Christian Jäggli Principal Consultant Microsoft Corporation
IDA management today; a burden on IT Align IDA with the right people Microsoft Identity and Access Management Microsoft Identity Lifecycle Manager (ILM) How ILM “2” addresses the challenges ILM “2” features ILM work Technology behind the scene Release schedule Resources Questions & Answers
Information Workers Call help desk for password and access requests Wait up to weeks for access Define business policies Developers Business rule development Custom application development Systems integration Wrong People Wrong Contexts Greater Complexity Higher Cost IT Professionals Respond to the business Respond to users Architecture & deployment System admin Governance & security Managing permissions Creating & deleting user accounts Policy implementation & enforcement
Business rules & policy Permissions Group & role membership Distribution lists Passwords & PINs Architecture Deployment System administration Governance Security System & application integration Custom application development Users AccessCredentials Policy IT Professionals Information Workers Developers Add Update Revoke Audit
Integrates identity, credential, and access management Implements a rich permissions and delegation model Enables system auditing and compliance Provides Office-based self-service tools SharePoint admin console to manage identities Greater productivity through faster time to resolution Reduces costs through automation and self-service Maximizes existing investments in Identity Infrastructure Integrates with familiar developer tools to enable new scenarios Empowers People Delivers Agility and Efficiency Increases Security and Compliance
Directory Services Strong Authentication Federated Identity Information Protection Microsoft Solution Focus Areas Identity Lifecycle Mgmt Extensibility 20+ Connectors WS-* Platform Components.NET Workflow Foundation Windows Services AD Domain Services & AD Lightweight Directory Services Active Directory Federation Services Rights Management Services Certificate Services Microsoft Office Windows Web Sites Visual Studio User and Developer Experiences Identity Lifecycle Manager IDA Management
Identity Synchronization User Provisioning Certificate and Smartcard Management Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Management Workflow and Policy UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement
Credential Management Heterogeneous certificate management with 3rd party CAs Management of multiple credential types, including One Time Passwords Self-service password reset integrated with Windows logon Group Management Rich Office-based self-service group management tools Offline approvals through Office Automated group and distribution list updates User Management Integrated provisioning of identities, credentials, and resources Automated, codeless user provisioning and de-provisioning Self-service profile management Policy Management SharePoint-based console for policy authoring, enforcement & auditing Extensible WS– * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency
HR registers Joe’s information in SAP ILM imports information into IAM data base Joe’s profile is available in ILM portal Joe’s manager receives with link to profile Manager assigns System roles and profiles for Joe’s role System Owner approves system access and profiles Joe’s user accounts and mail box are provisioned An with initial password is sent to Joe’s manager Joe’s first day at work Joe logs on to his new workstation Registers for password reset self service Modifies his profile Opens Outlook and requests group/DL membership Group Owner approves/denies request Joe forgot his password Joe has logged out and forgot his password. Reset password self service
ILM “2” Server: Windows Server 2008, 64-bit Only supported server platform Internet Information Services 7 (IIS).NET Framework 3.0 Windows Workflow Foundation Windows Powershell Web Services (WS*) MS SQL Server 2008 SharePoint Services 3.0 Visual Studio 2008 (for customizing) Clients Modules: Windows XP, Windows Vista or Windows and 64-Bit Office 2007 (for Office integration)
Solutions Group Mgmt Credential Mgmt Policy Mgmt Custom User Mgmt Outlook Portal Windows Custom ILM Clients ILM Platform ILM Sync ILM Web Service AuthZ Workflow AuthN Workflow Delegation & Permissions Action Workflow App DB Adapters Request Processor Sync DB DirectoriesDatabases SystemsApplications Identity Stores Cert Mgmt CLM DB CLM Portal
Service on the ILM Server Providing Web services interfaces for WS* requests by clients and Web interface Handles Authentication, Authorization, Workflows through Management Policy Rules All Requests performed are logged and reported Based on.NET and Windows Workflow foundation ILM Web Service AuthZ Workflow AuthN Workflow Delegation & Permissions App DB Request Processor
Management Agent Connector Space Metaverse
SharePoint Web Portal (SharePoint Services) for ILM Administrator End users for self service Resource and group administrators Workflow requestors and approvers Password Management User sees only what they are entitled to see and manage Predefined page layout But can be customized and branded to user needs trough interface (no coding)
ILM can use different Clients to access the functionality: SharePoint portal via Internet Explorer Windows XP or Windows Vista for Credential Management (Passwords and Smart Cards) Office Outlook for Group management, approvals and request handling Any application which can send WS* requests to the ILM Service (for example Helpdesk application) Outlook Portal Windows Custom ILM Clients
Beta 3 June 2008 New Features Include Codeless Provisioning Policy Management Self-service password reset Release Candidate Nov 2008 Updates Include Support for scaleout Cross forest group management notification enhancements 3rd party CA support RTM Q1 CY 2010 Includes Customer reported updates Experience and guidance from lengthy RC 1 deployment validation Release Candidate 1 Q Updates Include Management Policy Rules Explorer Portal updates for usability Historical Data is stored in separated DB RC1 to RTM Migration support
Learn more about Identity Lifecycle Manager ILM “2” Product Page: ILM 2007 Product Page: www.microsoft.com/ILM 2007 Learn About Microsoft Identity and Access (IDA) IDA Solutions Home Page: IDA Partners: Evaluate the ILM “2” Release Candidate Visit
Presentations TechDays: MSDN Events: MSDN Webcasts: MSDN Events MSDN Events: Save the date: TechEd 2009 Europe, 9-13 November 2009, Berlinhttp:// MSDN Flash (our by weekly newsletter) Subscribe: MSDN Team Blog RSS: Developer User Groups & Communities Mobile Devices: Microsoft Solutions User Group Switzerland: Managed User Group of Switzerland: FoxPro User Group Switzerland:
Presentations TechDays: TechNet Events TechNet Events: Save the date: TechEd 2009 Europe, 9-13 November 2009, Berlinhttp://technet.microsoft.com/de-ch/bb aspx TechNet Flash (our by weekly newsletter) Subscribe: Schweizer IT Professional und TechNet Blog RSS: IT Professional User Groups & Communities SwissITPro User Group: NT Anwendergruppe Schweiz: PASS (Professional Association for SQL Server):
7. – 8. April 2010 Congress Center Basel
Classic Sponsoring Partners Media Partner Premium Sponsoring Partners
Type of SystemManagement Agents Network Operating Systems and Directory Services Microsoft Active Directory Windows Server 2003 R2, 2003, and 2000 Microsoft Active Directory Application Mode Windows Server 2003 R2 and 2003 Microsoft Windows NT 4.0 IBM Tivoli Directory Server Novell eDirectory 8.6.2, 8.7, and 8.7.x Sun Directory Server (Netscape/iPlanet/SunONE) 4.x and 5.x MainframeIBM Resource Access Control Facility (RACF) Computer Associates eTrust ACF2 Computer Associates eTrust Top Secret and MessagingMicrosoft Exchange 2007, 2003, 2000, and 5.5 Lotus Notes 6.x, 5.0, and 4.6 ApplicationsSAP 5.0 and 4.7 Telephone switches XML-based systems DSML-based systems DatabasesMicrosoft SQL Server 2005, 2000, and 7 IBM DB2 Oracle 10g, 9i, and 8i File-BasedAttribute value Pairs CSV Delimited Fixed Width Directory Services Markup Language (DSML) 2.0 LDAP Interchange Format (LDIF) All OtherExtensible Management Agent for connectivity to all other systems