amol bhandarkar technology specialist...
TRANSCRIPT
Amol BhandarkarTechnology Specialist – Identity & AccessMicrosoft
Agenda
Identity & Access Management
ILM 2 High level architecture
ILM 2 Features
Demo of ILM 2
Identity & Access Management
Identity-Based Access
Network Access
• Identity-oriented
edge access - e.g.
NAP
Identity Infrastructure
Identity & Credentials Infrastructure : Directory – Identity/Credentials, Infocards, Meta/Virt Dir,
Basic Policy
Identity & Access Management
Compliance and Audit: Monitoring, reporting , auditing of identity-based access activity
Identity & Credential Management: User provisioning, Certificate & Smartcard Management, User
self-service
Policy Management: Identity policy, user/role-based access policy, federation policy, Delegation
Access Management: Group Management, Federation/Trust Management, Entitlements, RBAC
Remote Access
• Access resources
remotely - e.gSSL
VPN
App Access
• SSO, Web/Ent/Host
Access, Federation
Info Access
• Drive Encryption,
ILP, Rights
Management
Microsoft Identity Lifecycle Manager
Identity Synchronization
User Provisioning
Certificate and Smartcard Management
Office Integration for Self-Service
Support for 3rd Party CAs
Codeless Provisioning
Group & DL Management
Workflow and Policy
User Management
GroupManagement
Credential Management
Common PlatformWorkflowConnectorsLoggingWeb Service APISynchronization
PolicyManagement
ILM 2 High Level Architecture
Credential Management
Heterogeneous certificate management with 3rd party CAs
Management of multiple credential types, including One Time Passwords
Self-service password reset integrated with Windows logon
GroupManagement
Rich Office-based self-service group management tools
Offline approvals through Office
Automated group and distribution list updates
UserManagement
Integrated provisioning of identities, credentials, and resources
Automated, codeless user provisioning and de-provisioning
Self-service profile management
PolicyManagement
SharePoint-based console for policy authoring, enforcement & auditing
Extensible WS– * APIs and Windows Workflow Foundation workflows
Heterogeneous identity synchronization and consistency
Identity Lifecycle Manager “2” Features
7
End User Scenarios
Credential Management
GroupManagement
UserManagement
PolicyManagement
8
Integration with Windows logon
No need to call help desk
Faster time to resolution
Request process through Office
No waiting for help desk
Faster time to resolution
Automatic updating of business applications
No need to call help desk
Faster time to resolution
Automatic routing of multiple approvals
Approval process through Office
Audit trail of approvals
IT Administrator Scenarios
Credential Management
GroupManagement
UserManagement
9
PolicyManagement
Centralized management
Automatic policy enforcement across systems
Automatic policy enforcement across systems
Management of role changes & retirements
Generation and delivery of initialone-time use password
Integration of smart cardenrollment with provisioning
Automatic management of group membership
Secure access to departmental resources, with audit trail
ILM "2" in Action
Directories
Custom
Self-Service integration
LOB Applications
ILM “2” Portal
ISV PartnerSolutions
WindowsLog On
IT Departments
Databases
Policy ManagementCredential Management
User Management Group Management
AuthN & AuthZWorkflows
Action Workflow
AppDB
Sync DB
ILM "2" In Action
Management Agents
New user added in HR app
ILM managesmanager and dept
head approvals
Once approved, changes committed to
ILM app store
ILM sends welcomeand confirmation
e-mails
Identity Stores
ILM synchronizes updates with external identity stores
Sync receivesrequest
Sync DB
Management Agents
HR-driven provisioning a of new employee
ILM "2" In ActionSelf-service smart card provisioning
AuthN & AuthZWorkflows
Delegation& Permissions
Action Workflow
AppDB
Sync DB
Management Agents
New user added in HR app
Does userhave permission
to add user to ILM?
ILM managesmanager and dept
head approvals
Once approved, changes committed to
ILM app store
ILM sends welcomeand confirmation
e-mails
Identity Stores
ILM syncs to external identity stores
Sync receivesrequest
Sync DB
Management Agents
Approval workflowsCard created & printedCertificates requested
Self-service notification and One Time Password sent to
end user
End user downloads certificates onto smart
card
ILM "2" In ActionSelf-service password management
AuthN & AuthZWorkflows
Delegation& Permissions
Action Workflow
AppDB
Sync DB
Management Agents
User forgets passwordRequests password reset at Win logon and answers Q/A
Does userhave permission
to reset password?ILM validates Q/A response from user
Changes committed to ILM app store
ILM makes WMI call to reset password
in AD
Identity Stores
ILM syncs new password to external identity stores
ILM receives XML
Request Processor
Identity Management in various scenarios
References
Identity Lifecycle Manager 2www.microsoft.com/ilm2
technet.microsoft.com/ilm
Intelligent Application Gatewaywww.microsoft.com/iag
http://technet.microsoft.com/en-us/forefront/edgesecurity/bb687299.aspx
AD Rights Management Serviceswww.microsoft.com/rms
Related Content
Breakout Sessions (session codes and titles)
Interactive Theater Sessions (session codes and titles)
Hands-on Labs (session codes and titles)
Hands-on Labs (session codes and titles)
Track Resources
Resource 1
Resource 2
Resource 3
Resource 4
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.