Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strong Authentication with Smart cards using ILM(CLM)

Published byCristian Tuley Modified over 10 years ago

Similar presentations

Presentation on theme: "Strong Authentication with Smart cards using ILM(CLM)"— Presentation transcript:

1 Strong Authentication with Smart cards using ILM(CLM)
3/31/2017 9:48 PM Strong Authentication with Smart cards using ILM(CLM) Kunal Kodkani Senior Consultant Microsoft Corporation © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Need for Strong Authentication Microsoft ILM Solution Approach
Smart card Deployment Challenges ILM 2007(CLM) Architecture ILM 2007(CLM) Configuration Demo – Smart card lifecycle management and strong authentication Questions?

3 The need for Strong Authentication…

4 Strong Authentication Why Strong Authentication?
Traditional Username & Password not enough to protect identity Easy to guess “Sticky note”/wallet best friend Results in… Source:

5 Strong Authentication What Strong Authentication Provides
Multi factor authentication Something you have (Certificate) Something you know (secret PIN) Strong Private Key protection Users keys stored in a cryptographic device User keys protected by PIN User keys protected with biometrics Non repudiation and digital signature capabilities Achieve legal and regulatory requirements Protects people and business identity

6 Client Authentication Remote Access Authentication
Smart Cards What are smart cards? Interactive Logon Secure Code Signing Client Authentication Custom Applications Remote Access Authentication Smart card usage Smart card is a device that stores data, including certificates, public keys, and private keys Enhanced Security for: Interactive logon Client authentication Remote logon Wireless authentication Secure

7 Smart card Deployment Challenges
Business Considerations Technical Considerations Establishing a strong issuance process Integrating user / device provisioning Driving end user acceptance Reducing the help desk burden Lost, stolen or forgotten smart cards Smart card personalization requirements Centralized to highly distributed scenarios Deployment of smart card middleware Microsoft ILM 2007(CLM) is designed to address the challenges associated with certificate and smart card issuance and lifecycle management.

8 Microsoft's Approach to IDA Platform Components
Microsoft Solution Focus Areas Platform Technologies Active Directory Domain Services (AD DS) Active Directory Certificate Services (AD CS) Active Directory Federation Services (AD FS) Active Directory Rights Management Services (AD RMS) Active Directory Lightweight Directory Services (AD LDS) Identity Lifecycle Mgmt Information Protection User and Developer Experiences Microsoft Office Windows Web Portals CardSpace Federated Identity IDA Management Capabilities IDA Management Capabilities ILM ILM Partners Partners AD Domain Services AD Federation Services AD Rights Management Services AD Certificate Services BizTalk NET Visual Studio ILM SDK Platform Components AD Lightweight Dir Services Strong Authentication Directory Services 20+ Connectors Extensibility WS-* Extensibility

9 Active Directory Certificate Services
Use Case Accounts that use cert-enabled Applications Certificate-Enabled Applications Smart Card Logon Software Code Signing IP Security Encrypting File System Secure Internet Authentication 802.1x Active Directory Certificate Services Software Restriction Policy Digital Signatures Users Computers Services

10 ILM 2007(CLM) Functionality Smart Card & Certificate Lifecycle Management
Support for centralized, decentralized and self-service scenarios User self-service capabilities to help reduce helpdesk burden Configurable policy-based workflows for common tasks Enroll / renew / update Personalize smart card Recover / smart card replacement Issue temporary / duplicate smart card Revoke / retire / disable smart card Detailed auditing and reporting capabilities Extensibility to support additional authentication technologies including one time password (OTP) devices, physical access cards & biometrics Tightly integrated with Active Directory and Certificate Services

11 ILM Product Roadmap Today ILM “2” Integrated User Experiences
Management Access Credential Policy Integrated User Experiences Spans User, Credential, Access and Policy Management Built on a Common Foundation Connectors Delegation Workflow Identity Synchronization User Provisioning Certificate Lifecycle Management Smartcards & Certificates Logging Web Service API

12 Identity Lifecycle Manager 2007
Credential Issuance User account approved Identity validation Smart card / certificates issuance Access entitlements established Integrated workflow New User User account request Initial identity capture Access entitlements request Certificate & Smart card request User / Credential Management Centralized to self service Role / entitlement changes Password resets Dealing with ‘lost’ credentials Temporary card issuance Retire User De-provision entitlements Delete user account Retire smart card / credentials Reporting Audit trails for compliance Smart cards / credentials issued Temporary card issuance

