identity and access management overview

8/8/2019 Identity and Access Management Overview

http://slidepdf.com/reader/full/identity-and-access-management-overview 1/53

Identity and Access Management:Identity and Access Management:

OverviewOverview

Rafal LukawieckiRafal Lukawiecki

Strategic Consultant, Project Botticelli LtdStrategic Consultant, Project Botticelli Ltd

[email protected]@projectbotticelli.co.uk

www.projectbotticelli.co.ukwww.projectbotticelli.co.uk

Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify allCopyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all

information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field ininformation before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field inFile/Properties. This presentation is based on work of many authors from Microsoft, Oxford Computer Group and other companies. Please see the “Introductions”File/Properties. This presentation is based on work of many authors from Microsoft, Oxford Computer Group and other companies. Please see the “Introductions”

presentation for acknowledgments.presentation for acknowledgments.

mailto:[email protected]


http://www.projectbotticelli.co.uk/






22

ObjectivesObjectives

Build a good conceptual background to enableBuild a good conceptual background to enable

later technical discussions of the subjectlater technical discussions of the subject

Overview the problems and opportunities in theOverview the problems and opportunities in the

field of identity and access managementfield of identity and access management

Introduce terminologyIntroduce terminology

Highlight a possible future directionHighlight a possible future direction



33

Session AgendaSession Agenda

Identity Problem of TodayIdentity Problem of Today

Identity Laws and MetasystemIdentity Laws and Metasystem

Components and TerminologyComponents and TerminologyRoadmapRoadmap



44

Identity Problem of Today



55

Universal Identity?Universal Identity?

Internet was build so that communications areInternet was build so that communications are

anonymousanonymous

In-house networks use multiple, often mutually-In-house networks use multiple, often mutually-

incompatible, proprietary identity systemsincompatible, proprietary identity systems

Users are incapable of handling multipleUsers are incapable of handling multiple

identitiesidentities

Criminals love to exploit this messCriminals love to exploit this mess



66

Explosion of IDsExplosion of IDs

Pre 1980’sPre 1980’s 1980’s1980’s 1990’s1990’s 2000’s2000’s

# of

Digital IDs

Time

A

p p l i c

a t i o

n s

MainframeMainframe

Client

Server Client Server

InternetInternet

BusinessBusiness

AutomationAutomationCompanyCompany

(B2E)(B2E)

PartnersPartners

(B2B)(B2B)

CustomersCustomers

(B2C)(B2C)

MobilityMobility



77

The Disconnected RealityThe Disconnected Reality

““Identity Chaos”Identity Chaos”

Lots of users and systems required to do businessLots of users and systems required to do business

Multiple repositories of identity information; Multiple user IDs, multiple passwordsMultiple repositories of identity information; Multiple user IDs, multiple passwords

Decentralized management, ad hoc data sharingDecentralized management, ad hoc data sharing

Enterprise Directory

HRHR

SystemSystem

InfraInfraApplicationApplication

LotusLotusNotes AppsNotes Apps

In-HouseIn-HouseApplicationApplication

COTSCOTSApplicationApplication

NOSNOS


•Authentication•Authorization•IdentityData



•Authenticati

on•Authorization•IdentityData

•Authorization•IdentityData

•Authentication





88

Your COMPANY and

your EMPLOYEES

Your SUPPLIERS

Your PARTNERSYour REMOTE and

VIRTUAL EMPLOYEES

Your CUSTOMERS

Customer satisfaction & customer intimacy

Cost competitivenessReach, personalization

CollaborationOutsourcing

Faster business cycles;

process automation

Value chain

M&A

Mobile/global workforce

Flexible/temp workforce

Multiple ContextsMultiple Contexts



99

Trends Impacting IdentityTrends Impacting Identity

Increasing Threat LandscapeIdentity theft costs banks and credit card issuers $1.2 billion in 1 yr $250 billion lost in 2004 from exposure of confidential info

Maintenance Costs Dominate IT Budget On average employees need access to 16 apps and systemsCompanies spend $20-30 per user per year for PW resets

Deeper Line of Business Automation and

IntegrationOne half of all enterprises have SOA under developmentWeb services spending growing 45% CAGR

