Identity Management with Microsoft Identity Integration Server.

Slides:

Advertisements

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Advertisements

Remote Desktop Services

Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.

Microsoft ® Exchange Online Migration and Coexistence Name Title Microsoft Corporation.

Identity Lifecycle Management Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd Copyright.

Active Directory: Final Solution to Enterprise System Integration

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

ESupport Shifting Customers to the Internet for Support Published: January 2002.

Identity and Access Management

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Understanding Active Directory

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Understanding Active Directory

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Microsoft Identity and Access Solutions Market Trends and Futures

EXTENDING FOREFRONT IDENTITY MANAGER Phil Whipps Principal Consultant CGI Australia SESSION CODE: SEC304 (c) 2011 Microsoft. All rights reserved.

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Identity and Access Management Business Ready Security Solutions.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Microsoft Dynamics AX 2009 Integration and Development with the.NET Framework Introduction to the Course.

A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.

D402 Extending your LOB Solution with Microsoft EPM Larry Duff Senior Consultant Microsoft Corporation.

Forefront Identity Manager 2010 Deep Dive

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

® Tivoli Directory Integrator IBM Software Group Tivoli Directory Integrator Bi-directional Active Directory – Domino Sync (part II – how to build it)

Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

DEP311 Identity Management with Microsoft Identity Integration Server (formerly MMS) Steve Plank Architectural Engineer |Microsoft UK Visit

Windows Role-Based Access Control Longhorn Update

LegendCorp What is System Center Virtual Machine Manager (SCVMM)? SCVMM at a glance Features and Benefits Components / Topology /

BAP347 Microsoft Business Solutions–Axapta: A Truly Global Business Application Jeff McKee Director Product Management Axapta Global Product Management.

Enterprise Identity Steve Plank – Microsoft Hugh Simpson-Wells – Oxford Computer Group Dave Nesbitt – Oxford Computer Group.

Identity Management for Mid-Market Customers

Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.

Copyright Microsoft Corp Sandeep Katyal TechnologistMicrosoft Solving the Identity Management problem using MIIS and ADFS.

Introduction to Identity Management with MIIS 2003 Steve Plank Architectural Engineer Session code.

Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV

Security Insights: Identity Theft & Management. The Identity Theft Problem What is Identity Theft? Dumpster diving Low tech Phishing/Pharming Targets.

Gowtham Prasad K N Partner Technical Consultant | Microsoft Corporation |

Microsoft Identity Integration Server 2003 Overview Microsoft Corporation April 2004.

Chris Louloudakis Solution Specialist Identity & Access Management Microsoft Corporation SVR302.

Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.

Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD

Introduction to the Microsoft Identity Integration Server and Roadmap

Secure Connected Infrastructure

Introduction to Windows Azure AppFabric

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

Introduction to ASP.NET 2.0

Business Connectivity Services in SharePoint 2010 and Office 2010

Microsoft Virtual Academy

Directory Synchronization in Office 365

Building Applications with Windows Azure and SQL Azure

SharePoint Online Management and Control

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

1/1/2019 8:36 AM System Center – Datacenter Management Technology Specialist Management Produkte Microsoft Deutschland.

Surviving identity management in a hybrid world

M6: Advanced Identity Management topics for Office 365

Day 2, Session 2 Connecting System Center to the Public Cloud

Day 1, Session 4 Building Your Service Catalog

Presentation transcript:

Identity Management with Microsoft Identity Integration Server

How Integration Happens “Identity Chaos” “Identity Chaos”  Multiple repositories of identity information  Multiple user IDs, multiple passwords  Decentralized management, ad hoc data sharing Flat Files And Sneaker-net Enterprise Directory HRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data

Opportunity For Improvement: HRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Enterprise Directory Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Metadirectory “Identity Integration” “Identity Integration”  Rock solid software to integrate identity

What is Identity Integration? Identity Data LDAP SQL Directory Synchronization Directory Synchronization Password Management Password Management Provisioning and Workflow Provisioning and Workflow NOS Mainframe/Unix Metadirectory

Exchange 5.5 Directory Synchronization Synchronizes multiple repositories Synchronizes multiple repositories “Agentless” connection to other systems “Agentless” connection to other systems Provides attribute-level control Provides attribute-level control Manage global address lists (GAL) Manage global address lists (GAL) Automate group and DL management Automate group and DL management Active Directory Notes iPlanet SQL Oracle Metadirectory

Password Management Initial password set Initial password set Centralized password control via a Web app Centralized password control via a Web app Self-service password reset Helpdesk password reset Decentralized password synchronization Decentralized password synchronization 3 rd party password sync products can easily integrate iPlanet Web app Metadirectory

Provisioning & Workflow Simple Provisioning & De-provisioning Simple Provisioning & De-provisioning  Provision users as they appear in authoritative systems  Set initial values for attributes (including password)  Disable or delete accounts Complex Workflow Complex Workflow  Initiate workflow or provisioning system  Integrate with BizTalk  Planning to add support for SPML when finalized  Integrate with 3 rd party provisioning systems Business Layers, WaveSet, Access360

What Is Microsoft Identity Integration Server? Microsoft Identity Integration Server is… Microsoft Identity Integration Server is…  The next version of Microsoft’s Metadirectory  A flexible synchronization and identity integration framework  Software that ensures consistency of identity data across repositories Microsoft Identity Integration Server makes it radically easier to design, deploy and manage a metadirectory across an enterprise of any size