13 Internet Information Server Microsoft Certificate Authority
ILM 2007(CLM) Architecture Certificate & Smart Card Lifecycle Management Microsoft Identity Lifecycle Manager Microsoft CA’s End User Physical Architecture SQL AD ILM Policy Module ILM Exit Module Internet Explorer ILM Browser Control ILM AD Integration ILM Web App Internet Information Server Component Architecture Microsoft Certificate Authority Smart Card Middleware

14 ILM 2007(CLM) Architecture Key Solution Components
ILM 2007 Server Central component of ILM architecture Web based ASP.NET application Web based user interface for manager and subscriber access Provides management services to Windows 2003 and 2008 CA’s Can support multiple CA’s simultaneously Stores all ILM management information in a Microsoft SQL Server database Physical Architecture SQL AD Microsoft CA’s ILM 2007 Server ILM 2007 Client

15 ILM 2007(CLM) Architecture Key Solution Components
Microsoft Certificate Services Tightly integrated with Windows Server 2003 and Windows Server 2008 Certificate Services ILM Policy Modules - determine whether certificate requests received by the CA should be approved, denied or marked as pending. Also allows for: Certificate subject/SAN customization Support for non-ILM generated requests ILM Exit Modules - provide post-processing after a certificate has been issued Physical Architecture SQL AD Microsoft CA’s ILM 2007 Server ILM 2007 Client

16 ILM 2007(CLM) Architecture Key Solution Components
Active Directory Tightly integrated with Active Directory for user authentication and definition of user permissions Requires minor Active Directory schema extension to support objects / privileges required by ILM Enables ILM to leverage administrative and management models configured within an existing Active Directory environment Enables organizations to leverage investments in their existing AD environments: Centralized to highly distributed scenarios Multiple domains and forests Physical Architecture SQL AD Microsoft CA’s ILM 2007 Server ILM 2007 Client

17 ILM 2007(CLM) Architecture Key Solution Components
SQL Server Used as repository for all certificate and smart card management information including: Profile templates Audit logs of all ILM activities ILM does not require a dedicated SQL Server database Supports SQL Server running in clustered environments for high availability scenarios Supports clustering, mirroring, log shipping Physical Architecture SQL AD Microsoft CA’s ILM 2007 Server ILM 2007 Client

18 ILM 2007(CLM) Architecture Key Solution Components
ILM 2007 API’s Provisioning API - enables custom applications to access smart card and certificate management workflows with ILM Notification API - used to initiate custom code modules based on specific ILM events including: Distribution of one time passwords to devices such as cell phones Initiate provisioning of account information to other applications. E.g. Physical Access SQL API - enables developers to access ILM functionality by writing to the external_requests table in the SQL Server database Additional ILM extensibility: Custom validators for external data validation during enrollment process Physical Architecture SQL AD Microsoft CA’s ILM 2007 Server ILM 2007 Client

19 ILM 2007(CLM) Architecture Key Solution Components
ILM 2007(CLM) Client Used for smart card communications and profile management Runs on Windows XP SP2 (or later) and Windows Vista Users access ILM portal via IE v6.0 or higher Uses ActiveX control to integrate with smart card via BaseCSP or PKCS#11 compliant middleware Provides additional client side functionality On-line updates for certificate profiles Off-line smart card PIN unblocking Physical Architecture SQL AD Microsoft CA’s ILM 2007 Server ILM 2007 Client

20 ILM 2007(CLM) Architecture Key Solution Components
Smart Card Middleware Binds the smart card, card driver and management infrastructure required to manage the cards ILM 2007 supports 2 middleware standards: PKCS#11 - widely implemented but not always consistently across smart card vendors Microsoft BaseCSP - robust, smaller footprint and consistent approach for all card vendors BaseCSP compliant smart cards (*): Gemalto’s .NET smart card HID’s Crescendo smart card PKCS#11 compliant smart cards / middleware (*): Axalto Client Software (ACS) v5.2 Gemplus GemSafe v4.2 SP3 AET SafeSign v2.2 Aladdin eToken RTE v3.65 Siemens HiPath SIcurity Card API v IAS Middleware version 1.03 Physical Architecture SQL AD Microsoft CA’s ILM 2007 Server ILM 2007 Client (*) – Supported by ILM 2007 FP1

