolsSTEP 1STEP 2STEP 3TITLE IV inancialInstitutionsDMCSPEPSNSLDSCPSSAIGGovernment LSSDLCSCPSUsersCODeCBCPSUser Based-Inquiry-Variable-AdminMethod 1DMCSeCBeCBAction Based-Submit-Write-ReadMethod 2FMSCODEZAuditEZAuditRole Based-11 Default RolesMethod 3CMDMNSLDSIFAPIFAPNo AccessControls-View Only-Custom QueryMethod 411

Enrollment & Access ManagementThe Challenges: Enrollment Processes are Not StandardizedFSA Has a Diverse User PopulationDifferent Platforms and Security StructuresIncreasing Number of External UsersNo Enterprise View of Enrollment and AccessComplex Compliance RequirementsThe Vision: Managed at the Enterprise LevelTrading Partners Insulated From the Underlying ComplexityConsolidated and IntegratedConsistent User Identity and Privilege InformationThe Benefits: Improved Trading Partner Services, Increased Trading Partner SatisfactionIncreased Administrative EfficiencyImproved Security EffectivenessMore Effective Oversight and Regulatory Compliance12

Enrollment & Access VisionComponentsAccess ConsolidatedData DataCollectionCollectionEligibilityEligibility& rise tion,credentials,access ty and approvalinformationUser provisioningand accountconfiguration dataEnrollment & Security Workflow13

Access Management ApproachWeb Access Control and Identity Management SystemsWeb emIdentityManagementSystemWeb gacySystem14

Trading Partner Management - RIDTrading Partner Management Framework(Schools, Guaranty Agencies, Lenders, Third Party Servicers, State Agencies, Software Developers and School On-Going Oversight yData Access ServiceyPortalsIntegrated View ationandEnrollmentProcessing ProcessRequests,DetermineAccessInstitutionlevel SystemEnrollmentand SingleSign Up(SSU)Initial RIDAssignment New nagement Program EligibilityOversight: Audits,financial statements,default rate calculationsCompliance Reviews:Risk assessment,accreditation, studentcomplaints, fundingparameters, referralsEligibility Actions (FPRD,Fines, LOC, LS&T,Referrals)AppealsProactive Oversight,Monitoring, and SupportFinancial Partner OnGoing Oversight Program EligibilityOversight: Audits,financialstatements,ComplianceReviews: Riskassessment,referralsEligibility ActionsAppealsProactive Oversight,Monitoring, andSupportEnterpriseReporting and Audit Services RoutingIdentifier(RID)ServicesPerformance MonitoringCompliance and Oversight EffectivenessFee and Payment Summary ReportingAd-hoc queryingProfile and Demographics ManagementyyFSAGatew ayDemographics ManagementRelationship and Affiliation Management- Enterprise RID ManagementAccess ManagementyyyIndividual User Access ManagementRoles based Single Sign On (SSO)Trading Partner Self-Administered AccessCustomer SupportWorkflow ManagementFSA; Other Government Agencies User Access Points15

Routing ID (RID) OverviewWhat is the Routing ID (RID)? RID is an eight-digit randomly generated number thatsignifies nothing about the trading partner besides itsidentity RIDs will be assigned to all trading partners interactingwith FSA including schools, servicers, lenders, andguaranty agencies RID will initially be an internal number that will then begradually rolled out to trading partners, where appropriate RID will be used to track trading partners, theirrelationships with other trading partners, and theirinteractions with FSA16

Routing ID (RID) OverviewWhy is RID needed? FSA portfolio of applications consists of 21 primarysystems that trading partners use to originate,disburse, collect, and manage Title IV Financial Aid forstudents Trading partners must present different identifiers toFSA based upon the particular system they areinteracting with or type of business transaction they areconducting There are 16 primary trading partner identifiers Trading partner relationships cause confusion amongcommunity and create ongoing maintenance issues17

Routing ID (RID) VisionThe Routing ID (RID) will provide FSA trading partners a means to interact with FSAsystems and services using a single common identifier across the enterprise,irrespective of system or function. This will result in increased data quality,enhanced oversight capability, and simplified trading partner interactions with FSA.Current StateTrading PartnersInterim StateTrading PartnersCampus Based IDDirect Loan IDLender IDDUNSOPEIDPell IDRIDTG #Title IV CodeEtc.Trading PartnersVarious IDsare still usedwhile others arephased out.RID SolutionFSA EnterpriseTo Be StateFSA EnterpriseTranslation andRelationshipManagementRID**OPEID will bemaintained for anindefinite periodand DUNS willalways be required.RID SolutionRelationshipManagementFSA Enterprise18