IT Leadership Banner 

Strategy 2.2 – Integrate Identity Management, Credentialing, and Access Privileges 

State agencies have accomplished many successful IT initiatives during this past biennium. Selected agency projects are highlighted below. 

Agency Spotlights: Identity Management Services

Agency

Initiative

Commission on State Emergency Communications

CSEC has determined that one of the “core services” to be employed in NG9-1-1 is rights management, which will enable the distribution of 9-1-1 call information to multiple emergency-response agencies, while limiting access to authorized individuals.

General Land Office

The General Land Office is expanding identity management services to include its external customers. This is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an organization) and controlling the access to the resources in that system by placing restrictions on the established identities. It covers issues such as how users are given an identity (within the system), the protection of that identity, and the technologies supporting that protection such as network protocols, digital certificates, passwords, and so on.

Health and Human Services Commission

HHSC has deployed an Enterprise Identity Management solution that provides the means for automated provisioning, de-provisioning, and user access management for 19 applications within the HHS Enterprise. As of May 2010, there were over 15,000 registered users that held over 22,000 application accounts. This solution interfaces with user repositories and systems that deal with user access in other agencies within the HHS Enterprise and enables authentication, implements uniform security policies, allows for single sign-on to applications as well as self service for tasks such as password resets, security question set up, user profile updates, and requests for application access.

These solutions are reusable across other agencies within the HHS Enterprise and outside of the enterprise. Currently the Texas Department of Agriculture uses this solution to manage an application that was legislatively transferred from HHSC.

Enablement of security policies including strong passwords, accessibility enhancements, and dormant account de-provisioning have been at the forefront of recent improvements. Planned initiatives include recertification of application access on an annual basis and the continued expansion of the number of applications protected.

Office of Court Administration

OCA has brought up some systems with two-factor RSA authentication. Less critical or firewall-protected applications will continue to rely on user ID-password management. OCA is also planning to implement biometrics over the next three to four years as equipment is replaced.

Office of the Attorney General

OAG has an identity management system that provides the necessary processes and infrastructure to secure information assets. The system allows administrators and applications to easily and quickly give users necessary and appropriate access to resources and applies appropriate rules and policies to control user rights and privileges. Online applications are able to maintain and identify key attributes of any user who logs in. The OAG ensures that rules and best practices for security and access are enforced and are in compliance with state and federal regulations.

In addition to addressing the critical need to maintain security while allowing a wide variety of users to access many different systems, the OAG's identity management initiatives allow the agency to save time, reduce costs, and make processes more scalable.

Office of the Comptroller of Public Accounts

The CPA utilizes a mainframe-based Resource Access Control Facility identity management solution. This repository provides secure authentication for all state-based applications. The future strategy for the agency’s statewide applications is to leverage the Enterprise Resource Planning (ERP) solution. Since the CPA will host all state human resources information, it will utilize the ERP solution, which provides an identity management strategy based on existing PeopleSoft security. In addition, the CPA is developing systems that will utilize this same ERP-based approach for all tax applications. The agency will work with DIR, as needed, to assist in determining identity management requirements for Texas.

Public Utility Commission of Texas

PUC currently has an internal identity management system that controls access and privileges for all agency internal network access and applications. When the new agency portal is launched, there will be an identity management system for our external customers in order to direct them to specific information and applications within the portal, providing security for data housed on the portal. The PUC will continue to investigate streamlining identity management, keeping in mind a high level of security but the need for interoperability.

Railroad Commission

RRC’s largest user database is contained in Novell Directory Service (NDS). Lightweight Directory Access Protocol (LDAP) is being used to access NDS from external applications. This approach will establish a foundation for identity management. This will position the RRC to take advantage of a statewide solution.

Texas Department of Agriculture 

TDA systems development staff relies on three primary means of identity management strategies. For our office productivity tools and personal computing devices, TDA uses the Microsoft Active Directory architecture. The Active Directory allows for a more simplified management interface and also allows developers to extend those services to authentication for our newer applications.

TDA’s legacy applications, utilize Java to incorporate authentication within the application and rely on an Oracle database to store the credentials. However, as TDA builds new applications, we are using Active Directory when feasible.

TDA does have one application, Special Nutrition Automated Processing System (SNAPS), that was transferred to TDA from HHSC as part of HB-4062 (80R) that uses the Tivoli suite of identity management. TDA does not utilize this identity management tool for any other application. It is worth noting that this application will be replaced in fiscal 2011 and the Tivoli component will be retired at that time. 

Texas Department of Motor Vehicles

TxDMV became an agency on November 1, 2009.  During this interim period, TXDOT will be assisting TxDMV with support for its IT systems, applications, and operations.  TxDOT uses multiple identify management tools to protect TxDMV IT resources. For all environments except the mainframe, TxDOT has implemented the standard industry protocol LDAP (Lightweight Directory Access Protocol) to provide identity management. For the mainframe environment, TxDOT utilizes the TopSecret product for identity management. TxDOT maintains detailed access criteria documentation for all production applications that map job functions to application and data access level. These documents are used by TxDOT security administrators to provide guidance in defining a user’s access to applications and data.

TxDOT has implemented a comprehensive compliance monitoring system that continuously monitors both the LDAP and TopSecret user data to ensure identity data is accurate and up-to-date. This includes validating that terminated employees are removed and leveraging the access criteria data to ensure that employees’ job functions properly align with their data access.

Texas Higher Education Coordinating Board

THECB’s identity management solution is largely centralized and work continues toward single sign-on. All new applications use the single sign-on, and older applications will be remediated during the next two years.

A single FERPA-compliant sign-on is planned as part of the Rider 51 pilot project. In that project, TEA and the Coordinating Board will serve as an umbrella for as many as eight other state websites that provide support for college and career readiness.

Texas State Board of Plumbing Examiners 

The board’s integrated licensing, examination, and enforcement application that will be implemented at the end of fiscal 2010 will serve as the primary application for handling secure database information and will allow for continued identity management. Security rules for different users of the application in various departments will be set up by the system administrator, requiring each authorized individual to use one set of identification information for access to the agency database. The TSBPE’s network is accessed by approved users after securely accessing a desktop computer.  

The University of Texas System

The Lonestar Education and Research Network (LEARN), collaborating with the University of Texas System, developed and deployed an identity management federation (idMF) for Texas institutions. The system allows for the sharing of data and resources through a trustworthy identity management system to support education and research. The idMF interfaces with the national InCommon Federation to promote a secure national collaboration environment for researchers.

The University of Texas System developed an Identity Management Federation that complements LEARN’s idMF. The UT System project was developed to provide a secure, scalable, interoperable identity management system for the component institutions of the University of Texas to support trusted collaboration among institutions.

The LEARN idMF also is utilized by the Texas Digital Library (TDL) to manage the relationships among TDL members and enhance collaboration among Texas researchers and academics.

Back to Top

    © Department of Information Resources 2012