Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management with Microsoft Identity Integration Server.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity Management with Microsoft Identity Integration Server."— Presentation transcript:

1 Identity Management with Microsoft Identity Integration Server

2 How Integration Happens “Identity Chaos” “Identity Chaos”  Multiple repositories of identity information  Multiple user IDs, multiple passwords  Decentralized management, ad hoc data sharing Flat Files And Sneaker-net Enterprise Directory HRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data

3 Opportunity For Improvement: HRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Enterprise Directory Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Metadirectory “Identity Integration” “Identity Integration”  Rock solid software to integrate identity

4 What is Identity Integration? Identity Data LDAP SQL Directory Synchronization Directory Synchronization Password Management Password Management Provisioning and Workflow Provisioning and Workflow NOS Mainframe/Unix Metadirectory

5 Exchange 5.5 Directory Synchronization Synchronizes multiple repositories Synchronizes multiple repositories “Agentless” connection to other systems “Agentless” connection to other systems Provides attribute-level control Provides attribute-level control Manage global address lists (GAL) Manage global address lists (GAL) Automate group and DL management Automate group and DL management Active Directory Notes iPlanet SQL Oracle Metadirectory

6 Password Management Initial password set Initial password set Centralized password control via a Web app Centralized password control via a Web app Self-service password reset Helpdesk password reset Decentralized password synchronization Decentralized password synchronization 3 rd party password sync products can easily integrate iPlanet Web app Metadirectory

7 Provisioning & Workflow Simple Provisioning & De-provisioning Simple Provisioning & De-provisioning  Provision users as they appear in authoritative systems  Set initial values for attributes (including password)  Disable or delete accounts Complex Workflow Complex Workflow  Initiate workflow or provisioning system  Integrate with BizTalk  Planning to add support for SPML when finalized  Integrate with 3 rd party provisioning systems Business Layers, WaveSet, Access360

8 What Is Microsoft Identity Integration Server? Microsoft Identity Integration Server is… Microsoft Identity Integration Server is…  The next version of Microsoft’s Metadirectory  A flexible synchronization and identity integration framework  Software that ensures consistency of identity data across repositories Microsoft Identity Integration Server makes it radically easier to design, deploy and manage a metadirectory across an enterprise of any size

9 Metadirectory Concepts Connected Data Source (CD) Connected Data Source (CD)  Any source and/or destination containing identity data Management Agent (MA) Management Agent (MA)  Facilitates the communication between Microsoft Identity Integration Server and the CD Connector Space (CS) Connector Space (CS)  Staging area for inbound or outbound synchronized attributes Metaverse (MV) Metaverse (MV)  Central (SQL) store of identity information  Matching CS entries to a single MV entry is called “join” CD Microsoft Identity Integration Server CS MV MA

10 Metadirectory Architecture Metadirectory MV CS CS CS SQL Server 2000 Identity Repositories Network CS

11 New Metadirectory Features Capability MMS 2.2 MIIS 2003 Standard datastore Proprietary SQL 2000 Microsoft Identity Integration Server extensions/Scripting Proprietary VS.NET languages Fault tolerance/failover Limited SQL Clustering Scalability1M100M LDAP access   - via ADAM Extensible APIs No WMI, SDK Easily move from test to production No Password Management No Support renames in connected systems No XML-basedNo Data lineage No Single User View (Polyarchy) No Consulting engagement RequiredOptional

12 Installation demo demo

13 User Interface demo demo

14 Metadirectory Connectors AD/Exchange 2000/Exchange 2003 AD/Exchange 2000/Exchange 2003 ADAM ADAM SunOne Directory (iPlanet) SunOne Directory (iPlanet) SQL SQL Oracle Oracle DSML 2.0 DSML 2.0 LDAP Directory Interchange Format (LDIF) LDAP Directory Interchange Format (LDIF) Delimited Text Delimited Text Fixed-Width Text Fixed-Width Text Attribute-Value Pair Text Attribute-Value Pair Text NT4 NT4 Exchange 5.5 Exchange 5.5 Lotus Notes 4.6 and 5.0 Lotus Notes 4.6 and 5.0 Novell eDirectory 8.62/8.7 Novell eDirectory 8.62/8.7 Other LDAP-based and RDBMS systems to follow Other LDAP-based and RDBMS systems to follow

