Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity and Access Management

Published byPrimrose Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity and Access Management"— Presentation transcript:

1 Identity and Access Management
Paula Kiernan Senior Consultant Ward Solutions

2 Session Prerequisites
Hands-on experience with Microsoft Windows Server, Windows management tools, and Active Directory Basic understanding of network security fundamentals Basic understanding of directory and security services used in heterogeneous computing environments Level 200

3 Session Overview Overview of Identity and Access Management Concepts
Identity Management Intranet Access Management Extranet Access Management

4 Overview of Identity and Access Management Concepts
Identity Management Intranet Access Management Extranet Access Management

5 Managing Digital Identities: What Are the Challenges?
Challenges to managing digital identities include: Multiple identity stores Intranet access management Extranet access management

6 What Is Identity and Access Management?
Identity Life Cycle Management Access Management Directory Services Application Integration

7 How Can Identity and Access Management Reduce Directory Management Effort?
Initiatives that reduce directory management effort include: Automating provisioning and deprovisioning Implementing identity aggregation and synchronization Establishing directory service and security standards Establishing software development and procurement standards Reducing TCO

8 How Can Identity and Access Management Simplify the End User Experience?
Initiatives that simplify the end user experience include: Consolidating identity stores Improving password management Enabling SSO Improving access for employees, customers, and partners

9 How Can Identity and Access Management Increase Security?
Initiatives that increase security include: Establishing security and access policies Improving password management Strengthening authentication mechanisms Establishing security audit policy Developing identity-aware applications

10 Understanding Identity and Access Management Technologies
Identity Life Cycle Management Identity Integration Provisioning/Deprovisioning Delegated Administration Self-Service Administration Credential and Password Management Access Management Authentication Authorization Trust Security Auditing Directory Services Users, Attributes Credentials, and Groups Active Directory Active Directory Application Mode

11 Identity Management Overview of Identity and Access Management Concepts Identity Management Intranet Access Management Extranet Access Management

12 Managing Identities: What Are the Challenges?
Challenges related to managing multiple identity stores include: Management costs Employee productivity Security Customer service and supply chain integration

13 Understanding the Identity Life Cycle
1 New User -User ID creation -Credential issuance -Entitlements 4 Retire User -Delete accounts -Remove entitlements 2 Change User -Promotions -Transfers -Entitlement changes 3 Help Desk -Password reset -New entitlements

14 Managing Identity Integration
Approaches to managing identity integration among directory stores include: Manual administration Custom scripts Integration services Identity integration products

15 Understanding Identity Integration Products and Services
You can implement identity integration by using a number of identity integration products and services: Identity Integration Feature Pack Microsoft Identity Integration Server 2003 Services for UNIX Services for NetWare Host Integration Server Active Directory Connector Active Directory to ADAM Synchronizer

16 Using the Identity Integration Feature Pack to Manage Identities
IIFP is a free product that provides connections to only the following directories and applications: Active Directory for Windows 2000 Server and later Active Directory Application Mode (ADAM) GAL synchronization for Exchange 2000 Server and Exchange Server 2003

17 Using Microsoft Identity Integration Server to Manage Identities
MIIS 2003 provides the following set of features: Identity aggregation and synchronization Support for over 20 repositories Provides a single enterprise view of a user Uses SQL Server as the information repository Account provisioning Automated account creation/deletion Group & distribution list management Workflow Password management

18 Understanding Identity Integration Using MIIS
Synchronizes multiple repositories Agentless connection to other systems Attribute level control Manage global address lists Automate group and DL management CS MV MA Intranet Active Directory Sun ONE Directory Extranet Active Directory Legend CS=Connector Space MA=Management Agent MV=Metaverse MIIS 2003 Lotus Notes

19 Implementing Account Provisioning
Typical ways of implementing account provisioning include: HR-driven provisioning Web-driven provisioning Complex workflow provisioning using Microsoft BizTalk Server 2004 orchestration

