Magnolia And Idm

1,269 views

Published on

Presentation at Magnolia Conference 2009

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,269
On SlideShare
0
From Embeds
0
Number of Embeds
119
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Magnolia And Idm

  1. 1. Magnolia Conference 2009 © deron GmbH September 200 Identity Management and Magnolia Ralf Hirning
  2. 2. Magnolia Conference 2009 © deron GmbH September 200 Introduction IDM User Study 2009 IDM – an Overview IDM Magnolia Integration Integration Module Integration Module
  3. 3. Magnolia Conference 2009 © deron GmbH September 200 Introduction IDM User Study 2009 IDM – an Overview IDM Magnolia Integration Integration Module Integration Module
  4. 4. Magnolia Conference 2009 © deron GmbH September 200 Company Spin Off from Fraunhofer Gesellschaft Foundation in 2001 25 employees Locations Headoffice Stuttgart Köln / Burscheid Hamburg Zürich
  5. 5. Magnolia Conference 2009 © deron GmbH September 200 Ralf Hirning 15 years IT consulting and project management 10 years CMS projects Magnolia projects Magnolia training Now: Identity Management consulting
  6. 6. Magnolia Conference 2009 © deron GmbH September 200 Introduction IDM User Study 2009 IDM – an Overview IDM Magnolia Integration Integration Module Integration Module
  7. 7. Magnolia Conference 2009 © deron GmbH September 200 IDM: IT Business Process Management
  8. 8. Magnolia Conference 2009 © deron GmbH September 200 Identity Management Usage Identity Manag ement E ins atz 23% yes 34% no Ja In E inführung 7% introducing In P lanung Nein © deron 36% planned
  9. 9. Magnolia Conference 2009 © deron GmbH September 200 Definition of Processes ... D e fin itio n d e r IT -G e s c h ä fts p ro z e s s e Interner Mitarbeiter [m it IdM] Interner Mitarbeiter [ohne IdM] E x terner Mitarbeiter [m it IdM] E x terner Mitarbeiter [ohne IdM] 100% 90% 80% 70% Häufig keit (in P roz ent) 60% 50% 40% 30% 20% 10% 0% A nleg en A k tivieren D eak tivieren L ös c hen create activate deactivate IT -G e sc h ä ftsp ro z e sse delete © deron
  10. 10. Magnolia Conference 2009 © deron GmbH September 200 but ... D e fin itio n d e r Ä n d e r u n g s p ro z e s s e Interner Mita rbeiter [m it IdM] Interner Mita rbeiter [ohne IdM] E x terner Mitarbeiter [m it IdM] E x terner Mitarbeiter [ohne IdM] 100% 90% 80% 70% Häufig keit (in P roz ent) 60% 50% 40% 30% 20% 10% 0% change Na m ens änderung change P as s wortänderung changewec hs el change tion A bteilung s Mitarbeiterfunk project c haftresponsibility for P rojek tm itg lieds V era ntwortung tec hnis c he-/ © deron name password organization e d e s Ä n d e rn s IT -G e sc h ä fts p ro z e ss function member technicalc ounts funk tions ac accounts
  11. 11. Magnolia Conference 2009 © deron GmbH September 200 Introduction IDM User Study 2009 IDM – an Overview IDM Magnolia Integration Integration Module Integration Module
  12. 12. Magnolia Conference 2009 © deron GmbH September 200 IDM functional layers Approval process Entry new User information for new accounts Business-Layer: Personal information Business role model IT business process HR Orga IDM-Layer: Central identity store IDM Middleware Infrastructure: Provisioning Microsoft Active Directory Help Desk SAP VPN further applications Authorization management ... synchronization ADS Help Desk SAP VPN ... ...
  13. 13. Magnolia Conference 2009 © deron GmbH September 200 Business Processes & IDM Components Components of Bausteine des Identity & Access Management Meta-Store für Accounts Provisioning Workflow-Management User Self Servie Benutzer Self Service Role Based Access Control Single Sign On Federation Audit Public Key Infrastructure
