Date post: | 25-Dec-2015 |
Category: |
Documents |
Upload: | ira-richardson |
View: | 219 times |
Download: | 2 times |
Microsoft Identity and Access Management with ILM "2"Christian JäggliPrincipal ConsultantMicrosoft Corporation
Agenda
IDA management today; a burden on ITAlign IDA with the right peopleMicrosoft Identity and Access ManagementMicrosoft Identity Lifecycle Manager (ILM)How ILM “2” addresses the challengesILM “2” featuresILM “2” @ workTechnology behind the sceneRelease scheduleResourcesQuestions & Answers
Today, the management burden is on IT
Information WorkersCall help desk for passwordand access requestsWait up to weeks for accessDefine business policies
DevelopersBusiness rule developmentCustom application developmentSystems integration
Wrong PeopleWrong ContextsGreater ComplexityHigher Cost
IT ProfessionalsRespond to the businessRespond to usersArchitecture & deploymentSystem adminGovernance & securityManaging permissionsCreating & deleting user accountsPolicy implementation & enforcement
Business rules & policyPermissionsGroup & role membershipDistribution listsPasswords & PINs
Aligning Experiences with the right People
ArchitectureDeploymentSystem administrationGovernance Security
System & application integrationCustom application development
Users
Access Credentials
Policy
IT Professionals Information Workers
Developers
Add
UpdateRevokeAud
it
Enter Microsoft IDA Management
Integrates identity, credential, and access managementImplements a rich permissions and delegation modelEnables system auditing and compliance
Provides Office-based self-service toolsSharePoint admin console to manage identitiesGreater productivity through faster time to resolution
Reduces costs through automation and self-serviceMaximizes existing investments in Identity InfrastructureIntegrates with familiar developer tools to enable new scenarios
Empowers People
Delivers Agility and Efficiency
Increases Security
and Compliance
Software for policy-based management of identities,credentials, and resources across heterogeneous environments
Microsoft's Technology for IDA
DirectoryServices
StrongAuthentication
FederatedIdentity
InformationProtection
Microsoft SolutionFocus Areas
IdentityLifecycle
Mgmt
Extensibility
20+ Connectors WS-*
PlatformComponents
.NET Workflow Foundation Windows Services
AD Domain Services & AD Lightweight Directory Services
Active DirectoryFederation Services
Rights ManagementServices
CertificateServices
MicrosoftOffice Windows Web
Sites Visual StudioUser andDeveloperExperiences
Identity Lifecycle Manager IDAManagement
Microsoft Identity Lifecycle Manager
Identity SynchronizationUser ProvisioningCertificate and Smartcard Management
Office Integration for Self-ServiceSupport for 3rd Party CAsCodeless ProvisioningGroup & DL ManagementWorkflow and Policy
User Management
GroupManagement
Credential Management
Common PlatformWorkflowConnectorsLoggingWeb Service APISynchronization
PolicyManagement
Identity Lifecycle Manager “2” Features
Credential Management
Heterogeneous certificate management with 3rd party CAsManagement of multiple credential types, including One Time PasswordsSelf-service password reset integrated with Windows logon
GroupManagement
Rich Office-based self-service group management toolsOffline approvals through OfficeAutomated group and distribution list updates
UserManagement
Integrated provisioning of identities, credentials, and resourcesAutomated, codeless user provisioning and de-provisioningSelf-service profile management
PolicyManagement
SharePoint-based console for policy authoring, enforcement & auditingExtensible WS– * APIs and Windows Workflow Foundation workflowsHeterogeneous identity synchronization and consistency
ILM 2 @ workOn-boarding Joe Miller
HR registers Joe’s information in SAPILM imports information into IAM data baseJoe’s profile is available in ILM portalJoe’s manager receives email with link to profile
Manager assigns System roles and profiles for Joe’s roleSystem Owner approves system access and profilesJoe’s user accounts and mail box are provisionedAn email with initial password is sent to Joe’s manager
Joe’s first day at workJoe logs on to his new workstationRegisters for password reset self serviceModifies his profileOpens Outlook and requests group/DL membershipGroup Owner approves/denies request
Joe forgot his passwordJoe has logged out and forgot his password. Reset password self service
Technology behind the scene
ILM “2” Server:Windows Server 2008, 64-bit
Only supported server platformInternet Information Services 7 (IIS).NET Framework 3.0Windows Workflow FoundationWindows PowershellWeb Services (WS*)
MS SQL Server 2008SharePoint Services 3.0Visual Studio 2008 (for customizing)
Clients Modules:Windows XP, Windows Vista or Windows 732- and 64-BitOffice 2007 (for Office integration)
