Iam
Upcoming SlideShare
Loading in...5
×
 

Iam

on

  • 998 views

 

Statistics

Views

Total Views
998
Views on SlideShare
998
Embed Views
0

Actions

Likes
0
Downloads
22
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Iam Iam Presentation Transcript

  • Identity and Access Management
    Business Ready Security Solutions
    Rune Lystad
    runel@microsoft.com
    Enterprise Solution Manager
  • Multiple identities and limited sign-on help
    Password reset and access requests handled through help desk
    Different sign–on requirements for applications
    ON-PREMISES
    CONTOSO
    Contoso managing Fabrikam accounts
    Separate Remote access solution w/ separate identities
    EMPLOYEES (REMOTE)
    PARTNERS
    Fabrikam
    Fabrikam managing Contoso accounts
    Current SituationTime and labor intensive process
  • Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device
    PROTECT everywhere
    ACCESS anywhere
    INTEGRATE and
    EXTEND security
    SIMPLIFY security,
    MANAGE compliance
    • Provide more secure, always-on access
    • Enable access from virtually any device
    • Extend powerful self-service capabilities to users
    • Automate and simplify management tasks
    • Control access across organizations
    • Provide standards-based interoperability
    Identity and Access Management Strategy
  • Business Ready Security Solutions
    Secure Messaging
    Secure Endpoint
    Secure Collaboration
    Information Protection
    Identity and Access Management
  • Secure Messaging
    Secure Endpoint
    Secure Collaboration
    Information Protection
    Identity and Access Management
    Active Directory®Federation Services
    Business Ready Security Solutions
  • PROTECT Everywhere,
    ACCESS Anywhere
    • Provides seamless, always-on, secure connectivity to on-premises and remote users
    • Eliminates the need to connect explicitly to corporate network while remote
    • Facilitates more secure, end-to-end communication and collaboration
    • Uses a policy-based network access approach
    • Enables IT to easily service, secure, update, and provision mobile machines, whether they are inside or outside the network
    Intranet
    Internet
    Corporate Resources
    DirectAccess Client
    DirectAccess Server
    Internal traffic
    Internet Servers
    Internet traffic
    Windows DirectAccess
  • DirectAccess in Windows 7
    IPv4 Devices
    IPv6 Devices
    IT desktop management
    Native IPv6 with IPSec
    AD Group Policy, NAP, software updates
    IPv6 Transition Services
    Internet
    WinSrv 2008R2 DirectAccess
    Role
    Supports variety of remote network protocols
    Windows 7 Client
  • INTEGRATE and
    EXTEND security
    • Shared identity with partner organizations and cloud services
    • Boost cross-organizational efficiency and communication with more secure access
    • Support the sharing of rights-protected messages between organizations
    Firma A
    Account Forest
    Firma BResource Forest
    Federation
    Trust
    Business Partners
    Token and claims
    Authentication
    Application Access
    Post claims
    AD FS
    AD FS
    AD RMS
    AD DS
    AD DS
    Redirect to Security Token Service (STS)
    SharePoint Server Farm
    User Account/Credentials
    Security Token
    Active Directory Federation Services
  • Cloud Services
    • Implements a single user access model with native single sign on (SSO) and easier federation to on-premise and cloud services
    • Helps provide consistent security with a single user access model externalized from applications
    Security Token
    (e.g., Kerberos Ticket)
    Corporate User
    AD FS
    Exchange
    SharePoint
    Web App
    Claims-Aware
    Application
    AD DS
    • AD FS creates SAML token
    • Signs it with company’s private key
    • Sends it back to the user
    • Access supplied with the token
    Partner
    Single Sign On with Extended Collaboration
  • SIMPLIFY security,
    MANAGE compliance
  • Identity Lifecycle Management
    Create
    Provision user
    Provision credentials
    Provision resources
    Help Desk
    • “Lost” Credentials
    • Password Reset
    • New Entitlements
    Retire
    Policy Management
    De-provision identities
    Revoke credentials
    De-provision resources
    Policy enforcement
    Approvals and notifications
    Audit trails
    Change
    Role changes
    Phone # or titlechange
    Password and PIN reset
    Resource requests
  • Forefront Identity Manager in Action
    Databases
    Self-Service integration
    LOB Applications
    WindowsLog On
    FIM Portal
    Policy Management
    Credential Management
    User Management
    Group Management
    Custom
    ISV PartnerSolutions
    IT Departments
    Directories
    • Policy-based identity lifecycle management system
    • Built-in workflow for identity management
    • Automatically synchronize all user information to different directories across the enterprise
    • Automates the process of on-boarding users
    ActiveDirectory
    LotusDomino
    Workflow
    User Enrollment
    LDAP
    FIM
    SQLServer
    HR System
    Approval
    Oracle DB
    Manager
    FIM CM
    User provisioned on all allowed systems
    Identity ManagementUser provisioning
    • Automated user de-provisioning
    • Built-in workflow for identity management
    • Real-time de-provisioning from all systems to prevent unauthorized access and information leakage
    Identity ManagementUser de-provisioning
    ActiveDirectory
    LotusDomino
    Workflow
    User de-provisioned
    LDAP
    FIM
    SQLServer
    HR System
    Oracle DB
    FIM CM
    User de-provisioned or disabled on all systems
  • Self Service Group Management
    • Self-service group and distribution list management with the FIM 2010 Web portal
    • Office integration allows users to manage group membership from within Microsoft Office Outlook® for maximum productivity
    • Enables users to use Outlook to manage approvals while they are offline
    • Automatically add users to either group based on their employee type at the time they are provisioned to Active Directory
    • Group and distribution list management, including dynamic membership calculation in these groups and distribution lists based on user’s attributes
    Add-in for Office
    SharePoint-Based Management Console
  • Self-Service Password Management
    • Enables users to reset their own passwords through both Windows logon and FIM password reset portal
    • Controls helpdesk costs by enabling end users to manage certain parts of their own identities
    • Improves security and compliance with minimal errors while managing multiple identities and passwords
    ActiveDirectory
    User requests password reset
    Oracle
    FIM Server
    Passwords updates
    SQLServer
    Notes
    End User
    LDAP
    Reset Password
    • FIM capabilities integrated with Windows logon
    • Randomly selects a number of questions
  • Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device
    PROTECT everywhere,
    ACCESS anywhere
    INTEGRATE and
    EXTEND security
    SIMPLIFY security,
    MANAGE compliance
    • Provide more secure, always-on access
    • Enable access from virtually any device
    • Extend powerful self-service capabilities to users
    • Automate and simplify management tasks
    • Control access across organizations
    • Provide standards-based interoperability
    Learn more at www.microsoft.com/forefront
    Summary
  • © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
    The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
    MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.