  14. 14. Magnolia Conference 2009 © deron GmbH September 200 IDM: The classical approach pros: HR data synchronization > Regelbasierte rule based processing Verarbeitung der simple initial user setup of HR data Informationen aus HR fast implementation cons: IDM > Regelbasierte a complete base installation rule based Weiterverarbeitung provisioning der Daten is necessary no workflow integration overall benefits are low ADS
  15. 15. Magnolia Conference 2009 © deron GmbH September 200 IDM: workflows and authorization management pros: workflow integration extended user administration cons: No auditing and reporting tools No role management
  16. 16. Magnolia Conference 2009 © deron GmbH September 200 IDM: business roles & compliance User-Self-Service > Personendaten > Access-Right Request > Orga-Zugehörigkeit pros: > ... HR ORGA User > Passwort-Self-Service > .... audit and reporting in place RBAC extended user > mehrstufiges Genehmigungsverfahren administration Webfrontend für die IDM-Administration > Eskalationsszenario (Vertreterregelungen, etc...) cons: Administration IDM Manager A Additional expenses Audit Long term strategy Manager B Reporting necessary > Regelbasierte Weiterverarbeitung der Daten Manager C > Anlage eines Home-Directorys > Anlegen des Benutzers und Zuordnung innerhalb der Struktur > Automatisierte Zuordnung der Gruppenzugehörigkeit ADS X X
  17. 17. Magnolia Conference 2009 © deron GmbH September 200 Real Challenge: multiple different Life-Cycles Mitarbeiter Life-Cycle Anlegen Anlegen Anlegen Löschen Aktivieren / Mail- Projekt-Life-Cycle Reaktivieren Verteilerlisten Life-Cycle Ändern Löschen Ändern Deaktivieren Ändern Prüfen Anlegen Sammeluser Life-Cycle Löschen Ändern Prüfen
  18. 18. Magnolia Conference 2009 © deron GmbH September 200 Real Challenge: multiple different change types Mitarbeiter Life-Cycle Anlegen Löschen Aktivieren / Reaktivieren Deaktivieren Ändern name function organization project member deprovisioning ...
  19. 19. Magnolia Conference 2009 © deron GmbH September 200 Real Challenge: organizational change t OU ‘old’ OU ‘new’ Old Permissions New Permissions OU = organizational unit
  20. 20. Magnolia Conference 2009 © deron GmbH September 200 Introduction IDM User Study 2009 IDM – an Overview IDM Magnolia Integration Integration Module Integration Module
  21. 21. Magnolia Conference 2009 © deron GmbH September 200 Email Integration IDM Send email Magnolia Admin JCR
  22. 22. Magnolia Conference 2009 © deron GmbH September 200 LDAP Integration IDM Sync LDAP Magnolia LDAP Connector JCR
  23. 23. Magnolia Conference 2009 © deron GmbH September 200 Direct Integration IDM Create Query Modify Delete Remote Module Magnolia JCR
  24. 24. Magnolia Conference 2009 © deron GmbH September 200 Introduction IDM User Study 2009 IDM – an Overview IDM Magnolia Integration Integration Module Integration Module
  25. 25. Magnolia Conference 2009 © deron GmbH September 200 Remote Module - Filter Create filter to handle remote requests Define a URL pattern for the filter to handle /.remote/…
  26. 26. Magnolia Conference 2009 © deron GmbH September 200 Remote Module – XML Query ?xml version="1.0" encoding="UTF-8"?> mgnl-command> <query repository="users" language="xpath" statement="//*" event-id="0815"/> /mgnl-command>
  27. 27. Magnolia Conference 2009 © deron GmbH September 200 Remote Module – XML Create
  28. 28. Magnolia Conference 2009 © deron GmbH September 200 Remote Module – Config tag handler Create tag handler for delete move rename …
  29. 29. Magnolia Conference 2009 © deron GmbH September 200 Ralf Hirning deron GmbH Schelmenwasenstr. 32 70567 Stuttgart Germany

×