300 likes | 559 Views
Microsoft Identity and Access Management with ILM "2". Christian Jäggli Principal Consultant Microsoft Corporation. Agenda. IDA management today; a burden on IT Align IDA with the right people Microsoft Identity and Access Management Microsoft Identity Lifecycle Manager (ILM)
E N D
Microsoft Identity and Access Management with ILM "2" Christian Jäggli Principal Consultant Microsoft Corporation
Agenda • IDA management today; a burden on IT • Align IDA with the right people • Microsoft Identity and Access Management • Microsoft Identity Lifecycle Manager (ILM) • How ILM “2” addresses the challenges • ILM “2” features • ILM “2” @ work • Technology behind the scene • Release schedule • Resources • Questions & Answers
Wrong PeopleWrong Contexts Greater Complexity Higher Cost Today, the management burden is on IT IT Professionals Respond to the business Respond to users Architecture & deployment System admin Governance & security Managing permissions Creating & deleting user accounts Policy implementation & enforcement Information Workers Call help desk for passwordand access requests Wait up to weeks for access Define business policies Developers Business rule development Custom application development Systems integration
Aligning Experiences with the right People IT Professionals Information Workers Add Update Users Access Credentials Policy Business rules & policy Permissions Group & role membership Distribution lists Passwords & PINs Architecture Deployment System administration Governance Security Audit Revoke Developers System & application integration Custom application development
Enter Microsoft IDA Management Software for policy-based management of identities,credentials, and resources across heterogeneous environments Provides Office-based self-service tools SharePoint admin console to manage identities Greater productivity through faster time to resolution • Empowers People Reduces costs through automation and self-service Maximizes existing investments in Identity Infrastructure Integrates with familiar developer tools to enable new scenarios Delivers Agility and Efficiency Integrates identity, credential, and access management Implements a rich permissions and delegation model Enables system auditing and compliance Increases Security and Compliance
User andDeveloperExperiences MicrosoftOffice Windows WebSites Visual Studio PlatformComponents Active DirectoryFederation Services CertificateServices Rights ManagementServices AD Domain Services & AD Lightweight Directory Services .NET Workflow Foundation Windows Services 20+ Connectors Extensibility WS-* Microsoft's Technology for IDA Microsoft SolutionFocus Areas IdentityLifecycle Mgmt IDAManagement Identity Lifecycle Manager InformationProtection FederatedIdentity StrongAuthentication DirectoryServices
Microsoft Identity Lifecycle Manager Common Platform Workflow Connectors Logging Web Service API Synchronization Group Management User Management Identity Synchronization User Provisioning Certificate and Smartcard Management Credential Management Policy Management Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Management Workflow and Policy
Identity Lifecycle Manager “2” Features UserManagement SharePoint-based console for policy authoring, enforcement & auditing Extensible WS– * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency Credential Management Heterogeneous certificate management with 3rd party CAs Management of multiple credential types, including One Time Passwords Self-service password reset integrated with Windows logon GroupManagement Integrated provisioning of identities, credentials, and resources Automated, codeless user provisioning and de-provisioning Self-service profile management PolicyManagement Rich Office-based self-service group management tools Offline approvals through Office Automated group and distribution list updates
ILM 2 @ workOn-boarding Joe Miller • HR registers Joe’s information in SAP • ILM imports information into IAM data base • Joe’s profile is available in ILM portal • Joe’s manager receives email with link to profile • Manager assigns System roles and profiles for Joe’s role • System Owner approves system access and profiles • Joe’s user accounts and mail box are provisioned • An email with initial password is sent to Joe’s manager • Joe’s first day at work • Joe logs on to his new workstation • Registers for password reset self service • Modifies his profile • Opens Outlook and requests group/DL membership • Group Owner approves/denies request • Joe forgot his password • Joe has logged out and forgot his password. Reset password self service