Metadirectory Concepts Connected Data Source (CD) Connected Data Source (CD)  Any source and/or destination containing identity data Management Agent (MA) Management Agent (MA)  Facilitates the communication between Microsoft Identity Integration Server and the CD Connector Space (CS) Connector Space (CS)  Staging area for inbound or outbound synchronized attributes Metaverse (MV) Metaverse (MV)  Central (SQL) store of identity information  Matching CS entries to a single MV entry is called “join” CD Microsoft Identity Integration Server CS MV MA

Metadirectory Architecture Metadirectory MV CS CS CS SQL Server 2000 Identity Repositories Network CS

New Metadirectory Features Capability MMS 2.2 MIIS 2003 Standard datastore Proprietary SQL 2000 Microsoft Identity Integration Server extensions/Scripting Proprietary VS.NET languages Fault tolerance/failover Limited SQL Clustering Scalability1M100M LDAP access   - via ADAM Extensible APIs No WMI, SDK Easily move from test to production No Password Management No Support renames in connected systems No XML-basedNo Data lineage No Single User View (Polyarchy) No Consulting engagement RequiredOptional

Installation demo demo

User Interface demo demo

Metadirectory Connectors AD/Exchange 2000/Exchange 2003 AD/Exchange 2000/Exchange 2003 ADAM ADAM SunOne Directory (iPlanet) SunOne Directory (iPlanet) SQL SQL Oracle Oracle DSML 2.0 DSML 2.0 LDAP Directory Interchange Format (LDIF) LDAP Directory Interchange Format (LDIF) Delimited Text Delimited Text Fixed-Width Text Fixed-Width Text Attribute-Value Pair Text Attribute-Value Pair Text NT4 NT4 Exchange 5.5 Exchange 5.5 Lotus Notes 4.6 and 5.0 Lotus Notes 4.6 and 5.0 Novell eDirectory 8.62/8.7 Novell eDirectory 8.62/8.7 Other LDAP-based and RDBMS systems to follow Other LDAP-based and RDBMS systems to follow

Management Agents HRSystem Metadirectory iPlanetDirectory ActiveDirectory File LDAP

Creating Management Agents demo demo

Running Management Agents demo demo

Identity Aggregation HRSystem Metadirectory iPlanetDirectory ActiveDirectory FirstName LastName EmployeeID Telephone givenName sn title mail employeeID telephone Klarek Cenntt 008 givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone Klarke Kent Superhero 007 givenName sn title mail employeeID telephone Clark Kent Clark Kent 007 givenName sn title mail employeeID telephone Clark Kent 007 Reporter

Identity Aggregation demo demo

Provisioning/Workflow 1. Simple Provisioning/Deprovisioning Create accounts when new users appear in authoritative systems Create accounts when new users appear in authoritative systems Set initial values for attributes (including password) Set initial values for attributes (including password) Disable or delete accounts in response to change in authoritative systems Disable or delete accounts in response to change in authoritative systems 2. Complex Workflow Initiate workflow or provisioning system (ex: BizTalk Orchestration) for long-running or multi-part workflow Initiate workflow or provisioning system (ex: BizTalk Orchestration) for long-running or multi-part workflow Integrate with ISV Products Integrate with ISV Products

Provisioning Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory File LDAP

De-Provisioning Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory File LDAP

Simple Provisioning and De-Provisioning demo demo

Extending Capabilities Modify the behavior of Microsoft Identity Integration Server Modify the behavior of Microsoft Identity Integration Server Call methods on the interface in response to changes in the system Model defines a managed interface Model defines a managed interface Configuration set in UI determines which methods are called Write custom extensions in any programming language with a compiler for the CLR Write custom extensions in any programming language with a compiler for the CLR Visual Studio projects auto-generated for VB or C#

Extending Microsoft Identity Integration Server using Visual Studio.NET demo demo

Preview Mode System is transparent in design System is transparent in design  Allows architect/developer to preview work in the metadirectory without committing any changes Allows the testing of Allows the testing of  Configuration changes  New rules  New connected directories Can view all results through the UI Can view all results through the UI

Preview Mode demo demo

Passwords 1. Initial password set Core functionality Core functionality 2. Centralized password control Web-based, extensible application for building self-serve or helpdesk support applications Web-based, extensible application for building self-serve or helpdesk support applications 3. Decentralized password synchronization Integrate with ISV Products Integrate with ISV Products WebAppWebApp MIIS 2003 iPlanetiPlanet ADAD

Visualization Different hierarchies suit different needs Different hierarchies suit different needs Multiple hierarchical representations can be discovered from data Multiple hierarchical representations can be discovered from data Polyarchy eliminates the requirement for fixed hierarchy Polyarchy eliminates the requirement for fixed hierarchy Polyarchy provides multiple hierarchical views and richer visualization of infrastructure information Polyarchy provides multiple hierarchical views and richer visualization of infrastructure information

Summary Reduce administration cost Reduce administration cost GAL management DL/group management Helpdesk password reset Improved productivity Improved productivity User self-service Faster access to systems Increased security Increased security Fast de-provisioning iPlanet SQL Oracle Active Directory Exchange 5.5 Notes Metadirectory

© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.