Rising Tide of Regulation and ComplianceSOX, HIPAA, GLB, Basel II, 21 CFR Part 11, …$15.5 billion spend in 2005 on compliance (analyst estimate)

Data Sources: Gartner, AMR Research, IDC, eMarketer, U.S. Department. of Justice



1010

BusinessOwner

End User IT Admin Developer Security/

Compliance

Too expensive to

reach newpartners, channels

Need for control

Too manypasswords

Long waits for access toapps,resources

Too many user stores and

account admin requestsUnsafe sync scripts

Pain PointsPain Points

Redundantcode in eachapp

Rework codetoo often

Too many

orphanedaccounts

Limited auditingability



1111

Possible SavingsPossible Savings

Directory SynchronizationDirectory Synchronization

“ “ Improved updating of user data: $185 per user/year” Improved updating of user data: $185 per user/year”

“ “ Improved list management: $800 per list” Improved list management: $800 per list”

- Giga Information Group- Giga Information Group

Password ManagementPassword Management

“ “ Password reset costs range from $51 (best case) to $147 (worst Password reset costs range from $51 (best case) to $147 (worst

case) for labor alone.” –case) for labor alone.” – Gartner Gartner

User ProvisioningUser Provisioning

“ “ Improved IT efficiency: $70,000 per year per 1,000 managed users” Improved IT efficiency: $70,000 per year per 1,000 managed users”

“ “ Reduced help desk costs: $75 per user per year” Reduced help desk costs: $75 per user per year”

- Giga Information Group- Giga Information Group



1212

Can We Just Ignore It All?Can We Just Ignore It All?

Today, average corporate user spends 16 minutes a dayToday, average corporate user spends 16 minutes a daylogging onlogging on

A typical home user maintains 12-18 identitiesA typical home user maintains 12-18 identities

Number of phishing and pharming sites grew over Number of phishing and pharming sites grew over 1600% over the past year 1600% over the past year

Corporate IT Ops manage an average of 73 applicationsCorporate IT Ops manage an average of 73 applicationsand 46 suppliers, often with individual directoriesand 46 suppliers, often with individual directories

Regulators are becoming stricter about compliance andRegulators are becoming stricter about compliance andauditingauditing

Orphaned accounts and identities lead to securityOrphaned accounts and identities lead to securityproblemsproblems

Source: Microsoft’s internal research and Anti-phishing Working Group Feb 2005



1313

One or Two Solutions?One or Two Solutions?

Better Option:Better Option:

Build a global, universal, federated identity metasystemBuild a global, universal, federated identity metasystem

Will take years…Will take years…

Quicker Option:Quicker Option:Build an in-house, federated identity metasystem based onBuild an in-house, federated identity metasystem based on

standardsstandards

Federate it to others, system-by-systemFederate it to others, system-by-system

But: both solutions could share the same conceptualBut: both solutions could share the same conceptual

basisbasis

14



1414

Identity Laws andMetasystem

115



1515

Lessons from PassportLessons from Passport

Passport designed to solve two problemsPassport designed to solve two problems

Identity provider for MSNIdentity provider for MSN

250M+ users, 1 billion logons per day250M+ users, 1 billion logons per day

Significant successSignificant success

Identity provider for the InternetIdentity provider for the InternetUnsuccessful:Unsuccessful:

Not trusted “outside context”Not trusted “outside context”

Not generic enoughNot generic enough

Meant giving up control over identity managementMeant giving up control over identity management

Cannot re-write apps to use a central systemCannot re-write apps to use a central system

Learning: solution must be different thanLearning: solution must be different thanPassportPassport

1616



1616

Idea of an Identity MetasystemIdea of an Identity Metasystem

Not an IdentityNot an Identity SystemSystem

Agreement on metadata and protocols, allowingAgreement on metadata and protocols, allowing

multiple identity providers and brokersmultiple identity providers and brokers

Based on open standardsBased on open standards

Supported by multiple technologies andSupported by multiple technologies and

platformsplatforms

Adhering to Laws of IdentityAdhering to Laws of Identity

With full respect of privacy needsWith full respect of privacy needs

1717



1717

Roles Within Identity MetasystemRoles Within Identity Metasystem

Identity ProvidersIdentity Providers

Organisations, governments, even end-usersOrganisations, governments, even end-users

They provideThey provide Identity ClaimsIdentity Claims about aabout a SubjectSubject

Name, vehicles allowed to drive, age, etc.Name, vehicles allowed to drive, age, etc.

