Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Identity Steve Plank – Microsoft Hugh Simpson-Wells – Oxford Computer Group Dave Nesbitt – Oxford Computer Group.

Published byVictor Barker Modified over 9 years ago

Similar presentations

Presentation on theme: "Enterprise Identity Steve Plank – Microsoft Hugh Simpson-Wells – Oxford Computer Group Dave Nesbitt – Oxford Computer Group."— Presentation transcript:

1 Enterprise Identity Steve Plank – Microsoft Hugh Simpson-Wells – Oxford Computer Group Dave Nesbitt – Oxford Computer Group

2 Agenda Overview of Enterprise Identity Challenges/Solutions Individual Group Discussions (led) Large Group “Debate”

3 3 The Digital Identity Lifecycle Roles Director Service Manager Product Manager PA Sales Person Customer Service Engineer HR Admin Call Handler

4 4 Access Management Joining Identities Identity Data Aggregation Identity Data Enforcement Identity Data Brokering Hire/Fire Scenario The Digital Identity Lifecycle Role 1Role 3Role 4Role 5 Roles are defined People are hired People change role People are fired They leave of their own accord too! Role 2 They access critical assets A business owns critical assets

5 5 Hire Scenario HRSystem Provisioning System or Metadirectory E-mail ContractorSystem LOB App Database ApplicationDirectory InfrastructureDirectory E-mail Δ LDAP SQL API

6 6 Fire Scenario HRSystem Provisioning System or Metadirectory E-mail ContractorSystem LOB App Database ApplicationDirectory InfrastructureDirectory E-mail Δ LDAP SQL API

7 7 Metadirectory Join on employeeID Join on mail Join, Attribute Flow, Enforcement… HRSystem ApplicationDirectory InfrastructureDirectory E-mailSystem givenName sn title mail employeeID telephone Klarek Cenntt 008 givenName sn title mail employeeID telephone Clark Kennttt Clark@contoso.com 007 givenName sn title mail employeeID telephone Klarke Kent 867-5309 Reporter Clark@contoso.com Reporter givenName sn title mail employeeID telephone Clark Reporter Kent 007 JOINED Join on employeeID givenName sn title mail employeeID telephone Clark Kent 007 Project to Metadirectory JOINED 007 Clark@contoso.com Superhero +44 123 456 7890 Manual Join JOINED +44 123 456 7890

8 8 Metadirectory Identity Joining Scenario HRSystem ApplicationDirectory InfrastructureDirectory E-mailSystem givenName sn title mail employeeID telephone Klarek Cenntt 008 givenName sn title mail employeeID telephone Clark Kennttt Clark@contoso.com 007 givenName sn title mail employeeID telephone Klarke Kent 867-5309 Reporter Clark@contoso.com Reporter givenName sn title mail employeeID telephone Clark Reporter Kent 007 givenName sn title mail employeeID telephone Clark Kent 007 Clark@contoso.com Superhero +44 123 456 7890 givenName sn title mail employeeID telephone+44 123 456 7890 Clark Superhero Clark@contoso.com Kent 007 +44 123 456 7890 Clark Superhero Clark@contoso.com Kent 007 +44 123 456 7890 Clark Superhero Clark@contoso.com Kent 007 +44 123 456 7890 Clark Superhero Clark@contoso.com Kent 007 +44 123 456 7890 Clark Superhero Clark@contoso.com Kent 007 +44 123 456 7890 Clark

9 9 Single Sign On Simple SSO Single Authentication Authority, Single Server Single Authentication Authority, Multiple Server Complex SSO Single Credential Set Token Based SSO PKI Based SSO Multiple Credential Set Credential Sync (Consistent Sign On) Client-side Credential Mapping Server-side Credential Mapping

10 10 Simple SSO Resource Server Trust Token Validation AuthN Exchange AuthN Exchange Authentication Service Credential Store (probably LDAP directory) Replication

11 11 No SSO Authentication Service Credential Store (probably LDAP directory) Authentication Service Credential Store (probably LDAP directory) AuthN Exchange AuthN Exchange

12 12 Complex SSO: 1 Credential, Token-based Authentication Service Credential Store (probably LDAP directory) Authentication Service Credential Store (probably LDAP directory) AuthN Exchange Temp Token Temp Token Trust

13 13 Consistent Sign On: Password Sync Authentication Service Credential Store (probably LDAP directory) Authentication Service Credential Store (probably LDAP directory) AuthN Exchange AuthN Exchange Password Copy Service plaintext pwcyphertext pw Password Crypto System plaintext pw PW trap cyphertext pw Password Crypto System Normalize identities - metadirectory

14 14 Complex SSO – Client Cache Authentication Service Credential Store (probably LDAP directory) Authentication Service Credential Store (probably LDAP directory) AuthN Exchange AuthN Exchange Password Cache

15 15 Complex SSO – Server Cache Authentication Service Credential Store (probably LDAP directory) Authentication Service Credential Store (probably LDAP directory) AuthN Exchange AuthN Exchange Client Installed SSO Agent password

16 16 Client SSO Agent detects login dialog Retrieves credentials from ID store & fills in dialog Login User-id: Password: ID Store User object SSO Attributes : User-id: Password: FSmith ***** Client-side SSO Agent Understands password change dialogs Auto-generates new passwords Single Sign-On Complex SSO – Server Cache

17 Review Overview of Enterprise Identity Challenges/Solutions Individual Group Discussions (led) Large Group “Debate”

Download ppt "Enterprise Identity Steve Plank – Microsoft Hugh Simpson-Wells – Oxford Computer Group Dave Nesbitt – Oxford Computer Group."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Introducing Windows Server 2012 R2 Work Folders:

Introducing Windows Server 2012 R2 Work Folders:
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Identity Management with Microsoft Identity Integration Server.

Identity Management with Microsoft Identity Integration Server.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Understanding Active Directory

Understanding Active Directory
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Chapter 12: Additional Active Directory Server Roles

Chapter 12: Additional Active Directory Server Roles

Similar presentations

Ads by Google