Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV

Published byDorothy Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV"— Presentation transcript:

1 Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV theok@microsoft.com

2 Agenda Microsoft Identity Integration Server Concepts & Architecture (MIIS) Authorization Manager (AzMan)

3 What is Microsoft Identity Integration Server? Directory Synchronization Password Management Provisioning and Workflow Identity Data LDAP SQL NOS Mainframe/Unix MIIS

4 Connectivity in MIIS 2003, Enterprise Edition Active Directory Active Directory Application Mode Active Directory Global Address List (GAL) Attribute-value pair text file Delimited text file Directory Service Markup Language (DSML) 2.0 Exchange Server 5.5 Exchange Server 5.5 (Bridgehead Server) Extensible Connectivity Fixed-width text file IBM DB2 Universal Database IBM Directory Server LDAP Data Interchange Format (LDIF) Lotus Notes Novell eDirectory 8.6.2 and 8.7 Oracle Database 8i and 9i SQL Server 7.0 and 2000 Sun and Netscape Directory Servers Windows NT 4.0

5 Exchange 5.5 Directory Synchronization Synchronizes multiple repositories Management agents use “touchless” connection to other systems Provides attribute-level control Manage global address lists (GAL) Automate group and DL management Active Directory Notes SunOne SQL Oracle MIIS

6 Directory Synchronisation HRSystem MIIS LotusNotes ActiveDirectory API API LDAP LDAP DB DB

7 Attribute Flow

8 Password Management Initial password set when provisioning Centralized password control via a Web app & ctr-alt-del –Self-service password change –Helpdesk password reset Active Directory Sun One Web app & CTRL-ALT-DEL MIIS

9 Provisioning & Workflow Simple Provisioning & De-provisioning –Provision users as they appear in authoritative systems –Set initial values for attributes (including password) –Disable or delete accounts Complex Workflow –Initiate workflow or provisioning system –Integrate with BizTalk –Integrate with 3rd party provisioning systems

10 Provisioning Scenario HRSystem MIIS iPlanetDirectory ActiveDirectory DB LDAP

11 De-Provisioning Scenario HRSystem MIIS iPlanetDirectory ActiveDirectory DB LDAP

12 MIIS Architecture HR App with SQL ActiveDirectory Lotus Notes Metaverse Connector Space Metaverse Object Connector Connector Space Object

13 Authorization Manager AzMan Advantages Centralized authorization policy for multiple applications The ability to create security groups outside of Active Directory and managed by the application administrator The ability to create groups based on the result of an LDAP query Relies on a Policy Store for one or more apps –Delegated Admin (AD & ADAM only) –XML Store – not recommended for Enterprise Apps –Authorized users “Must” have an actual account on the web server or user account in AD or ADAM Introduced in Windows Server 2003 – Also available for Windows Server 2000

14 Authorization Manager Advantages 3 Key Mechanisms for user Role Assignments: –Membership in AD or Local Server, or AzMan Groups –LDAP Query Groups –BizRules Centrally Managed across the organization without managing Web.config files or changing application code

15 Web Expense Application Role={Tasks}, Task={Operations} Database Operation Web Operation Directory Operation Payment System Operation AdministratorApproverSubmitter Change Approver Approve Deny Payment Approve Reject Report Submit Report Cancel Report Check Status

16 AzMan Groups

17 AzMan Operation Defenitions

18 AzMan Task Definitions

19 How to use AzMan in your code?

20 MIIS & AzMan (HRApp naar MIIS)

21 MIIS & AzMan (MIIS Naar AD)

22 MIIS & AzMan (AzMan & AD)

23

Download ppt "Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV"

Similar presentations

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.
Forefront Identity Manager 2010

Forefront Identity Manager 2010
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.

Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.
Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.

Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.
To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you: Sydney.

To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you: Sydney.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Microsoft Identity Solutions

Microsoft Identity Solutions
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Identity Lifecycle Management Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd Copyright.

Identity Lifecycle Management Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd Copyright.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Identity Management with Microsoft Identity Integration Server.

Identity Management with Microsoft Identity Integration Server.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.

Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Similar presentations

Ads by Google