21 ILM 2007(CLM) Architecture Protocols and Dependencies

22 ILM 2007(CLM) Configuration Roles
Description Subscriber Can perform a limited number of functions against their own certificates or smart cards Has access to the CLM Subscriber Portal Manager Performs management functions for a group of subscribers Has access to the CLM Manager Portal

23 ILM 2007(CLM) Configuration
Roles Roles Creation of an AD Group(s) Associating ILM permissions with that group Benefit is flexibility to support a wide range of deployment scenarios ILM supports 2 types of roles Subscribers End users that require smart card and certificate services including: Smart Card Logon Secure Wireless LAN Access etc. Managers Administrators granted permissions to: Perform ILM management functions Manage groups of end users Approve self-service requests

24 ILM 2007(CLM) Configuration Permissions
Enable delegation of responsibilities & sophisticated role management Roles determine permissions to perform certificate management functions Configured using standard Active Directory permission management tools Extended to include CLM permissions CLM Audit CLM Enrollment Agent CLM Request Enroll CLM Request Renew CLM Request Revoke CLM Request Unblock Smart Card

25 Registration Model Self-Service Workflow Example
Manager Approval Required? Subscriber Executes Request and Certificate is Issued Subscriber Initiates Certificate Request Subscriber Responds to Data Collection No Data collection Data validation Manager approval(s) prior to request execution May involve: Yes Manager Approves Request for Certificate LOW LOW -- MED MED MED -- HIGH HIGH 25

26 Registration Model Delegated Workflow Example
Manager1 Initiates Certificate Request Approval Required? Subscriber Executes Request, and Certificate is Issued Manager1 Responds to Data Collection OTS Distributed by to Subscriber No Yes Approval by a different manager Data collection notification Distribution of one-time secrets (OTSs) May require: Manager2 Approves Request for Certificate LOW LOW -- MED MED MED -- HIGH HIGH 26

27 Registration Model Centralized Workflow Example
Smart Card and PIN or PFX file and password is Distributed to Subscriber Subscriber Receives Card and PIN Ready to Use or imports PFX file with password Manager Receives Request for Certificate or Smart Card Manager Issues Smart Card or Subscriber Certificates Smart cards are issued from central location Card can be shipped ready-to-use or blocked Request can be initiated by the Subscriber or Manager LOW LOW -- MED MED MED -- HIGH HIGH 27

28 Registration Model In-Person-Proofing Workflow Example
Manager Issues Smart Card and Subscriber Certificates Subscriber Receives Smart Card Ready to Use Subscriber Arrives at Issuance Office Manager Verifies Subscriber’s Identity Manager validates identity of CS during a face-to-face session Data is collected during a face-to-face session Issuance cannot take place without data collection input LOW LOW -- MED MED MED -- HIGH HIGH 28

29 ILM 2007(CLM) Configuration Profile Templates
Certificate Templates Management Policies . . . Enrollment Enroll Recover Revoke Profile Template Smart card Profile Details

30 ILM 2007(CLM) Configuration Profile Templates – Certificate Templates
Only a single CA can issue a specific certificate template for use in a profile template A profile template can contain different certificate templates issued by multiple CAs CA with CLM modules installed CA with CLM modules installed Certificate Templates

31 ILM 2007 Architecture Profile Templates
Profile Templates are a core component of all management activities within ILM Provides a single point of administration to manage certificates and smart cards Can contain one or more certificate templates managed as a single item Authentication certificate Encryption certificate Digital signature certificate Certificate templates are read directly from AD and issued from selected CA Provides ability to handle encryption certificates for future recovery Profile template includes configuration for the management policies to be used Profile Templates Certificate Template(s) Management Policies Enrollment Work flow Self-Service Data Collection Recover Work flow Self-Service Data Collection Etc., Work flow Self-Service Data Collection Smart Card Information (if needed)

