140 likes | 495 Views
INDIA │ 18-20 august 2010. virtual techdays. Managing Active Directory Using Microsoft Forefront Identity Manager:. Amol R Bhandarkar │ Tech Specialist – Identity & Access, Microsoft Corp. INDIA │ 18-20 august 2010. virtual techdays. Overview of FIM How FIM can help manage AD Demo
E N D
INDIA │ 18-20 august2010 virtual techdays Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar│ Tech Specialist – Identity & Access, Microsoft Corp.
INDIA │ 18-20 august2010 virtual techdays • Overview of FIM • How FIM can help manage AD • Demo • Various scenarios of using FIM to manage AD S E S S I O N A G E N D A
INDIA │ 18-20 august2010 virtual techdays Overview of Forefront Identity Manager 2010 (FIM 2010)
Identity Lifecycle Manager -> Forefront Identity Manager Common Platform Workflow Connectors Logging Web Service API Synchronization Group Management User Management Identity Synchronization User Provisioning Certificate and Smartcard Management Credential Management Policy Management Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Management Workflow and Policy
Forefront Identity Manager - Feature areas UserManagement SharePoint-based console for policy authoring, enforcement & auditing Extensible WS– * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency Credential Management Heterogeneous certificate management with 3rd party CAs Management of multiple credential types, including One Time Passwords Self-service password reset integrated with Windows logon GroupManagement Integrated provisioning of identities, credentials, and resources Automated, codeless user provisioning and de-provisioning Self-service profile management PolicyManagement Rich Office-based self-service group management tools Offline approvals through Office Automated group and distribution list updates 5
End User Scenarios Example Scenario FIM 2010 Advantages UserManagement Automatic routing of multiple approvals Approval process through Office Audit trail of approvals CFO gives final approval for newuser to access app with associated SOX compliance requirement Credential Management Integration with Windows logon No need to call help desk Faster time to resolution Self-service smart card provisioning & management GroupManagement Automatic updating of business applications No need to call help desk Faster time to resolution User changes cell phone number PolicyManagement Request process through Office No waiting for help desk Faster time to resolution User asks to join secure distribution list for newproduct development 6
IT Administrator Scenarios Example Scenario FIM 2010 Advantages UserManagement Centralized management Automatic policy enforcement across systems Author policy to require HRapproval for job title change Generation and delivery of initialone-time use password Integration of smart card & cert enrollment with provisioning Credential Management Create workflow to automatically issue passwords and smart cards to new users GroupManagement Automatic policy enforcement across systems Management of role changes & retirements Automatically provision new employees with identity, mailbox, and credentials PolicyManagement Automatic management of group membership Secure access to departmental resources, with audit trail Design policy to automatically create departmental security groups 7
Forefront Identity Manager in Action Databases Self-Service integration WindowsLog On LOB Applications FIM Portal Policy Management Credential Management User Management Group Management Custom ISV PartnerSolutions IT Departments Directories
How does FIM help in managing AD • User Lifecycle Management • Creation of users / deletion of users • Creating users in specific OU’s • Based on attributes like locations or departments • Create OU, if none exist before, automatically • Maintaining group memberships • Based on criteria like attribute values • Managing Groups and DLs • Allow users to create / manage groups and memberships • Self-Service Password reset • Reset your own password based on challenge / response mechanism • Users can unlock their account if locked
How does FIM help in managing AD • Privilege management tool • Users can request for high level of access • Access can be granted based on approvals • Time based criteria • Enable Smartcard provisioning • Smartcards can be used as two-factor/Strong authentication • Allow user to maintain and manage their own profile • Users can update their information like mobile #, Phone details, etc.
INDIA │ 18-20 august2010 virtual techdays DEMO: Managing AD using FIM 2010 Amol R Bhandarkar│
Demo scenarios • User provisioning / de-provisioning • Group membership change • Automatic change in OU membership • Self-service Password reset • Workflow based approval process • Creation of DL and managing group memberships
INDIA │ 18-20 august2010 virtual techdays • More information about Forefront Identity Manager • www.microsoft.com/fim • www.microsoft.com/ilm • http://blogs.technet.com/amolrb RESOURCES
THANKS│18-20 august2010 virtual techdays amolrb@microsoft.com │http://blogs.technet.com/amolrb