15 Management Agents HRSystem Metadirectory iPlanetDirectory ActiveDirectory File LDAP

16 Creating Management Agents demo demo

17 Running Management Agents demo demo

18 Identity Aggregation HRSystem Metadirectory iPlanetDirectory ActiveDirectory FirstName LastName EmployeeID E-Mail Telephone givenName sn title mail employeeID telephone Klarek Cenntt 008 givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone Klarke Kent Superhero 007 givenName sn title mail employeeID telephone 867-5309 Clark Kent 007 Clark@contoso.com 867-5309 Clark Kent Clark@contoso.com 007 givenName sn title mail employeeID telephone Clark@contoso.com Clark Kent 007 Reporter 867-5309

19 Identity Aggregation demo demo

20 Provisioning/Workflow 1. Simple Provisioning/Deprovisioning Create accounts when new users appear in authoritative systems Create accounts when new users appear in authoritative systems Set initial values for attributes (including password) Set initial values for attributes (including password) Disable or delete accounts in response to change in authoritative systems Disable or delete accounts in response to change in authoritative systems 2. Complex Workflow Initiate workflow or provisioning system (ex: BizTalk Orchestration) for long-running or multi-part workflow Initiate workflow or provisioning system (ex: BizTalk Orchestration) for long-running or multi-part workflow Integrate with ISV Products Integrate with ISV Products

21 Provisioning Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory File LDAP

22 De-Provisioning Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory File LDAP

23 Simple Provisioning and De-Provisioning demo demo

24 Extending Capabilities Modify the behavior of Microsoft Identity Integration Server Modify the behavior of Microsoft Identity Integration Server Call methods on the interface in response to changes in the system Model defines a managed interface Model defines a managed interface Configuration set in UI determines which methods are called Write custom extensions in any programming language with a compiler for the CLR Write custom extensions in any programming language with a compiler for the CLR Visual Studio projects auto-generated for VB or C#

25 Extending Microsoft Identity Integration Server using Visual Studio.NET demo demo

26 Preview Mode System is transparent in design System is transparent in design  Allows architect/developer to preview work in the metadirectory without committing any changes Allows the testing of Allows the testing of  Configuration changes  New rules  New connected directories Can view all results through the UI Can view all results through the UI

27 Preview Mode demo demo

28 Passwords 1. Initial password set Core functionality Core functionality 2. Centralized password control Web-based, extensible application for building self-serve or helpdesk support applications Web-based, extensible application for building self-serve or helpdesk support applications 3. Decentralized password synchronization Integrate with ISV Products Integrate with ISV Products WebAppWebApp MIIS 2003 iPlanetiPlanet ADAD

29 Visualization Different hierarchies suit different needs Different hierarchies suit different needs Multiple hierarchical representations can be discovered from data Multiple hierarchical representations can be discovered from data Polyarchy eliminates the requirement for fixed hierarchy Polyarchy eliminates the requirement for fixed hierarchy Polyarchy provides multiple hierarchical views and richer visualization of infrastructure information Polyarchy provides multiple hierarchical views and richer visualization of infrastructure information

30 Summary Reduce administration cost Reduce administration cost GAL management DL/group management Helpdesk password reset Improved productivity Improved productivity User self-service Faster access to systems Increased security Increased security Fast de-provisioning iPlanet SQL Oracle Active Directory Exchange 5.5 Notes Metadirectory

31 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "Identity Management with Microsoft Identity Integration Server."

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Remote Desktop Services

Remote Desktop Services
Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.

Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Microsoft ® Exchange Online Migration and Coexistence Name Title Microsoft Corporation.

Microsoft ® Exchange Online Migration and Coexistence Name Title Microsoft Corporation.
Identity Lifecycle Management Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd Copyright.

Identity Lifecycle Management Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd Copyright.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
ESupport Shifting Customers to the Internet for Support Published: January 2002.

ESupport Shifting Customers to the Internet for Support Published: January 2002.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Understanding Active Directory

Understanding Active Directory
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures

Similar presentations

Ads by Google