32 ILM 2007 Architecture Profile Templates
Management tasks supported include: Enrollment Recover (Replace) Renewal Revocation Disable Off-line Unblock (for smart card profiles) Duplicate (for smart card profiles) Each management policy / task can be configured separately Provides flexibility to manage these tasks in alignment with existing policies / processes of the business Predetermined approval mechanism and distribution of approval information also supported Profile Templates Certificate Template(s) Management Policies Enrollment Work flow Self-Service Data Collection Recover Work flow Self-Service Data Collection Etc., Work flow Self-Service Data Collection Smart Card Information (if needed)

33 ILM 2007(CLM) Configuration Profile Templates – Management Policies(Workflows)
Management Policy Description Enroll Policy Governs requests for a new profile or smart card Duplicate Policy Creates an exact duplicate of an issued profile or smart card. The existing card is marked as the primary card, but the duplicate is fully functional Renew Policy Renews all certificates in a profile when the expiration period is reached. Certificates are renewed with new key pairs, and key history is maintained Reinstate Policy Reinstates a profile or smart card that was temporarily revoked Recover on Behalf Allows a user to recover a profile or smart card issued to another user Online Updates Automates the update of profiles or smart cards for certificate content change, certificate template inclusion and certificate expiration

34 ILM 2007(CLM) Configuration Profile Templates – Management Policies(Workflows)
Management Policy Description Replace Policy Allows recovery of a profile if a smart card is lost or stolen Disable Policy Allows a certificate on a smart card to be terminated before expiration Retire Policy Revokes all certificates on a smart card and can remove all data from the smart card, allowing its re-use Unblock Policy Defines the workflows for unblocking smart cards due to incorrect PIN entry or for cards shipped with a CLM-set PIN Temporary Cards Policy Allows temporary smart cards to be issued in the event a user does not bring the smart card to the office Offline Unblock Defines the workflow for unblocking BaseCSP smart cards offline

35 ILM 2007(CLM) Configuration Profile Templates – Smart card configuration
What card vendor? Initialize card? Card reuse? Secure key loading? Install CA certificate? Certificate label text Max # of certificates Admin PIN options User PIN options Enable Smart Card Printing

36 Smart Card Profile Template Configuration
3/31/2017 9:48 PM Smart Card Profile Template Configuration demo © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 ILM 2007(CLM) Configuration Profile Template – Smart card printing
Choose a supported printer Datacard SP35 Datacard SP55 Datacard SP75 Install Pre-Requisite Software at printing station .NET Framework 2.0 Smart card CSP and middleware/mini-driver Certificate Lifecycle Manager Client Datakey ID Works® 5.1 Enterprise Identification Software Bulk Issuance Client SP55 SP35 SP75

38 ILM 2007(CLM) Configuration Profile Templates - Other Items
ILM(CLM) Bulk Issuance Client Card accompanying letter printing Secure PIN sheet printing Data Collection and Validation Kiosk page functionality for Temporary card issuing Encryption history for encryption certificates

39 ILM 2007(CLM) in Action 3/31/2017 9:48 PM 39
©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

40 Integrated User and Smart Card provisioning
3/31/2017 9:48 PM Integrated User and Smart Card provisioning demo © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 Smart Card Lifecycle Management
3/31/2017 9:48 PM Smart Card Lifecycle Management demo © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 ILM 2007(CLM) Architecture Auditing and Reporting Capabilities
ILM 2007 provides rich auditing and reporting capabilities 3 different types of reports provided: Summary Reports - graphical summary of certificate lifecycle usage information Detailed Reports - granular information on certificate / smart card lifecycle usage Settings Reports - configuration and settings of certificate or profile templates All certificate lifecycle activity logs and auditing information is stored in SQL Server repository All reports are accessible through a web based management interface All reports can be exported for further processing in other applications Ad hoc reports can also be developed using SQL Server Report Manager

43 Strong Authentication Deployment Scenarios
Certificate Management Scenarios Smart Card Logon Secure Remote Access (VPN) Secure (S/MIME) Secure Web Access (SSL) Document Signing High Availability Architecture Distributed Certificate Enrollment Certificate Auto-enrollment in Windows Wireless LAN Authentication File & Hard Drive Encryption