ILM "2" ArchitectureSolutions Group
MgmtCredential
MgmtPolicy Mgmt
CustomUser Mgmt
Outlook Portal Windows Custom
ILM Clients
ILM PlatformILM SyncILM Web
Service
AuthZWorkflow
AuthN Workflow
Delegation& Permissions
Action Workflow
AppDB
Adapters
Request Processor
SyncDB
Directories Databases E-Mail SystemsApplications
Identity Stores
Cert Mgmt
CLMDB
CLM
Portal
ILM "2" Web Services
Service on the ILM ServerProviding Web services interfaces for WS* requests by clients and Web interfaceHandles Authentication, Authorization, Workflows through Management Policy RulesAll Requests performed are logged and reportedBased on .NET and Windows Workflow foundation
ILM Web Service
AuthZWorkflow
AuthN Workflow
Delegation& Permissions
AppDB
Request Processor
ILM "2" User Portal
SharePoint Web Portal (SharePoint Services) for
ILM AdministratorEnd users for self serviceResource and group administratorsWorkflow requestors and approversPassword Management
User sees only what they are entitled to see and managePredefined page layout
But can be customized and branded to user needs trough interface (no coding)
ILM "2" Clients
ILM can use different Clients to access the functionality:
SharePoint portal via Internet ExplorerWindows XP or Windows Vista for Credential Management (Passwords and Smart Cards)Office Outlook for Group management, approvals and request handlingAny application which can send WS* requests to the ILM Service (for example Helpdesk application)
Outlook Portal Windows Custom
ILM Clients
Beta 3June 2008New Features Include
Codeless ProvisioningPolicy ManagementSelf-service password reset
Release CandidateNov 2008Updates Include
Support for scaleoutCross forest group managementEmail notification enhancements3rd party CA support
RTMQ1 CY 2010Includes
Customer reported updates Experience and guidance from lengthy RC 1 deployment validation
Release Candidate 1Q3 2009Updates Include
Management Policy Rules ExplorerPortal updates for usabilityHistorical Data is stored in separated DBRC1 to RTM Migration support
ILM “2” Release Schedule
Resources
Learn more about Identity Lifecycle ManagerILM “2” Product Page: http://www.microsoft.com/ilm2 ILM 2007 Product Page: www.microsoft.com/ILM 2007
Learn About Microsoft Identity and Access (IDA)IDA Solutions Home Page: www.microsoft.com/IDAIDA Partners: www.microsoft.com/IDA
Evaluate the ILM “2” Release CandidateVisit http://www.microsoft.com/ilm2
Your MSDN resourcescheck out these websites, blogs & more!
PresentationsTechDays: www.techdays.chMSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspxMSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspx
MSDN EventsMSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspxSave the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin
MSDN Flash (our by weekly newsletter)Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspx
MSDN Team BlogRSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspx
Developer User Groups & CommunitiesMobile Devices: http://www.pocketpc.ch/Microsoft Solutions User Group Switzerland: www.msugs.ch.NET Managed User Group of Switzerland: www.dotmugs.chFoxPro User Group Switzerland: www.fugs.ch
Your TechNet resourcescheck out these websites, blogs & more!
PresentationsTechDays: www.techdays.ch
TechNet EventsTechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin
TechNet Flash (our by weekly newsletter)Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspx
Schweizer IT Professional und TechNet BlogRSS: http://blogs.technet.com/chitpro-de/
IT Professional User Groups & CommunitiesSwissITPro User Group: www.swissitpro.ch NT Anwendergruppe Schweiz: www.nt-ag.ch PASS (Professional Association for SQL Server): www.sqlpass.ch
Available Connectors (Management Agents)Type of System Management Agents
Network Operating Systems and Directory Services
• Microsoft Active Directory Windows Server 2003 R2, 2003, and 2000
• Microsoft Active Directory Application Mode Windows Server 2003 R2 and 2003
• Microsoft Windows NT 4.0 • IBM Tivoli Directory Server • Novell eDirectory 8.6.2, 8.7, and 8.7.x • Sun Directory Server (Netscape/iPlanet/SunONE) 4.x and 5.x
Mainframe • IBM Resource Access Control Facility (RACF)• Computer Associates eTrust ACF2 • Computer Associates eTrust Top Secret
Email and Messaging • Microsoft Exchange 2007, 2003, 2000, and 5.5 • Lotus Notes 6.x, 5.0, and 4.6
Applications • SAP 5.0 and 4.7 • Telephone switches • XML-based systems • DSML-based systems
Databases • Microsoft SQL Server 2005, 2000, and 7 • IBM DB2 • Oracle 10g, 9i, and 8i
File-Based • Attribute value Pairs • CSV • Delimited • Fixed Width • Directory Services Markup Language (DSML) 2.0 • LDAP Interchange Format (LDIF)
All Other • Extensible Management Agent for connectivity to all other systems