• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Iam
 

Iam

on

  • 871 views

 

Statistics

Views

Total Views
871
Views on SlideShare
871
Embed Views
0

Actions

Likes
0
Downloads
20
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Iam Iam Presentation Transcript

    • Identity and Access Management
      Business Ready Security Solutions
      Rune Lystad
      runel@microsoft.com
      Enterprise Solution Manager
    • Multiple identities and limited sign-on help
      Password reset and access requests handled through help desk
      Different sign–on requirements for applications
      ON-PREMISES
      CONTOSO
      Contoso managing Fabrikam accounts
      Separate Remote access solution w/ separate identities
      EMPLOYEES (REMOTE)
      PARTNERS
      Fabrikam
      Fabrikam managing Contoso accounts
      Current SituationTime and labor intensive process
    • Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device
      PROTECT everywhere
      ACCESS anywhere
      INTEGRATE and
      EXTEND security
      SIMPLIFY security,
      MANAGE compliance
      • Provide more secure, always-on access
      • Enable access from virtually any device
      • Extend powerful self-service capabilities to users
      • Automate and simplify management tasks
      • Control access across organizations
      • Provide standards-based interoperability
      Identity and Access Management Strategy
    • Business Ready Security Solutions
      Secure Messaging
      Secure Endpoint
      Secure Collaboration
      Information Protection
      Identity and Access Management
    • Secure Messaging
      Secure Endpoint
      Secure Collaboration
      Information Protection
      Identity and Access Management
      Active Directory®Federation Services
      Business Ready Security Solutions
    • PROTECT Everywhere,
      ACCESS Anywhere
      • Provides seamless, always-on, secure connectivity to on-premises and remote users
      • Eliminates the need to connect explicitly to corporate network while remote
      • Facilitates more secure, end-to-end communication and collaboration
      • Uses a policy-based network access approach
      • Enables IT to easily service, secure, update, and provision mobile machines, whether they are inside or outside the network
      Intranet
      Internet
      Corporate Resources
      DirectAccess Client
      DirectAccess Server
      Internal traffic
      Internet Servers
      Internet traffic
      Windows DirectAccess
    • DirectAccess in Windows 7
      IPv4 Devices
      IPv6 Devices
      IT desktop management
      Native IPv6 with IPSec
      AD Group Policy, NAP, software updates
      IPv6 Transition Services
      Internet
      WinSrv 2008R2 DirectAccess
      Role
      Supports variety of remote network protocols
      Windows 7 Client
    • INTEGRATE and
      EXTEND security
      • Shared identity with partner organizations and cloud services
      • Boost cross-organizational efficiency and communication with more secure access
      • Support the sharing of rights-protected messages between organizations
      Firma A
      Account Forest
      Firma BResource Forest
      Federation
      Trust
      Business Partners
      Token and claims
      Authentication
      Application Access
      Post claims
      AD FS
      AD FS
      AD RMS
      AD DS
      AD DS
      Redirect to Security Token Service (STS)
      SharePoint Server Farm
      User Account/Credentials
      Security Token
      Active Directory Federation Services
    • Cloud Services
      • Implements a single user access model with native single sign on (SSO) and easier federation to on-premise and cloud services
      • Helps provide consistent security with a single user access model externalized from applications
      Security Token
      (e.g., Kerberos Ticket)
      Corporate User
      AD FS
      Exchange
      SharePoint
      Web App
      Claims-Aware
      Application
      AD DS
      • AD FS creates SAML token
      • Signs it with company’s private key
      • Sends it back to the user
      • Access supplied with the token
      Partner
      Single Sign On with Extended Collaboration
    • SIMPLIFY security,
      MANAGE compliance
    • Identity Lifecycle Management
      Create
      Provision user
      Provision credentials
      Provision resources
      Help Desk
      • “Lost” Credentials
      • Password Reset
      • New Entitlements
      Retire
      Policy Management
      De-provision identities
      Revoke credentials
      De-provision resources
      Policy enforcement
      Approvals and notifications
      Audit trails
      Change
      Role changes
      Phone # or titlechange
      Password and PIN reset
      Resource requests
    • Forefront Identity Manager in Action
      Databases
      Self-Service integration
      LOB Applications
      WindowsLog On
      FIM Portal
      Policy Management
      Credential Management
      User Management
      Group Management
      Custom
      ISV PartnerSolutions
      IT Departments
      Directories
      • Policy-based identity lifecycle management system
      • Built-in workflow for identity management
      • Automatically synchronize all user information to different directories across the enterprise
      • Automates the process of on-boarding users
      ActiveDirectory
      LotusDomino
      Workflow
      User Enrollment
      LDAP
      FIM
      SQLServer
      HR System
      Approval
      Oracle DB
      Manager
      FIM CM
      User provisioned on all allowed systems
      Identity ManagementUser provisioning
      • Automated user de-provisioning
      • Built-in workflow for identity management
      • Real-time de-provisioning from all systems to prevent unauthorized access and information leakage
      Identity ManagementUser de-provisioning
      ActiveDirectory
      LotusDomino
      Workflow
      User de-provisioned
      LDAP
      FIM
      SQLServer
      HR System
      Oracle DB
      FIM CM
      User de-provisioned or disabled on all systems
    • Self Service Group Management
      • Self-service group and distribution list management with the FIM 2010 Web portal
      • Office integration allows users to manage group membership from within Microsoft Office Outlook® for maximum productivity
      • Enables users to use Outlook to manage approvals while they are offline
      • Automatically add users to either group based on their employee type at the time they are provisioned to Active Directory
      • Group and distribution list management, including dynamic membership calculation in these groups and distribution lists based on user’s attributes
      Add-in for Office
      SharePoint-Based Management Console
    • Self-Service Password Management
      • Enables users to reset their own passwords through both Windows logon and FIM password reset portal
      • Controls helpdesk costs by enabling end users to manage certain parts of their own identities
      • Improves security and compliance with minimal errors while managing multiple identities and passwords
      ActiveDirectory
      User requests password reset
      Oracle
      FIM Server
      Passwords updates
      SQLServer
      Notes
      End User
      LDAP
      Reset Password
      • FIM capabilities integrated with Windows logon
      • Randomly selects a number of questions
    • Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device
      PROTECT everywhere,
      ACCESS anywhere
      INTEGRATE and
      EXTEND security
      SIMPLIFY security,
      MANAGE compliance
      • Provide more secure, always-on access
      • Enable access from virtually any device
      • Extend powerful self-service capabilities to users
      • Automate and simplify management tasks
      • Control access across organizations
      • Provide standards-based interoperability
      Learn more at www.microsoft.com/forefront
      Summary
    • © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
      The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
      MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.