44 Windows Logon UI prompt
Smart Card Logon Windows Logon UI prompt for smart card PIN User Logon Experience User inserts smart card into desktop / laptop smart card reader Windows Logon User Interface (UI) recognizes a smart card has been inserted Windows Logon UI prompts user for their smart card Personal Identification Number (PIN) PIN received -- smart card certificate is used to initiate Kerberos logon to Windows network User session may be configured to lock or automatically log-off if the smart card is removed

45 Smart Card Logon The role ILM plays …
ILM 2007 is central to providing management capabilities Configure the smart card to support smart card logon Configure and manage all certificates stored on smart card Enroll users and user accounts with smart cards Manage smart card personalization / printing process Manage the smart cards once users are enrolled Unblock a user’s smart card ILM 2007 provides detailed reporting capabilities Enrollment requests / approval tracking reports Smart card configuration reports Smart card deployment / tracking reports Certificate usage / expiry reports Certificate revocation list reports

46 Secure Remote Access - VPN The role ILM plays …
ILM 2007 is central to providing management capabilities Configure the smart card to support smart card logon Enroll users and user accounts with smart cards Enroll users for VPN certificates Manage smart cards / certificates once users are enrolled Deprovisioning to revoke VPN access ILM 2007 provides detailed reporting capabilities Smart card configuration reports Smart card deployment / tracking reports Who has been provisioned VPN access Certificate usage / expiry reports Certificate revocation list reports

47 Secure Email User Scenario User Experience
Microsoft Certificate Services is configured to issue S/MIME encryption and signing certificates Microsoft Exchange is used as the messaging platform Microsoft Outlook is used as the client Outlook 2003 and Outlook 2007 are both supported Enables digital signing capabilities User Experience Once users have enrolled for S/MIME certificates - they are downloaded to their workstation S/MIME certificates can be stored locally on their workstation or on a Smart Card Certificates also published to AD for lookup of public key information to encrypt s Once enrolled - users can access Outlook encryption and signing functionality encrypted in the S/MIME mail format and can not be read by intermediary parties

48 Secure Email The role ILM plays …
ILM 2007 is central to providing management capabilities Configure the smart card to support smart card logon Enroll users and user accounts with smart cards Enroll users for S/MIME certificates Manage the smart cards / certificates once users are enrolled Ability to recover encrypted ILM 2007 provides detailed reporting capabilities Enrollment requests / approval tracking reports Smart card configuration reports Smart card deployment / tracking reports Certificate usage / expiry reports

49 Additional Resources Microsoft ILM Website - www.microsoft.com/ilm
Datasheets Whitepapers Flash Demo ILM / ISV Partners Microsoft IDA Website - Identity & Access Solution Areas IDA Solution Brochures IDA ISV / Systems Integration Partners IDC Identity IO Whitepaper

50 Questions

51 3/31/2017 9:48 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

52

53 Backup Slides

54 Deploying ILM 2007 Best Practices
Ensure ILM roles and permissions are planned and mapped out correctly Architecture of ILM deployment is dependent on a healthy Certificate Services environment One workflow / registration model does not fit all certificate use cases AD schema extension required by ILM must be planned for accordingly Spend the time to select the right smart card / token platform that fits your business requirements and different use cases Availability of overall solution is primarily dependent upon the robustness of the underlying AD infrastructure

55 Benefits of an ILM Approach
Business Benefits Technical Benefits Integrated user / credential provisioning Alignment with company security policies Facilitates compliance enforcement Improves operational efficiency Reduces the help desk burden Leverages existing Microsoft infrastructure Simplifies the complexities of deploying strong authentication technologies Supports a range of strong authentication technologies / vendors Provides full smart card / credential lifecycle management Supports a range of deployment scenarios Flexible policy-driven workflow Integrated platform for logical / physical access solutions Microsoft ILM reduces the cost / complexities of deploying multi-factor authentication technologies and driving additional value in Active Directory environments

56 Summary Benefits of a Microsoft ILM Approach:
Reduces the cost / complexities of deploying strong authentication Flexibility to select the right authentication technology Provides an integrated user / credential provisioning process Facilitates stronger identity assurance and compliance enforcement Improves operational efficiency for user / credential lifecycle management Leverages your existing Microsoft environment