Relying PartiesRelying Parties

Online services or sites, doors, etc.Online services or sites, doors, etc.

SubjectsSubjects

Individuals and other bodies that need its identityIndividuals and other bodies that need its identity

establishedestablished

1818



1818

Metasystem PlayersMetasystem Players

Relying PartiesRelying PartiesRequire identitiesRequire identities

SubjectsSubjectsIndividuals and other Individuals and other entities about whomentities about whom

claims are madeclaims are made

IdentityIdentityProvidersProviders

Issue identitiesIssue identities

1919



1919

Identity Metasystem TodayIdentity Metasystem Today

Basically, the set of WS-* Security Guidelines asBasically, the set of WS-* Security Guidelines as

we have itwe have it

PlusPlus

Software that implements the servicesSoftware that implements the services

Microsoft and many others working on itMicrosoft and many others working on it

Companies that would use itCompanies that would use it

Still to come, but early adopters existStill to come, but early adopters exist

End-users that would trust itEnd-users that would trust it

Will take timeWill take time

2020



2020

Identity LawsIdentity Lawswww.identityblog.comwww.identityblog.com

1.1. User Control and ConsentUser Control and Consent

2.2. Minimal Disclosure for a Constrained UseMinimal Disclosure for a Constrained Use

3.3. Justifiable PartiesJustifiable Parties4.4. Directed IdentityDirected Identity

5.5. Pluralism of Operators and TechnologiesPluralism of Operators and Technologies

6.6. Human IntegrationHuman Integration

7.7. Consistent Experience Across ContextsConsistent Experience Across Contexts

2121

http://www.identityblog.com/





2121

Enterprise ApplicabilityEnterprise Applicability

That proposed metasystem would work wellThat proposed metasystem would work well

inside a corporationinside a corporation

Of course, we need a solution before it becomesOf course, we need a solution before it becomes

a realitya reality

Following the principles seems a good ideaFollowing the principles seems a good idea

while planning immediate solutionswhile planning immediate solutions

Organic growth likely to lead to an identityOrganic growth likely to lead to an identity

metasystem in long termmetasystem in long term

2222



2222

Enterprise TrendsEnterprise Trends

Kerberos isKerberos is very useful very useful but increasingly it does not spanbut increasingly it does not span

disconnected identity forests and technologies easilydisconnected identity forests and technologies easily

We are moving away fromWe are moving away from static static Groups and traditionalGroups and traditional

ACLs…ACLs…Increasingly limited and difficult to manage on large scalesIncreasingly limited and difficult to manage on large scales

……towards atowards a dynamic dynamic combination of:combination of:

Role-Based Access Management, and,Role-Based Access Management, and,

Rich Claims AuthorizationRich Claims Authorization

PKI is still too restrictive, but it is clearly a component of PKI is still too restrictive, but it is clearly a component of

a possible solutiona possible solution

2323



2323

Components andTerminology

2424



2424

What is Identity Management?What is Identity Management?

P r ov isioningP r ov isioning

S i n g l e S i g n

S i n g l e S i g

n

O n O n

PKIPKI

S t r o n g S t r o n g

A u t h e n t i c a t

i o nA u t h e

n t i c a t i o n

F e d e r a t i o n

F e d e r a t i o n

D i r e c t o

r i e s

D i r e c t o

r i e s

AuthorizationAuthorization

Secure Remote Secure Remote AccessAccess

P a s s w o r d

P a s s w o r d

M a n a g e m e

n t M a n a

g e m e n t

Web ServicesWeb ServicesSecuritySecurity

A u d i t i n

g &

A u d i t i n

g &

R e p o r t i n g R e p o r t i n g

RoleRoleManagement Management

DigitalDigital

Rights Rights

ManagementManagement

2525



2525

Identity and Access ManagementIdentity and Access Management

The process of authenticating credentials andThe process of authenticating credentials andcontrolling access to networked resourcescontrolling access to networked resourcesbased on trust and identitybased on trust and identity

