Identity Management Solutions for United Nations Joint Staff Pension Fund (UNJSPF)

1. The UNJSPF currently has an authentication infrastructure based on: Microsoft’s Active Directory (2 independent domains in Geneva, Switzerland and New York, NY) as the identity authoritative source. CA eSSO as the framework automating application launch, application authentication, password synchronization (eSSO scripts executed locally on workstation) and password policy enforcement. KSI hard- and software as the solution providing biometrics authentication. Applications integrated into eSSO are mainly workstation AD authentication, Lotus Domino, Lotus Notes, RACAF, Mainframe application developed in-house, J2EE web applications, Websphere based intranet portal, IBM Content Management, Lawson Financials, Novell file sharing. AD, eSSO and KSI infrastructure are setup in a HA cluster utilizing both Geneva and NY locations. 2. Mandatory Functional Requirements of future Authentication Infrastructure. The UNJSPF seeks to retain its current authentication components (KSI, CA eSSO and MS AD), while adding Identity Management components in order to: a. limit application authentication prompts wherever possible by leveraging AD/eSSO/KSI authentication; b. facilitate centralized account provisioning; c. add reporting and auditing functionality; d. add Self Service functionality; e. have password synchronization done at the back-end instead of at workstation level