Technology behind the scene • ILM “2” Server: • Windows Server 2008, 64-bit • Only supported server platform • Internet Information Services 7 (IIS) • .NET Framework 3.0 • Windows Workflow Foundation • Windows Powershell • Web Services (WS*) • MS SQL Server 2008 • SharePoint Services 3.0 • Visual Studio 2008 (for customizing) • Clients Modules: • Windows XP, Windows Vista or Windows 7 • 32- and 64-Bit • Office 2007 (for Office integration)
ILM "2" Architecture Solutions Custom Group Mgmt Credential Mgmt Policy Mgmt User Mgmt ILM Clients Custom Windows Portal Outlook Portal ILM Platform Sync DB ILM Sync ILM Web Service CLM App DB CLM DB Action Workflow Request Processor Delegation& Permissions AuthN Workflow AuthZ Workflow Adapters Cert Mgmt Identity Stores Directories Applications Databases E-Mail Systems
ILM "2" Web Services ILM Web Service • Service on the ILM Server • Providing Web services interfaces for WS* requests by clients and Web interface • Handles Authentication, Authorization, Workflows through Management Policy Rules • All Requests performed are logged and reported • Based on .NET and Windows Workflow foundation App DB Request Processor Delegation& Permissions AuthN Workflow AuthZ Workflow
ILM "2" Sync Engine • Management Agent • Connector Space • Metaverse
ILM "2" User Portal • SharePoint Web Portal (SharePoint Services) for • ILM Administrator • End users for self service • Resource and group administrators • Workflow requestors and approvers • Password Management • User sees only what they are entitled to see and manage • Predefined page layout • But can be customized and branded to user needs trough interface (no coding)
ILM "2" Clients • ILM can use different Clients to access the functionality: • SharePoint portal via Internet Explorer • Windows XP or Windows Vista for Credential Management (Passwords and Smart Cards) • Office Outlook for Group management, approvals and request handling • Any application which can send WS* requests to the ILM Service (for example Helpdesk application) ILM Clients Custom Windows Portal Outlook
ILM “2” Release Schedule RTM Q1 CY 2010 Includes Customer reported updates Experience and guidance from lengthy RC 1 deployment validation Release Candidate 1 Q3 2009 Updates Include Management Policy Rules Explorer Portal updates for usability Historical Data is stored in separated DB RC1 to RTM Migration support Release Candidate Nov 2008 Updates Include Support for scaleout Cross forest group management Email notification enhancements 3rd party CA support Beta 3 June 2008 New Features Include Codeless Provisioning Policy Management Self-service password reset
Resources Learn more about Identity Lifecycle Manager • ILM “2” Product Page: http://www.microsoft.com/ilm2 • ILM 2007 Product Page: www.microsoft.com/ILM 2007 Learn About Microsoft Identity and Access (IDA) • IDA Solutions Home Page: www.microsoft.com/IDA • IDA Partners: www.microsoft.com/IDA Evaluate the ILM “2” Release Candidate • Visit http://www.microsoft.com/ilm2
Your MSDN resourcescheck out these websites, blogs & more! PresentationsTechDays: www.techdays.chMSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspxMSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspx MSDN EventsMSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspxSave the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin MSDN Flash (our by weekly newsletter)Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspx MSDN Team BlogRSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspx Developer User Groups & CommunitiesMobile Devices: http://www.pocketpc.ch/Microsoft Solutions User Group Switzerland: www.msugs.ch.NET Managed User Group of Switzerland: www.dotmugs.chFoxPro User Group Switzerland: www.fugs.ch
Your TechNet resourcescheck out these websites, blogs & more! PresentationsTechDays: www.techdays.ch TechNet EventsTechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin TechNet Flash (our by weekly newsletter)Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspx Schweizer IT Professional und TechNet BlogRSS: http://blogs.technet.com/chitpro-de/ IT Professional User Groups & CommunitiesSwissITPro User Group: www.swissitpro.chNT Anwendergruppe Schweiz: www.nt-ag.chPASS (Professional Association for SQL Server): www.sqlpass.ch
Save the date for tech·days nextyear! 7. – 8. April 2010Congress Center Basel
Premium Sponsoring Partners Classic Sponsoring Partners Media Partner