Campus Identity Resource Request

Owned by Steven Maglio
Last updated: May 21, 2020 by Diana Antova

Background

The Campus Digital Transformation Team (Low Code/No Code Workflow Team) has reached out to explore if the Campus API Gateway can be the central API endpoint for their workflow services. The Campus Business Intelligence team has reached out to the Campus API Gateway team to explore if Business Intelligence can use the Campus API Gateway to export data from Data Lakes to our Cloud based Business Intelligence systems. Both of these projects will increase the number of requests for access, modification, and usage of the Campus APIs.

Currently, the Campus API Gateway team processes all requests by hand for each individual request as received. These include requests to create accounts on the Campus API Portal website, new Application Service Account requests, new Application API Access Requests and API Access Modifications.

Problem

For application development, the Campus API Gateway customers need two IDs to use the system, an Apigee Id and a Campus Service Account. Application Service Accounts are requested by the application developer from a separate team: the Campus Identity team. The API Gateway team creates the Apige accounts for API consumers.

Due to the manual handling of API requests, an increase in requests will add to the Campus API Gateway team’s workload. It is also very confusing to the Campus API customers when it comes to creating Application Service Accounts as they need to request those accounts from a separate team: Campus Identity; and report the created accounts back to the Campus API Gateway team. This creates a slow process, which is confusing to understand and implement, resulting in a poor end-user experience for the customers wanting to use the system.

The API team has identified the need to implement a self-service capability that ties together the campus API products and the Campus identity products.

Request

The Apigee API team is requesting a resource from the Campus Identity Team, with at least 70% of their time dedicated to Campus API Gateway needs to accomplish the following tasks:

  • Create a Single Sign On experience between the Campus Identity systems and the Campus API Portal Drupal based website

    • This requires Drupal programming to integrate SSO responses back into the creation of Apigee Accounts

  • Extend the Campus API Portal to be a one stop Self Service Portal for the creation and management of Campus Identity Service Accounts

    • Requires Drupal programming to integrate the creation and deletion of Campus Identity accounts through the Portal

  • Extend the Campus API Portal to integrate API Access Request Workflows and API Permissions

    • This requires Drupal programming to connect the Drupal workflow system with the Apigee Permissions system

  • Integrate Campus Identity OAuth into the Campus API request validation system so that the number of accounts used can be consolidated to only the Campus Identity Service Account

    • This requires new fields to be created in Campus Identity to store Apigee Client Id

    • This requires Drupal programming to ensure the Campus Identity Id and Apigee Client Id flow between each other

  • Provides maintenance and support for the developer portal’s self-service identity management capabilities.

Prerequisites

Please notice that the Apigee developer portal developer.ucsb.edu has to be migrated from to Drupal 8 from Drupal 7 before the identity enhancements can be accomplished.