Forefront Identity Manager 2010 (Av Rune Lystad)


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Forefront Identity Manager 2010 (Av Rune Lystad)

  1. 1. Identitetshåndtering og tilgangskontroll<br />
  2. 2. Business Ready Security Solutions<br />Secure Messaging<br />Secure Endpoint<br />Secure Collaboration<br />Information Protection<br />Identity and Access Management<br />
  3. 3. Business Ready Security Solutions<br />Secure Messaging<br />Secure Endpoint<br />Secure Collaboration<br />Information Protection<br />Identity and Access Management<br />Active Directory®Federation Services<br />
  4. 4. Create<br />Provision user<br />Provision credentials<br />Provision resources<br />Help Desk<br /><ul><li>“Lost” Credentials
  5. 5. Password Reset
  6. 6. New Entitlements</li></ul>Retire<br />Policy Management<br />De-provision identities<br />Revoke credentials<br />De-provision resources<br />Policy enforcement<br />Approvals and notifications<br />Audit trails<br />Change<br />Role changes<br />Phone # or titlechange<br />Password and PIN reset<br />Resource requests<br />Identity Lifecycle Management<br />
  7. 7. Today: Management Burden Is On IT<br />IT Professionals<br />Difficult to manage siloed identities<br />Overloaded with help desk service requests<br />Manually managing accounts and permissions<br />Poor tools for managing user credentials<br />Information Workers<br />Call help desk for passwordand access requests<br />Wait for days or weeks for access<br />Wait for IT to implement business policies<br />Greater Complexity<br />Wrong Contexts<br />Wrong People<br />Higher Costs<br />Developers<br />Complex to develop custom applications <br />Forced to develop business rules<br />Challenge to learn different development models<br />Hard to integrate systems<br />
  8. 8. Aligning Experiences With The Right People<br />IT Professionals<br />Information Workers<br />Architecture<br />Deployment<br />System administration<br />Governance <br />Security<br />Add<br />Update<br />Users<br />Access<br />Credentials<br />Business rules & policy<br />Permissions<br />Group & role membership<br />Distribution lists<br />Passwords & PINs<br />Policy<br />Revoke<br />Audit<br />Developers<br />System & application integration & development<br />
  9. 9. Integrated provisioning of identities, credentials, and resources<br />Automated, codeless user provisioning and de-provisioning<br />Self-service and admin Profile Management<br />UserManagement<br />Manage multiple credential types (passwords, certificates, smart cards)<br />Self-service password reset integrated with Windows logon<br />Support for multiple & partner reset gates (q/a, smart card, speech, custom)<br />Credential <br />Management<br />Delegated & self-service group and distribution list management<br />Information worker self-service experiences through Office and SharePoint<br />Automated group and distribution list updates<br />GroupManagement<br />Visual, natural language process authoring & editing<br />Extensible workflows through Windows Workflow Foundation<br />Integrates with System Center for monitoring and control<br />PolicyManagement<br />FIM 2010 Solution Areas<br />
  10. 10. Forefront Identity Manager in Action<br />Databases<br />Self-Service integration<br />WindowsLog On<br />LOB Applications<br />FIM Portal<br />Policy Management<br />Credential Management<br />User Management <br />Group Management<br />Custom<br />ISV PartnerSolutions<br />IT Departments<br />Directories<br />
  11. 11. Identity ManagementUser provisioning<br /><ul><li>Policy-based identity lifecycle management system
  12. 12. Built-in workflow for identity management
  13. 13. Automatically synchronize all user information to different directories across the enterprise
  14. 14. Automates the process of on-boarding users</li></ul>ActiveDirectory<br />LotusDomino<br />Workflow<br />User Enrollment <br />LDAP<br />FIM<br />SQLServer<br />Approval<br />HR System<br />Oracle DB<br />FIM CM<br />Manager<br />User provisioned on all allowed systems<br />
  15. 15. Identity ManagementUser de-provisioning<br /><ul><li>Automated user de-provisioning
  16. 16. Built-in workflow for identity management
  17. 17. Real-time de-provisioning from all systems to prevent unauthorized access and information leakage</li></ul>ActiveDirectory<br />LotusDomino<br />Workflow<br />User de-provisioned <br />LDAP<br />FIM<br />SQLServer<br />HR System<br />Oracle DB<br />FIM CM<br />User de-provisioned or disabled on all systems<br />
  18. 18. GivenName<br />Samantha<br />sn<br />Dearing<br />title<br />Coordinator<br />mail<br /><br />employeeID<br />007<br />telephone<br />555-0129<br />givenName<br />sn<br />title<br />mail<br />employeeID<br />telephone<br />Identity Synchronization and ConsistencyIdentity synchronization across multiple directories<br />HR<br />System<br />FIM<br />Samantha<br />givenName<br />Samantha<br />sn<br />Dearing<br />Dearing<br />title<br />mail<br />Attribute Ownership<br />employeeID<br />007<br />007<br />telephone<br />FirstName<br />LastName<br />EmployeeID<br />SQL Server <br />DB<br />givenName<br />Samara<br />sn<br />Darling<br />title<br />Coordinator<br />Coordinator<br />mail<br />employeeID<br />007<br />telephone<br />Identity<br />Data<br />Aggregation<br />Title<br />Active<br />Directory/ <br />Exchange<br />givenName<br />Sam<br />sn<br />Dearing<br />title<br />Intern<br />mail<br /><br />employeeID<br />007<br />telephone<br />E-Mail<br /><br />LDAP<br />givenName<br />Sammy<br />sn<br />Dearling<br />title<br />mail<br />employeeID<br />008<br />555-0129<br />telephone<br />555-0129<br />Telephone<br />