57 Getting Started Confirm Business Need Confirm Corporate Support
Identify your strong authentication business drivers Do you need smart cards, certificates, OTP tokens or biometrics? Do you need to integrate your logical & physical access systems? Confirm Corporate Support Confirm executive sponsorship, budget and high level timeline Identify business unit champion and cross functional team Engage IT security / infrastructure support teams Initial IT Environmental Assessment What multi-factor authentication technologies already exist? Confirm Active Directory and Certificate Services foundation Identify Windows Server and Client operating platforms Engage Domain Expertise Decide to use a commercial software based solution approach Engage MS services partner with strong authentication expertise Understand the alternatives and develop roadmap forward

58 Strong Partner Ecosystem
User Provisioning Smartcard Authentication Full Life-cycle Management Secure Wireless Encryption and Signing Strong Authentication Secure access beyond usernames and passwords Access Management Credential Management Policy Management Identity Lifecycle Management Automate identity and access management Directory Services Simplify the management of users and devices Microsoft IDA Partners Extending the Microsoft ILM and Active Directory platform Microsoft IDA Partners Supporting a range of multi-factor authentication technologies Quest - IdM to non-Windows Platforms Omada - Roles Based Access Control Centrify - Federation Solutions Gemalto - Protiva smart cards / tokens HID Global - Crescendo smart cards Athena - ASECard smart cards / tokens

59 Identity Lifecycle Manager 2007
Identity Synchronization Provides single view of a user across enterprise systems Keeps identity information consistent across systems Leverages your Active Directory infrastructure User Provisioning Automates the process of on-boarding & off-boarding users Simplifies compliance through automated IDA enforcement Enforces consistent credentials across systems Certificate and Smart Card Management Reduces the cost of managing certificate-based credentials Simplifies the complexities of deploying smart cards Integrated platform for logical / physical access solutions

60 ILM “2” Solution Focus Areas
User Management Simplified user provisioning Self-service and admin Profile Management Enables integration of user, device, and service management Credential Management Self-service and help desk credential change & reset Manage multiple credential types (passwords, credentials, smart cards) Integrated with Windows logon Access Management Delegated & self-service group and distribution list management Information worker self-service experiences through Office and SharePoint Dynamic groups/roles & distribution lists Policy Management Visual, natural language process authoring, editing, and reporting Extensible workflows through Windows Workflow Foundation Integrates with SQL Reporting Services for advanced reporting

61 Your MSDN resources check out these websites, blogs & more!
3/31/2017 9:48 PM Your MSDN resources check out these websites, blogs & more! Presentations TechDays: MSDN Events: MSDN Webcasts: MSDN Events MSDN Events: Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin MSDN Flash (our by weekly newsletter) Subscribe: MSDN Team Blog RSS: Developer User Groups & Communities Mobile Devices: Microsoft Solutions User Group Switzerland: .NET Managed User Group of Switzerland: FoxPro User Group Switzerland: © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

62 Your TechNet resources check out these websites, blogs & more!
3/31/2017 9:48 PM Your TechNet resources check out these websites, blogs & more! Presentations TechDays: TechNet Events TechNet Events: Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin TechNet Flash (our by weekly newsletter) Subscribe: Schweizer IT Professional und TechNet Blog RSS: IT Professional User Groups & Communities SwissITPro User Group: NT Anwendergruppe Schweiz: PASS (Professional Association for SQL Server): © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

63 Save the date for tech·days next year!
3/31/2017 9:48 PM Save the date for tech·days next year! 7. – 8. April 2010 Congress Center Basel © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

64 Premium Sponsoring Partners
3/31/2017 9:48 PM Premium Sponsoring Partners Classic Sponsoring Partners Media Partner © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Strong Authentication with Smart cards using ILM(CLM)"

Similar presentations

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Christian Weyer Solution Architect thinktecture

Christian Weyer Solution Architect thinktecture
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Designing InfoPath Forms: The Dos and Donts Deploying InfoPath Forms: Making the right choice Adding custom business logicin case the built-in stuff isnt.

Designing InfoPath Forms: The Dos and Donts Deploying InfoPath Forms: Making the right choice Adding custom business logicin case the built-in stuff isnt.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS

Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS
System Operation Manager 2007 R2 im Überblick SESSION: I207 Walter Pitrof Technology Solution Professional Microsoft Switzerland

System Operation Manager 2007 R2 im Überblick SESSION: I207 Walter Pitrof Technology Solution Professional Microsoft Switzerland
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google