Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Your organization not listed? Create a local account to use Internet2 services.

Create SiteID

Federating an Outsourced Human Resources Service

NYU, PeopleAdmin Use InCommon For Human Resource Management

April 2009

Download PDF

Solution Summary

New York University introduced PeopleAdmin to Shibboleth and InCommon to federate access to their HR system, spanning 14 schools and college and more than 25 countries. The development communities of both Shibboleth and InCommon were very supportive, and PeopleAdmin has begun exploring the possibilities of standardized federation for its other clients.

Collaborators

Products & Services

PeopleAdmin provides human resources software to higher education and the public sector. The software provides an electronic workflow for an online application and tracking process, as well as a method for electronically managing position descriptions and performance evaluations.

Founded in 1831, New York University is the largest private university in the United States, with more than 40,000 students attending 14 schools and colleges at five major centers in Manhattan and in more than 25 countries around the world.

The Problem

Searching for a way to improve workflow and automate some processes, the NYU human resources office contracted with PeopleAdmin to outsource its online application process, as well as its process for managing and tracking position descriptions and performance evaluations. Initially, 200 people would have access to PeopleAdmin, but that number could grow to more than 2,000.

NYU’s central IT office became involved early in the process to determine the most efficient and scalable way to manage access to the new HR system, which would be hosted outside of the university. While PeopleAdmin supports an LDAP interface, the university has growing concerns about providing outside access to its directory services.

For its part, PeopleAdmin saw that the use of LDAP could present roadblocks. “More and more, we are finding that IT professionals are not keen on exposing their LDAP to external applications, for security reasons,” said Matt Thomas, director of business development and integrations at PeopleAdmin. Maintaining a database of user IDs and passwords presented its own logistical problems for the company. “If you have thousands of people across the entire institution, user maintenance can become quite a problem,” Thomas pointed out.

The Solution

NYU introduced PeopleAdmin to the benefits of federating, including the ability to leverage NYU’s identity management system.

“Early on, we raised the issue of federated access and the use of Shibboleth® [Single Sign-on and Federating Software],” said Gary Chapman, senior information technology architect at NYU. “We proposed sponsoring PeopleAdmin to join InCommon if they would implement the Shibboleth service provider and federate their application. They agreed rather quickly on doing this.”

“NYU made a very strong case for the use of Shibboleth and InCommon,” Thomas said. “Shib has created this great platform and the federation allows all universities to talk together. That matches our business model and our interest. It is a natural fit.”

The Result

“In the end, the nice thing about working with InCommon and Shibboleth, over other protocols, is the common, agreed-upon standardization. This will be much easier to replicate with other institutions.”

Matt Thomas, PeopleAdmin

“NYU is our first customer using Shibboleth and we expected it would take longer the first time,” said Heather Tufts, lead integration project manager at PeopleAdmin. “Since we are a hosted system, we have three URLs that Shib has to sort out – a production URL, a test/sandbox URL and a training URL which correspond to NYU’s live site, testing site, and training site, respectively.”

“This process was all new to us and the community involvement is very, very helpful,” Thomas said. “We would throw out questions to the Shibboleth users list and, many times, would get a response within minutes. We worked through the issues, thanks to the help of NYU and the community.”

“In the end, the nice thing about working with InCommon and Shibboleth, over other protocols, is the common, agreed-upon standardization,” Thomas said. “This will be much easier to replicate with other institutions.”

PeopleAdmin has now experienced significant interest in its federated application. “We plan to highlight our ability to federate at our upcoming client conference and we’ve entered into discussions with institutions that we know are InCommon members,” Thomas said.