Proprietary & Confidential© 2004 Netegrity, Inc. All rights reserved.
Matthew GardinerProduct Marketing Manager
Provisioning
2Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Agenda
Business Goals & Impacts
Introduction to IAM & Provisioning
IdentityMinder eProvision
Case Studies
Roadmap Overview
3Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
The Problem – IGetting New People Productive Quickly
IT AdministratorNew
Employee
Start Date
End Date
Project
Location
Department
DivisionCompany
Resources
Directory
Phone
Database
Security
4Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
The Problem - IIKeeping People Connected
Transferred to a New Site New mobile phone service Remote network access Terminate local network access
Promoted New business cards New laptop Return old laptop
Added to Task Force Access to database New groupware account File sharing capabilities
Project Terminated Access terminated Groupware account
terminated
On to New Challenges All assets returned All access to
systems denied
Hired
5Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
The Problem – IIIDe-Provisioning People
Recover IT equipment, re-deploy licenses & IT assets
Get people “out of the system” at the touch of a button
Maintain accurate IT audit of former personnel
Increase security
Provide accountability
Aides compliance– Sarbanes-Oxley, Italian Law 196, Basel II, etc…– Focus on IT Control & Privacy
Directory
Phone
Database
Security
6Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Why is this hard?
Identity Information Is Scattered Throughout
the Enterprise
Many UsersCustomersEmployees
Partners
Many ApplicationsLogistics, Financial,
Service
Many IdentitiesNT, RDBMS,LDAP, UNIX
7Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Why is this hard…Silos?
UserStore
UserStore
Security Layer
UserStore
Security Layer
UserStore
Security Layer
Security Layer
Linux
Application Layer
Unix
Application Layer
Windows
Application Layer
HPUX
Application Layer
Heterogeneous Environments
Employee Customer Partner WebService
8Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Significant Impacts
Password reset & ID problems represent 15% - 35% of helpdesk call volume (Gartner)– Typical cost per call $10 - $31
Many man-hours of management/administrator time spent approving/administering resource requests
Waiting time for new user IDs & application entitlements too long Long lag time between user termination & disablement of IDs
– Change within “user-owner” organization is not communicated out– Often user is never de-provisioned from all systems
o IDC say upwards of 60% accounts are “orphaned”
Many access requests received outside of the documented process– Random phone calls, emails, & hallway conversations– Represents potential IT control problem
Difficulty documenting adherence to corporate security policies & compliance with government regulations
Costly to create & maintain homegrown identity management systems
9Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Key Drivers of Provisioning
Cost & Productivity– Highly automated administration processes– User self-service
Security & Compliance– Adds controls over granting & revocation of privileges– Processes are repeatable & auditable– Extensive audit support and management reporting adds IT control– Enforced segregation of duties also enhances IT control
User Experience– Seamless & personalized access to systems– Direct control over own profile, entitlements, and password(s)
reduces wasted time
Key Benefits
Cost & Productivity
Security & Compliance
User Experience
10Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
IAM OverviewWhat Is Identity & Access Management?
Identity Management
Create Enable
Disable Change
Access Management provides the foundation of security infrastructure:
Enforcement
Identity Management automates the lifecycle of the user’s relationship with the enterprise:
Administration
Web Apps
Web Services
AccessManagement
Legacy Apps
11Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
IdentityMinder® eProvision TransactionMinder® SiteMinder® IdentityMinder® Web
Netegrity’s Modular Solution Offerings
Modular Approach
Netegrity Identity and Access Management
TransactionMinder SiteMinderIdentityMinder
Web
IdentityMinder
eProvision
The Leading Solution
Manageability
Performance
Heterogeneity
Comprehensive
Availability
Centralized
Unique Solution
Policy-Based
Standards Support
Leverages Identity
Built on SiteMinder
Self-Service
Delegation
Optimized for Extranet Users
Role-Based
Workflow
Optimized for Intranet Users
Dynamic Workflow
Connector Architecture
Connector Tool
Password Services
12Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Two IdentityMinder’s?