20 Managing Passwords MIIS 2003 provides the ability to manage passwords through: Help desk reset Windows-initiated changes Web-initiated changes Other system–initiated changes through non-Microsoft software

21 Identity Management: Best Practices
Define all business rules before implementation ü Determine service-level agreements ü Identify all existing systems or processes that might conflict with identity synchronization ü Train development and support staff ü Plan for custom code development ü Implement a disaster recovery plan and secure the MIIS service accounts ü

22 Intranet Access Management
Identity and Access Management Concepts Identity Management Intranet Access Management Extranet Access Management

23 Intranet Access Management: What Are the Challenges?
Common business challenges related to intranet access management include: No single sign-on capabilities A higher number of password reset requests Multiple, inconsistent approaches to security services

24 Approaches to Single Sign-on
Approaches to single sign-on, in order of preference, include: Application integration with Windows security services Platform integration with Windows directory and security services Application integration with Windows directory services Indirect integration through credential mapping Synchronized accounts and passwords

25 Implementing Single Sign-on
Approaches to implementing single sign-on include: Desktop-integrated SSO Web SSO Credential mapping, or Enterprise SSO

26 Using Credential Manager
Credential Manager is used to save the user’s credentials automatically and use them for future access to a resource Credential Manager supports the following types of credentials: User name and password combinations X.509 digital certificates Microsoft Passport credentials

27 Understanding Windows Authorization Options
Windows Server 2003 supports a number of authorization mechanisms: The Windows access control list–based impersonation model Role-based authorization ASP.NET authorization

28 Understanding Windows Server 2003 Authorization Manager
Authorization Manager organizes users into various roles within the application, as shown: Authorization Policy Store Mary Mary = Manager Bob = User Bob Authorization Checked at Application Server Role-based Access to Resources

29 Extranet Access Management
Overview of Identity and Access Management Identity Management Intranet Access Management Extranet Access Management

30 Extranet Access Management: What Are the Challenges?
Challenges related to extranet access management include: Providing secure sessions over the Web The need for a robust authentication and access control mechanism The need for a common security model that includes authentication, Web SSO, authorization, and personalization

31 Identifying Extranet Considerations
Considerations that may affect your extranet access management approach include: Virtual Private Network or Web SSO access Directory service selection Existing applications Identity life-cycle management Password security

32 Understanding Authentication Methods for Extranet Access
Protocols used for extranet access include: SSL 3.0 and TLS 1.0 Passport authentication Digest authentication Forms-based authentication Basic authentication

33 Understanding Authorization Techniques for Extranet Access
Extranet authorization techniques can include the following: ACL RBAC

34 Using Trusts and Shadow Accounts for Extranet Access
Alternatives to using trusts include: Using shadow accounts Implementing public key infrastructure trusts Using qualified subordination

35 Implementing Security Auditing
Use security auditing to monitor the following services: Directory services Authentication Authorization The following products and technologies can be used for security auditing and reporting: Windows Security Event Log WMI MOM

36 Session Summary Implementing an identity and access management solution will greatly reduce management effort, simplify the end user experience, and increase overall security ü MIIS 2003 can manage identity information, automate provisioning and deprovisioning, and synchronize various types of information among multiple identity store formats A thorough understanding of authentication and authorization options provides the background needed to effectively secure your network infrastructure It is important to understand which authentication and authorization protocols are appropriate for extranet access

37 Next Steps Find additional security training events:
Sign up for security communications: default.mspx Order the Security Guidance Kit: default.mspx Get additional security tools and content:

38 Questions and Answers

39 Paula Kiernan Ward Solutions paula.kiernan@ward.ie www.ward.ie
Contact Details Paula Kiernan Ward Solutions

Download ppt "Identity and Access Management"

Similar presentations

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.

UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Microsoft Identity Solutions

Microsoft Identity Solutions
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.

Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory
Identity Management with Microsoft Identity Integration Server.

Identity Management with Microsoft Identity Integration Server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google