  19. 19. Identity Synchronization and ConsistencyIdentity consistency across multiple directories<br />FIM<br />HR<br />System<br />givenName<br />Samantha<br />sn<br />Dearing<br />title<br />mail<br />Attribute Ownership<br />employeeID<br />007<br />telephone<br />givenName<br />Bob<br />Samantha<br />Samantha<br />Samantha<br />sn<br />Dearing<br />Dearing<br />Dearing<br />FirstName<br />LastName<br />EmployeeID<br />title<br />Coordinator<br />Coordinator<br />Coordinator<br />Coordinator<br />SQL Server <br />DB<br />givenName<br />Samara<br />mail<br /><br /><br /><br /><br />sn<br />Darling<br />employeeID<br />007<br />title<br />Coordinator<br />telephone<br />555-0129<br />555-0129<br />555-0129<br />555-0129<br />mail<br />Incorrect or Missing<br />Information<br />employeeID<br />007<br />telephone<br />Identity<br />Data<br />Brokering<br />(Convergence)<br />Title<br />Active<br />Directory / <br />Exchange<br />givenName<br />Sam<br />sn<br />Dearing<br />title<br />Intern<br />mail<br /><br />employeeID<br />007<br />telephone<br />E-Mail<br />LDAP<br />givenName<br />Sammy<br />sn<br />Dearling<br />title<br />mail<br />employeeID<br />007<br />telephone<br />555-0129<br />Telephone<br />
  20. 20. Customizable Identity Portal<br />SharePoint-based Identity Portal for Management and Self Service<br />How you extend it<br />Add your own portal pages or web parts<br />Build new custom solutions<br />Expose new attributes to manage by extending FIM schema<br />Choose SharePoint theme to customize look and feel<br />
  22. 22. Strong Authentication—Certificate Authority<br /><ul><li>Streamline deployment by enrolling user and computer certificates without user intervention
  23. 23. Simplify certificate and SmartCard management using Forefront Identity Manager (FIM)</li></ul>User is validated using multi-factor authentication<br />FIM policy triggers request for FIM CM to issue certificate or SmartCard<br />Certificate is issued to user and written to either machine or smart card<br />SmartCard<br />EndUser<br />End User<br />FIM CM<br />Active Directory Certificate Services (AD CS) <br />FIM<br />SmartCard<br />FIM Certificate Management (CM) requests certificate creation from AD CS<br />User ID andPassword<br />Multi-Factor Authentication<br />User Enrollment and Authentication request sent by HR System<br />HR System<br />
  24. 24. Certificate Lifecycle Management <br />Single administration point for digital certificatesand smart cards<br />Configurable policy-based workflows for common tasks<br />Enroll/renew/update<br />Recover/card replacement<br />Revoke<br />Retire/disable smart card<br />Issue temporary/duplicate smart card<br />Personalize smart card<br />Detailed auditing and reporting<br />Support for both centralized and self-service scenarios<br />Integration with existing infrastructure investments<br />Windows Active Directory; Windows Certificate Services<br />
  25. 25. End User Scenarios<br />Example Scenario<br />FIM 2010 Advantages<br />UserManagement<br />Automatic routing of multiple approvals<br />Approval process through Office<br />Audit trail of approvals<br />CFO gives final approval for newuser to access app with associated SOX compliance requirement<br />Automatic updating of business applications<br />No need to call help desk<br />Faster time to resolution<br />Credential Management<br /> User changes cell phone number<br />GroupManagement<br />Request process through Office<br />No waiting for help desk<br />Faster time to resolution<br />User asks to join secure distribution list for newproduct development<br />Integration with Windows logon<br />No need to call help desk<br />Faster time to resolution<br />PolicyManagement<br />Self-service smart card provisioning & management<br />
  26. 26. IT Administrator Scenarios<br />Example Scenario<br />FIM 2010 Advantages<br />UserManagement<br />Centralized management<br />Automatic policy enforcement across systems<br />Author policy to require HRapproval for job title change<br />Automatic policy enforcement across systems<br />Management of role changes & retirements<br />Credential Management<br />Automatically provision new employees with identity, mailbox, and credentials<br />Automatic management of group membership<br />Secure access to departmental resources, with audit trail<br />GroupManagement<br />Design policy to automatically create departmental security groups<br />Generation and delivery of initialone-time use password<br />Integration of smart card & cert enrollment with provisioning<br />Create workflow to automatically issue passwords and smart cards to new users<br />PolicyManagement<br />
  27. 27. Software for policy-based management of identities,credentials, and resources across heterogeneous environments<br />Provides self-service tools<br />SharePoint admin console to manage identities<br />Greater productivity through faster time to resolution<br />Empowers People<br />Reduces costs through automation and self-service<br />Maximizes existing investments in Identity Infrastructure<br />Integrates with familiar developer tools to enable new scenarios<br />Delivers Agility and Efficiency<br />Integrates identity, credential, and access management<br />Rich permissions and delegation model<br />Enables system auditing and compliance<br />Increases Security and Compliance<br />Summary: FIM 2010<br />
  28. 28. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />
  29. 29. BACKUP SLIDES<br />