Repositories for storing and managingRepositories for storing and managingaccounts, identity information, andaccounts, identity information, andsecurity credentialssecurity credentials

The processes used to create and deleteThe processes used to create and deleteaccounts, manage account and entitlementaccounts, manage account and entitlementchanges, and track policy compliancechanges, and track policy compliance

Directory Services

AccessManagement

Identity Lifecycle

Management

A system of procedures, policies andtechnologies to manage the lifecycle

and entitlements of electronic

credentials

2626



2626

Remember the Chaos?Remember the Chaos?


HRHRSystemSystem


LotusLotus

Notes AppsNotes Apps



NOSNOS



•Authenticati




•Authorizatio

n•IdentityData

•Authentication



2727



2727

Identity IntegrationIdentity Integration

HRHRSystemSystem


LotusLotus

Notes AppsNotes Apps



StudentStudentAdminAdmin



•Authenticati




•Authorizatio

n•IdentityData

•Authentication



I d e n t i t

y

I n t e g

r a t i o n

S e r v e

r

I d e

n t i t

y

I n t e g

r a t i o n

S e r v e

r


2828



2828

IAM BenefitsIAM Benefits

Benefits to takeyou forward

(Strategic)

Benefits today(Tactical)

Save money and improve operationalSave money and improve operationalefficiencyefficiency

Improved time to deliver applicationsImproved time to deliver applicationsand serviceand service

Enhance SecurityEnhance Security

Regulatory Compliance and AuditRegulatory Compliance and Audit

New ways of workingNew ways of working

Improved time to marketImproved time to market

Closer Supplier, Customer,Closer Supplier, Customer,Partner and EmployeePartner and Employeerelationshipsrelationships

2929



29

Some Basic DefinitionsSome Basic Definitions

Authentication (AuthN)Authentication (AuthN)

Verification of a subject’s identity by means of relying on aVerification of a subject’s identity by means of relying on aprovided claimprovided claim

IdentificationIdentification is sometimes seen as a preliminary step of is sometimes seen as a preliminary step of

authenticationauthenticationCollection of untrusted (as yet) information about a subject, such asCollection of untrusted (as yet) information about a subject, such asan identity claiman identity claim

Authorization (AuthZ)Authorization (AuthZ)

Deciding what actions, rights or privileges can the subject beDeciding what actions, rights or privileges can the subject be

allowedallowed

Trend towards separation of those twoTrend towards separation of those two

Or even of all three, if biometrics are usedOr even of all three, if biometrics are used

3030



Components of IAMComponents of IAM

AdministrationAdministration

User ManagementUser Management

Password ManagementPassword Management

WorkflowWorkflow

DelegationDelegation

Access ManagementAccess Management

AuthenticationAuthentication


Identity ManagementIdentity ManagementAccount ProvisioningAccount Provisioning

Account DeprovisioningAccount Deprovisioning

SynchronisationSynchronisation Reliable Identity Data

A d

m i n

i s t

r a

t i o

n

A u t h

o r

i z a

t i o

n

A u

t h

e n

t i c

a t i o

n

3131



IAM ArchitectureIAM Architecture

3232



Roadmap

3333



Microsoft’s Identity ManagementMicrosoft’s Identity Management

PKI / CAPKI / CA

Extended DirectoryExtended DirectoryServicesServices

ActiveActive

Directory & ADAMDirectory & ADAM

EnterpriseEnterpriseSingle Sign OnSingle Sign On


Manager Manager

Active DirectoryActive Directory

Federation ServicesFederation Services

Audit CollectionAudit CollectionServicesServices

BizTalkBizTalk

Identity IntegrationIdentity Integration

Server Server

ISAISA

Server Server SQL Server SQL Server

ReportingReporting

Services for Unix /Services for Unix /

Services for NetwareServices for Netware

Directory (Store)Directory (Store)ServicesServices

AccessAccessManagementManagement

IdentityIdentityLifecycleLifecycle

ManagementManagement

3434



Components of a Microsoft-based IAMComponents of a Microsoft-based IAMInfrastructure Directory Active Directory

