Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Forefront Identity Manager 2010

Published byPhoenix Guppy Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Forefront Identity Manager 2010"— Presentation transcript:

1 Microsoft Forefront Identity Manager 2010
Elton AGOLLI Chief of Infrastructure Section TETRA Solutions

2 Agenda Customer challenges Microsoft’s Identity and Access Strategy
Identity and Access Management The business challenges How Identity Manager addresses the challenges Scenarios Summary Resources

3 Identity & Access Customer Challenges
Compliance with regulatory requirements Auditable processes for granting access to resources Reducing help desk burden for end user requests Managing the complexity of distributed identity information Compliance Operational Efficiency IT Security Business Agility Enabling new high business value scenarios Supporting mergers, acquisitions & reorganizations Integrated user provisioning & credential management Ensuring that only authorized users can access resources

4 Business Ready Security Solutions
Secure Messaging Secure Collaboration Secure Endpoint Information Protection Identity and Access Management Active Directory® Federation Services

5 Identity and Access Management

6 Business and IT Challenges
Simplify user experience for collaboration across networks Provide seamless movement between applications Reduce cost of identity management Extend business resources, especially to the cloud Secure multiple devices and locations Manage complex identity lifecycles Provide secure access to applications from anywhere Manage disparate systems BUSINESS Needs IT Needs Agility and Flexibility Control

7 Identity and Access Management
Create Provision user Provision credentials Provision resources Policy Management Policy authoring Policy enforcement Approvals and notifications Audit trails Role changes Password and PIN reset Resource requests Update De-provision identities Revoke credentials De-provision resources Retire

8 Identity Lifecycle Manager -> Forefront Identity Manager
User Management Group Management Common Platform Workflow Connectors Logging Web Service API Synchronization Credential Management Policy Management Identity Synchronization User Provisioning Certificate and Smartcard Management Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Management Workflow and Policy 8

9 Version Feature Comparison
4/14/2017 Version Feature Comparison MIIS 2003 ILM 2007 FIM 2010 Identity synchronization X Password synchronization Policy authoring and editing solution ILM-CM only Policy enforcement Delegation management solution User provisioning solution Certificate and smart card management solution Group management solution DL management solution Workflow Self-service password reset Localized © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Forefront Identity Manger - Key Feature Areas
Policy Management SharePoint-based console for policy authoring, enforcement & auditing Extensible WS– * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency Credential Management Heterogeneous certificate management with 3rd party CAs Management of AD credentials Self-service password reset integrated with Windows logon User Management Integrated provisioning of identities, credentials, and resources Automated, declarative user provisioning and de-provisioning Self-service profile management Group Management Rich Office-based self-service group management tools Offline approvals through Office Automated group and distribution list updates

11 Delegation & Permissions
Forefront Identity Manger 2010 Architecture Solutions Group Mgmt Credential Mgmt Policy Mgmt Custom User Mgmt Outlook FIM Portal Windows Custom FIM Client Experiences Cert Mgmt ILM-CM DB ILM-CM Portal FIM Service and Portal ILM Sync FIM Service AuthZ Workflow AuthN Delegation & Permissions Action App DB Adapters Request Processor Sync Directories Databases Systems Applications Identity and data stores

12 User scenarios

13 Credential Management
End User Scenarios Example Scenario FIM 2010 Advantages Policy Management Automatic routing of multiple approvals Approval process through Office Audit trail of approvals CFO gives final approval for new user to access app with associated SOX compliance requirement Credential Management Integration with Windows logon No need to call help desk Faster time to resolution Self-service smart card provisioning & management User Management Automatic updating of business applications No need to call help desk Faster time to resolution User changes cell phone number Group Management User asks to join secure distribution list for new product development Request process through Office No waiting for help desk Faster time to resolution

14 IT Administrator Scenarios
Example Scenario FIM 2010 Advantages Policy Management Centralized management Automatic policy enforcement across systems Author policy to require HR approval for job title change Credential Management Generation and delivery of initial one-time use password Integration of smart card & cert enrollment with provisioning Create workflow to automatically issue passwords and smart cards to new users User Management Automatic policy enforcement across systems Management of role changes & retirements Automatically provision new employees with identity, mailbox, and credentials Group Management Automatic management of group membership Secure access to departmental resources, with audit trail Design policy to automatically create departmental security groups

15 Customizable Identity Portal
SharePoint-based Identity Portal for Management and Self Service How you extend it Add your own portal pages or web parts Build new custom solutions Expose new attributes to manage by extending FIM schema Choose SharePoint theme to customize look and feel

16 FIM PROVISIONING POLICY APPLIED
4/14/2017 9:10 AM New Employee Scenario Given Name Melissa Surname Meyers Title Analyst Department Finance Employee ID 122145 Employee type Full Time Given Name Melissa Surname Meyers Title Analyst Department Finance Employee ID 122145 Employee type Full Time contoso.com Given Name Melissa Surname Meyers Title Analyst Department Finance Employee ID 122145 Employee type Full Time HR SYSTEM MANAGER APPROVAL FIM PROVISIONING POLICY APPLIED FIM 2010 MANAGER APPROVAL MAINFRAME ACTIVE DIRECTORY FINANCE APPLICATION EXCHANGE FINANCE PORTAL SMART CARD iPLANET © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

