Presentation is loading. Please wait.

Presentation is loading. Please wait.

Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306 Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306.

Published byNaomi Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306 Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306."— Presentation transcript:

1

2 Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306 Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306

3

4 Why are we in this space? Product overview and value proposition Provisioning users Credential management Transitioning roles Summary Agenda

5 See how FIM can reduce your cost by maintaining policy compliance See FIM as a viable way to automate provisioning and de-provisioning of users See how to reduce costs for managing passwords Session outcomes

6 Business Ready Security Help securely enable business by managing risk and empowering people Highly Secure & Interoperable Platform Block from: Enable CostValue SiloedSeamless to:

7 New User User ID Creation Credential Issuance Entitlements Change User Entitlement Changes Promotions Transfers Help Desk “Lost” Credentials Password Reset New Entitlements Retire User Delete Accounts Remove Entitlements Reporting Compliance Audit Security Integration Workflow Self-Service Password Kiosk Identity New Entitlements Identity Lifecycle Management

8 Information Workers Call help desk for password and access requests Wait up to weeks for access Define business policies Developers Business rule development Custom application development Systems integration Wrong People Wrong Contexts Greater Complexity Higher Cost IT Professionals Respond to the business Respond to users Architecture & deployment System admin Governance & security Managing permissions Creating & deleting user accounts Policy implementation & enforcement Today: Management Burden is on IT

9 Business rules & policy Permissions Group & role membership Distribution lists Passwords & PINs Architecture Deployment System administration Governance Security System & application integration & development Users AccessCredentials Policy IT Professionals Information Workers Developers Add Update Revoke Audit Aligning Experiences With The Right People

10 CredentialManagement Manage multiple credential types (passwords, certificates, smart cards) Integrated with Windows logon (registration & reset) Support for multiple & partner reset gates (q/a, smart card, speech, custom) Access Management Delegated & self-service group and distribution list management Information worker self-service experiences through Office and SharePoint Dynamic groups/roles & distribution lists User Management Automated, codeless user provisioning Enables integration of user, device, and service management Self-service and admin Profile Management Policy Management Visual, natural language process authoring & editing Extensible workflows through Windows Workflow Foundation Integrates with System Center for monitoring and control FIM 2010 Solution Areas

11 Provisioning Issues at Litware Maintenance of custom provisioning scripts costly and error prone “Soft costs” – user productivity ‘Provisioned’ users frequently lack access to business critical apps and dls Litware has dozens of connected systems requiring provisioning Process compliance nearly an impossibility IT Pro centric scripts do not encompass business unit needs Custom scripts enforce business logic Inflexible process increases costs as organization grows

12 Litware’s Requirements New employees need to be provisioned for business critical applications to enable productivity within a day A central HR system is authoritative for bootstrapping user data Every employee has an AD account and mailbox Each business unit has it’s own portals and apps Every employee is a member of manager’s required DLs as well as business specific DLs

13 Scenario Overview – New User Melissa Meyers has just been hired into Litware as a new employee in Finance. As a new employee, Melissa will need to be provisioned into key business critical applications so that she can be effective at her job. Today Custom scripts tie together disparate identity systems Inefficient processes lead to long period without access to critical applications Custom process prone to errors leading to loss of productivity ILM automates provisioning to all business critical applications Provisioning to applications takes place within hours, not days or weeks Access to applications is done in context of defined policy With FIM

14 First day at work with FIM 2010

15 Password Reset Issues at Litware Help desk cost are soaring due to password reset requests IT Pro centric scripts do not encompass business unit needs

16 Litware’s Requirements Employees must be able to perform a self-service password reset Help desk costs must drop dramatically User training costs must be held at bay

17 Scenario Overview – Password Reset Jill is one of the many external contractors in her company. She is does not login to the corporate network very often. As a result, she nearly always forgets her password and must reset it prior to accessing the corporate network. Today Jill needs to call the helpdesk to reset her password Company incurs a significant cost in managing credentials for contractors like Jill Company needs to maintain different tools for managing the credentials for employees and contractors Jill is able to reset her password without connecting to the corporate network The company maintains a centralized set of policies and common tools for credential management for employees and contractors Employees can reset their credentials directly from the Windows logon screen With FIM

18 Transitioning Issues at Litware All of the same issues as the initial provisioning: - Maintenance of custom provisioning scripts costly and error prone - IT Pro centric scripts do not encompass business unit needs - Custom scripts enforce business logic - “Soft costs” – user productivity - ‘Provisioned’ users frequently lack access to business critical apps and dls - Litware has dozens of connected systems requiring provisioning - Process compliance nearly an impossibility - Inflexible process increases costs as organization grows No automated de-provisioning of access to existing apps! Access to newly required apps completely manual Inflexible process increases costs as organization grows

19 Transitioning employees need to be provisioned for business critical applications to enable productivity within a day Access to existing resources must be evaluated and removed if required within a day Litware’s Requirements