Application Directory AD/AM (LDAP)Lifecycle Management MIIS

Workflow BizTalk, Partner Solutions (Ultimus BPM, SAP)

Role-Based Access Control Authorization Manager or Partner Solutions(ex: OCG, RSA) and traditional approaches

Directory & PasswordSynchronization

MIIS & Partner solutions

SSO (Intranet) Kerberos/NTLM, Vintela/Centrify

Enterprise SSO (Intranet) Sharepoint ESSO, BizTalk ESSO, HIS ESSO

Strong Authentication SmartCards, CA/PKI, Partner (eg. RSA – SecurID,MCLMS, WizeKey)

Web SSO ADFS, Partner (eg. RSA – ClearTrust)

Integration of UNIX/Novell SFU, SFN, Partner (eg. Vintella/Centrify)

Federation ADFS

3535



Summary

3636



SummarySummary

We have reached an “Identity Crisis” both on theWe have reached an “Identity Crisis” both on the

intranet and the Internetintranet and the Internet

Identity Metasystem suggests a unifying wayIdentity Metasystem suggests a unifying way

forwardforward

Meanwhile, Identity and Access ManagementMeanwhile, Identity and Access Management

systems need to be built so enterprises cansystems need to be built so enterprises can

benefit immediatelybenefit immediatelyMicrosoft is rapidly becoming a strong provider Microsoft is rapidly becoming a strong provider

of IAM technologies and IM visionof IAM technologies and IM vision

www.microsoft.com/www.microsoft.com/idmidm && www.microsoft.com/www.microsoft.com/itsshowtimeitsshowtime && www.microsoft.com/www.microsoft.com/technettechnet

3737

http://www.microsoft.com/idm




http://www.microsoft.com/itsshowtime




http://www.microsoft.com/technet












Special ThanksSpecial ThanksThis seminar was prepared with the help of:This seminar was prepared with the help of:

Oxford Computer Group LtdOxford Computer Group Ltd

Expertise in Identity and AccessExpertise in Identity and AccessManagement (Microsoft Partner)Management (Microsoft Partner)

IT Service Delivery and TrainingIT Service Delivery and Training

www.oxfordcomputergroup.comwww.oxfordcomputergroup.com

MicrosoftMicrosoft, with special thanks to:, with special thanks to:

Daniel Meyer – thanks for Daniel Meyer – thanks for many many slidesslides

Steven Adler, Ronny Bjones, OlgaSteven Adler, Ronny Bjones, OlgaLonder – planning and reviewingLonder – planning and reviewing

Philippe Lemmens, Detlef Eckert –Philippe Lemmens, Detlef Eckert –SponsorshipSponsorship

Bas Paumen & NGN - feedbackBas Paumen & NGN - feedback

3838

http://www.oxfordcomputergroup.com/





Appendix

3939



Identity Management PlatformIdentity Management Platform

UserManagement

Infrastructure

Managemen

t

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectoryServicesServices

4040




UserManagement

Infrastructure

Managemen

t

Network Security

AccessControl

Network Management

ServiceManagemen

t


AutomatedSynch.

AutomatedProvisioning

PasswordManagemen

t

Self-ServiceInterface

IDM

Workflow

Auditing &

Reporting

Policy

Management

EnterpriseRole-Man.

EnterpriseUser-Man.

ProvisioningProvisioning

ServicesServices

Frontend ServicesFrontend Services

4141




UserManagement

Infrastructure

Managemen

t

Network Security

AccessControl

Network Management

ServiceManagemen

t


AutomatedSynch.


PasswordManagemen

t


IDM

Workflow

Auditing &

Reporting

Policy

Management

EnterpriseRole-Man.

EnterpriseUser-Man.


ServicesServices

Frontend ServicesFrontend Services

WebSSO

Federated

SSO

Unix/LinuxSSO

HostSSO

RemoteAccess

AccessAudit&Rep

Access ServicesAccess Services

4242

f




UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.