17 Workflow Create user

18 Employee Transition Scenario
4/14/2017 9:10 AM Employee Transition Scenario Given Name Melissa Surname Meyers Title Group Marketing Manager Department Marketing Employee ID 122145 Employee type Full Time contoso.com Given Name Melissa Surname Meyers Title Analyst Department Finance Employee ID 122145 Employee type Full Time contoso.com Given Name Melissa Surname Meyers Title Group Marketing Manager Department Marketing Employee ID 122145 Employee type Full Time contoso.com HR SYSTEM FIM PROVISIONING POLICY APPLIED FIM 2010 MAINFRAME ACTIVE DIRECTORY MARKETING APPLICATION FINANCE APPLICATION EXCHANGE FINANCE PORTAL MARKETING PORTAL SMART CARD iPLANET © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

19 Separation/Fire Scenario
4/14/2017 9:10 AM Separation/Fire Scenario Given Name Melissa Surname Meyers Title Group Marketing Manager Department Finance EmployeeI D 122145 Employee type Terminated contoso.com Given Name Melissa Surname Meyers Title Group Marketing Manager Department Finance Employee ID 122145 Employee type Full Time contoso.com Given Name Melissa Surname Meyers Title Group Marketing Manager Department Finance Employee ID 122145 Employee type Terminated contoso.com HR SYSTEM FIM PROVISIONING POLICY APPLIED FIM 2010 MAINFRAME ACTIVE DIRECTORY MARKETING APPLICATION EXCHANGE MARKETING PORTAL SMART CARD iPLANET © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

20 FIM 2010 In Action Self-service password management
User forgets password Requests password reset at Win logon and answers Q/A Does user have permission to reset password? FIM receives XML FIM validates Q/A response from user Request Processor Delegation & Permissions AuthN & AuthZ Workflows FIM makes call to reset password in AD FIM syncs new password to external identity stores Changes committed to FIM app store Sync DB Service DB Management Agents Action Workflow Identity Stores

21 FIM 2010 In Action Self-service smart card provisioning
AuthN & AuthZ Workflows Delegation & Permissions Action Workflow Service DB Sync DB Management Agents New user added in HR app Does user have permission to add user to FIM ? FIM manages manager and dept head approvals Once approved, changes committed to ILM app store FIM sends welcome and confirmation s Identity Stores FIM syncs to external identity stores Sync receives request Approval workflows Card created & printed Certificates requested Self-service notification and One Time Password sent to end user End user downloads certificates onto smart card FIM CM

22 Self-Service Group Management
Situation: User needs to join the Fabrikam Project Virtual Team group Without Forefront Identity Manager 2010 Activity Costs to the Business Melissa Meyers, Business User Calls help desk Lost productivity No resource access when she needs it Chad Rice, Accounts Administrator Manually edits AD Users and Computers to add user to group Risk of error and policy non-compliance Cost of manual administration

23 Self-Service Group Management
Situation: User needs to join the Fabrikam Project Virtual Team group With Forefront Identity Manager 2010 Activity Business Benefits Chad Rice, Accounts Administrator Uses FIM to establish group management policies and workflows Efficiency Security Compliance Melissa Meyers, Business User Request to join Group from Outlook FIM routes approvals and grants appropriate access User productivity Enables effective business interactions

24 Create Distribution List

25 Create Distribution List

26 Create Distribution List

27 Unauthorized User Attribute Change
Situation: IT accidentally makes an unauthorized change to a user’s title Without Forefront Identity Manager 2010 Activity Costs to the Business HR Administrator, Samantha Smith Updates Megan Meyers’ title in SAP Chad Rice, Accounts Administrator Asked to update Megan Meyers titles other systems Accidentally changes Melissa Meyers title in ADUC Risk of error and policy non-compliance Cost of manual admin Ted Smith, Compliance Auditor Discovers error in manual audit process of purchase order application Cost of manual auditing Delay in discovery of non-compliance

28 Unauthorized Change Situation: IT accidentally makes an unauthorized change to a user’s title With Forefront Identity Manager 2010 Activity Business Benefits Chad Rice, Accounts Administrator Uses FIM to establish policies and workflows to that include management of job title data Efficiency Security Compliance HR Administrator, Samantha Smith Updates Megan Meyers’ title in SAP Title change data flows to other systems that use it, per FIM policy Efficiency Compliance Ted Smith, Compliance Auditor Uses FIM audit trail to audit approvals Efficiency Compliance

29 Summary: FIM 2010 Software for policy-based management of identities, credentials, and resources across heterogeneous environments Empowers People Provides Office-based self-service tools SharePoint admin console to manage identities Greater productivity through faster time to resolution Delivers Agility and Efficiency Reduces costs through automation and self-service Maximizes existing investments in Identity Infrastructure Integrates with familiar developer tools to enable new scenarios Increases Security and Compliance Integrates identity, credential, and access management Rich permissions and delegation model Enables system auditing and compliance

30 Resources Learn more about Forefront Identity Manager
FIM 2010 Product Page: Learn about Microsoft Forefront Identity and Security Forefront Home Page: Evaluate the Identity Manger Visit

31 © 2008 Microsoft Corporation. All rights reserved
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Forefront Identity Manager 2010"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.

Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux.

Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
SharePoint Collaboration Features & Workflow

SharePoint Collaboration Features & Workflow
Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.

Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.
Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.

Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Optimizing Business Operations Business Priorities Presentation.

Optimizing Business Operations Business Priorities Presentation.
Understanding Active Directory

Understanding Active Directory
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
SIM332 UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement.

SIM332 UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement.
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Christian Jäggli Principal Consultant Microsoft Corporation.

Christian Jäggli Principal Consultant Microsoft Corporation.

Similar presentations

Ads by Google