Organizations approach the problem 3 ways (figure out with whom you are talking)– “I care about administering my external (extranet) Web users”
o IdentityMinder Web Edition
– “I care about my administering my employees & contractors for internal resources”
o IdentityMinder eProvision
– “I care about administering all of my users in my enterprise using a single system”
o IdentityMinder Enterprise Edition
Netegrity’s IdentityMinder product family is integrated today– Merging in 2005
IdentityMinder provides an enterprise identity management solution – Provides user administration & resource provisioning– Can be deployed modularly
13Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
IdentityMinder® eProvision
IT Administrator
Self-Service
HR System
Manual Work OrdersE-MAIL
ERP & CRM Voice RDBMS Directory NOS
Initiate Workflow
DetermineResource Impacts
ExecuteResource Changes
Name: Fred
Department: Sales
Position: Engineer
Supervisor: Mary
Start Date: 1/21/03 Approvals &Notifications
Log Actions &Generate Reports
Provision Users to Resources
14Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Case StudyInternational Paper
Problem– Administer roll-out of SAP-based portal to entire company
o Single platform for company data, email and SAP access– Reduce long-term admin costs for all corporate resources
o Systems, PCs, phones, badges– Support Sarbanes-Oxley compliant control structure
Organizational Information– Fortune 500 forest products company– 90,000 employees worldwide
Solution– IdentityMinder eProvision
o Active Directory, Notes, SAP Portal, RSA tokenso Password Services
– Future phases: All corporate resources including hardwareo PBX, Company cars, VPN, badges, PCs, etc.
15Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Case StudyWeyerhaeuser
Problem– Insufficient control over IT assets
o Especially considering Sarbanes Oxley & California privacy laws– High cost of manual administration– Poorly integrated web & non-web identity and access control
processes
Organizational Information– 57,000 employees worldwide in 18 countries– Numerous supply chain and trading partners
Solution:– IdentityMinder Enterprise Edition
o Peoplesoft HR, SAP Accounts, Windows, Exchange, ODBCo Web access control; password management
16Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Case StudySchering-Plough
Problem:– Had internally-built provisioning system, wanted to replace– Compliance with new regulations– Ran pilot with competitive product for 18 months; they could not meet
requirements
Organizational Information:– 30,000 managed users, 350,000 user accounts
Solution:– IdentityMinder eProvision
o NT, Active Directory, Exchange 5.5, Novell NDSo ODBC databases, application provisioning
– Phase II – Unix (AIX, HPUX, Sun Solaris), Oracle 7, 8 and 9– Phase III – IBM OS 3 with Top Secret, AS/400 and Documentum.
17Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Start
Yield
Stop
Key Functionality
Connecting Business-to-IT– Business people drive changes– Rules vs. roles
Dynamic workflow
IT automation
Reverse synchronization
Self-service
Delegated administration– Assigning tasks– Out of office– Teams and projects
Auditing and reporting
Password management
Customizable user interface
Architecture and scalability– System architecture– Distributed security
Configuration and maintenance tools
18Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Provisioning Connectors
Provisioning Connectors – Communicate with business and IT systems,
automating business requests into resource-specific commands
Long list of OOTB connectors– PeopleSoft HR, Windows, Exchange, Solaris,
RDBMS, Seibel, SAP, LDAP, Assets
ePM Xpress– Easy to use Wizard-based approach for
ODBC, LDAP and other custom systems
Connector Management– Robust administrative tools for installing and
managing connectors
19Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
Deep Provisioning Experience
Major global provisioning customers around the globe
IdentityMinder eProvision– First introduced in 2000– Nearly 1.2M users licensed
worldwide
20Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
IdentityMinder Road Map
Q2’04 Q3’04 Q4’04 Q1’05 Q2’05
IdentityMinder 6.5 Integrated Web and
Provisioning
IdentityMinder WE 6.0 Improved GUI RDBMS support
eProvision 4.0 SP2
Workflow groups Clustering
IdentityMinder WE 5.6 SP3 Cert with eProv 4.0 SP1 Integ J2EE Id Mgmt
IdentityMinder WE 6.0 SP1 Cert with eProv 4.0 SP2
Password Management Platforms (TBD)
eProvision 4.0 SP1
J2EE Architecture Dynamic Workflow
21Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
IdentityMinder eProvision 4.0 SP1
Currently available J2EE architecture
– Support for Windows and Solaris
New Dynamic Workflow Server– Graphical configuration interface– Optimal task generation and scheduling
Enhanced Policy Builder– Develop policy expressions for reverse-sync as well as activity
policies
Unified Designer– Manage the entire provisioning deployment with one designer
interface
Comprehensive APIs
22Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.
IdentityMinder 6.5
Target Q2 2005– Next major step of merging & integration
Merger of Web Edition & eProvision into one code base– Continue to leverage J2EE deployments
– Single administrative GUI
– Integration of rules & roles
– Single access control model
Ease of use– Enhanced user-interface for user/group, role/rule/resource
management
– Simplified install & deployment
– Single audit/reporting view