WebSSO

FederatedSSO

Unix/Linux

SSO

HostSSO

RemoteAccess

AccessAudit&Rep


ServicesServices

Frontend ServicesFrontend ServicesAccess ServicesAccess Services

SmardcardManagemen

t

CertificateManagement

InformationRights

Mgmt.

Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.

4343

Id i M Pl f




User Management

InfrastructureManagement

NetworkSecurity

AccessControl

NetworkManagement

ServiceManagement

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.

WebSSO

FederatedSSO

Unix/Linux

SSO

HostSSO

RemoteAccess

AccessAudit&Rep


ServicesServices


SmardcardManagemen

t


InformationRights

Mgmt.


Windows Server

(Active Directory/ADAM,PKI, AzMan)

DirectoryDirectory

ServicesServices

Quest /Centrify

4444

Id tit M t Pl tf




UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.

WebSSO

FederatedSSO

Unix/Linux

SSO

HostSSO

RemoteAccess

AccessAudit&Rep


ServicesServices


SmardcardManagemen

t


InformationRights

Mgmt.


Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify

Microsoft Identity IntegrationServer

Provisioning & Password Management ServicesProvisioning & Password Management Services

4545

Id i M Pl fId tit M t Pl tf




UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.

Unix/Linux

SSO

HostSSO

RemoteAccess

AccessAudit&Rep


ServicesServices


SmardcardManagemen

t


InformationRights

Mgmt.


Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify



ActiveDirectory

FederationServer

4646

Id tit M t Pl tfId tit M t Pl tf




UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.

HostSSO

RemoteAccess

AccessAudit&Rep


ServicesServices


SmardcardManagemen

t


InformationRights

Mgmt.


Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify



ActiveDirectory

FederationServer

Quest/Centrify

4747





UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.

AccessAudit&Rep


ServicesServices


SmardcardManagemen

t


InformationRights

Mgmt.


Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify



ActiveDirectory

FederationServer

Quest/Centrify

HIS & ESSO

ISAServer

4848





UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.


ServicesServices


SmardcardManagemen

t


InformationRights

Mgmt.


Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify



ActiveDirectory

FederationServer

Quest/Centrify

HIS & ESSO

ISAServer

MOM& ACS

4949





UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.


ServicesServices


SmardcardManagemen

t


InformationRights

Mgmt.

Extended Directory ServicesExtended Directory Services

Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify



ActiveDirectory

FederationServer

Quest/Centrify

HIS & ESSO

ISAServer

MOM& ACS

InfoCard

5050





UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.


PasswordManagemen

t


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.

EnterpriseUser-Man.


ServicesServices


Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify



ActiveDirectory

FederationServer

Quest/Centrify

HIS & ESSO

ISAServer

MOM& ACS

InfoCard MS

AlacrisWindows

PKIRMS

Server

Extended Directory ServicesExtended Directory Services

5151





Windows Server


DirectoryDirectory

ServicesServices




Quest/Centri

fy

SharepointActive

DirectoryFederation

Server

Quest/Centrify

ISAServer

MOM& ACS

HIS/ESSO

MSAlacris

WindowsPKI

RMSServer

Extended Directory ServicesExtended Directory ServicesInfoCard

IISAzMan

SQL-Server BizTalk

5252





Windows Server


DirectoryDirectory

ServicesServices




Quest/Centri

fy

bHoldActive

DirectoryFederation

Server

Quest/Centrify

ISAServer

MOM& ACS

HIS/ESSO

MSAlacris

WindowsPKI

RMSServer

Extended Directory ServicesExtended Directory ServicesInfoCard

FastPassAVAC

Quest Ultimus

5353





UserManagement

Infrastructure

Management

Network Security

AccessControl

Network Management

ServiceManagemen

t

DirectoryDirectory

ServicesServices

AutomatedSynch.AutomatedProvisioning PasswordManagement


IDMWorkflow

Auditing &Reporting

PolicyManagemen

t

EnterpriseRole-Man.EnterpriseUser-Man.

RemoteAccess

AccessAudit&Rep


ServicesServices


SmardcardManagemen


InformationRights


Windows Server


DirectoryDirectory

ServicesServices

Quest/

Centrify



ActiveDirectory

FederationServer

Quest/Centrify

HIS & ESSO

identity and access management overview

Documents