20 Scenario Overview – Transition Melissa is transitioning jobs. The HR system must reflect Melissa’s new role as well as update her management chain. She must be granted access to team portals and LOB applications. Access to her old team’s portals and LOB applications must be revoked. In order to function at full capacity, she must then also be added to key DLs so she is included on all key communications. Today Melisssa’s LOB applications are not provisioned or de-provisioned automatically on role change She must request access to new resources and retains access to some which are no longer relevant Her domain change process is tedious and long running causing intermittent outages of key services such as mail Melissa is dynamically added to business critical DLs She automatically loses access to the LOB apps from his previous role She automatically gets access to the new team portal and loses access to the previous team portal With FIM

21 Employee Changing Roles

22 De-provisioning issues at Litware No automated de-provisioning of access to existing apps! Lingering access to applications and resources represent a real security threat! Inflexible process increases costs as organization grows

23 Employees leaving the organization need have their access to resources and applications de- provisioned within a day A historical record of de-provisioned employees and their access must be maintained Litware’s Requirements

24 Scenario Overview – Employee de-provision Melissa has made it to VP level but is leaving Litware to pursue new opportunities. She is currently granted access to business critical data at Litware, that if leaked, could significantly damage Litware’s business. Today Melissa’s LOB applications are not de-provisioned automatically on role change Auditing of historical data for compliance is tedious and error prone Tracking down all access points is costly and error prone Melissa’s access to all business applications and resources is automatically revoked A historical audit trail of Melissa’s data and access permissions is maintained Connected systems are automatically de-provisioned in accordance with policy With FIM

25 Summary FIM 2010 helps reduce provisioning costs by streamlining the process while maintaining a state of policy compliance and focusing on the information worker

26

27 www.microsoft.com/teched International Content & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings from Tech-Ed website. These will only be available after the event. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings from Tech-Ed website. These will only be available after the event. Tech ·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.zawww.tech-ed.co.za

28 Required Slide http://www.puttyq.com Email me: almero.steyn@gijima.com almero@puttyq.com Email me: almero.steyn@gijima.com almero@puttyq.com My Blog

29 Required Slide Complete a session evaluation and enter to win! 10 pairs of MP3 sunglasses to be won

30 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide

Download ppt "Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306 Almero Steyn Business Manager: IdAM GijimaAst Session Code: SIA 306."

Similar presentations

Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.
Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.

Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
Larry Mead Microsoft Corp. Jon Flanders Session Code: INT203.

Larry Mead Microsoft Corp. Jon Flanders Session Code: INT203.
Dan Parish Program Manager Microsoft Session Code: OFC 304.

Dan Parish Program Manager Microsoft Session Code: OFC 304.
John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.

John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Tony Whitter Principal, Whitter Technology WMB401 Author Jeff Neafsey Mobility Architect Microsoft.

Tony Whitter Principal, Whitter Technology WMB401 Author Jeff Neafsey Mobility Architect Microsoft.
Siddharth Bhatia Senior Program Manager Microsoft Session Code: DTL301.

Siddharth Bhatia Senior Program Manager Microsoft Session Code: DTL301.
AUTOMATING DAAS DESKTOPS WITH CITRIX CORTEX Tony Sanchez WW Alliances Solutions Architecture Citrix Systems Inc SESSION CODE: CLI415 (c) 2011 Microsoft.

AUTOMATING DAAS DESKTOPS WITH CITRIX CORTEX Tony Sanchez WW Alliances Solutions Architecture Citrix Systems Inc SESSION CODE: CLI415 (c) 2011 Microsoft.
Eric Carter Development Manager Microsoft Corporation OFC324.

Eric Carter Development Manager Microsoft Corporation OFC324.
Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.

Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.
Joe Schulman Program Manager Microsoft Corporation Session Code: SIA308 Fred Delombaerde Lead Program Manager Microsoft Corporation.

Joe Schulman Program Manager Microsoft Corporation Session Code: SIA308 Fred Delombaerde Lead Program Manager Microsoft Corporation.
Thavash Govender Senior BI Consultant iSolve Business Solutions BIN307.

Thavash Govender Senior BI Consultant iSolve Business Solutions BIN307.
Donald Farmer Microsoft Corporation BIN308.

Donald Farmer Microsoft Corporation BIN308.
Pieter Hancke Senior Consultant Microsoft Consulting Services Session Code: WCL303.

Pieter Hancke Senior Consultant Microsoft Consulting Services Session Code: WCL303.
Arend-Jan Speksnijder Solutions Architect Microsoft Dynamics Lighthouse team Dynamics AX2009 Technical Overview and Demo (DYN301)

Arend-Jan Speksnijder Solutions Architect Microsoft Dynamics Lighthouse team Dynamics AX2009 Technical Overview and Demo (DYN301)

Similar presentations

Ads by Google