Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIM Best Practices - Architecting Identity Solutions that really work!

Published byMohammad Boozer Modified over 10 years ago

Similar presentations

Presentation on theme: "FIM Best Practices - Architecting Identity Solutions that really work!"— Presentation transcript:

1 FIM Best Practices - Architecting Identity Solutions that really work!
SIM322 FIM Best Practices - Architecting Identity Solutions that really work! Carol Wapshere, MVP Identity Management Specialist Unify Solutions

2 Unrealistic expectations
In 1844 Charles Sturt led an expedition through central Australia. He took a boat… Bad information Unrealistic expectations Photo: National Museum of Australia

3 IAM projects can be very difficult…
Existing data Existing processes Photo: wallwin.ca

4 Session Agenda What FIM does Project planning Design Data
Implementation ROI and Demo

5 What Forefront Identity Manager 2010 R2 Does
3/31/2017 4:13 PM What Forefront Identity Manager 2010 R2 Does © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 FIM 2010 R2 Components Role Management Reporting Password Sync
3/31/2017 4:13 PM BHOLD RBAC System Role modelling, role assignment, compliance, reporting FIM 2010 R2 Components Updates password of joined user accounts following AD password changed. Audit and reporting using System Center Data Warehouse and SQL Reporting Services Secret question password reset – GINA and Portal. Role Management Connects matched objects in directories and applications for provisioning and attribute updates Sharepoint-based Portal for user administration, self-service and workflow. Reporting Request and renew certificates. Password Sync Self-Service Password Reset Certificate Manager Synchronization Service Portal and Service © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 3/31/2017 4:13 PM Planning © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Who’s driving? Stakeholders? Deadlines?
Other projects depending on this? Photo: Microsoft ClipArt

9 Understand the environment
Get account policies in writing Talk to the people who really know Data analysis Picture: “The Friend of Australia”, Thomas J Maslen, 1827

10 Get the requirements Essential vs Desirable
Focus on outcomes, not current processes Get specifics Don’t try to do everything at once Photo: Carol Wapshere

11 Impact on project as requirements increase
Reqs Days Development Reqs Days Testing Reqs Days Implementation, Negotiation Reqs Risk

12 3/31/2017 4:13 PM Design © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Task automation Photo: ACT Government

14 Some tasks must still be done by hand
Photo: Carol Wapshere

15 FIM is a State-Based System
What is the current state of the object? What is the future state of the object? We don’t care about how or who.

16 Extending Extensible components: Use OOB before extending
Sync Service Custom WF Web Services Use OOB before extending Use only supported methods Photo: Carol Wapshere

17 3/31/2017 4:13 PM Data © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 The Sync Engine runs best on Clean Data
Unique identifiers Validated source data Consistent formatting Free text avoided Minimise double-entry Picture: Library of Virginia, JA Bonsack patented cigarette rolling machine

19 Find the Source Per object type or object sub-category:
One Object source, One Attribute source for each attribute. Make sure everyone understands where the sources are! Photo: findaspring.com

20 Clean up existing accounts
Account identification Remove old accounts Move unmanaged accounts out of scope Photo: Microsoft ClipArt

21 Get a full production data set for Dev and Test
Rules must be able to deal with real, not idealised, data Joins and data cleaning analysis Identify exceptions Understand scale Photo: gking.harvard.edu

22 3/31/2017 4:13 PM Implementation © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Expect teething problems
Production data and practices may bring surprises People suddenly remember vital requirements Confusion about what can be changed where

24 On-going Administration
It’s not a “set and forget” system Data errors and duplicates will happen Business rules will change

25 Return on Investment 3/31/2017 4:13 PM
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Scenario HR/AD/FIM Portal Sync already in place.
Cloud-based subscriber solution “ProjectSTAR” to be adopted for all project management tasks. Two-tiered subscription: Project Manager: $250 pcm Project Resource: $25 pcm Account management options: Manually create cloud account with separate password, and manually assign license type; or Federated access with automatic license assignment.

27 ProjectSTAR FIM Portal ADFS FIM Sync HR AD Identifier Is Authenticated
Application Role FIM Portal CSV ADFS FIM Sync AD HR

28 Using FIM to integrate a cloud application
Demo Using FIM to integrate a cloud application

29 ROI realised on this integration…
We already know who our users are – so we can tell the application provider straight away, Rapid deployment! Manage licensing through an internal Portal Control costs! No new interface to learn! Ensure Federation tokens contain correct information Meet security and compliance requirements! Allow self-service and delegated approval Minimises admin tasks for the IT department!

30 Architect a Great IAM Solution with FIM 2010 R2
Understand the environment Develop for automation Be realistic Picture: murrayriver.com.au

31 Related Content SIM423 FIM Best Practices – Technical Deep Dive
Exam Forefront Identity Manager 2010, Configuring Contact Me Later By… Blog:

32 3/31/2017 4:13 PM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "FIM Best Practices - Architecting Identity Solutions that really work!"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
People Centric IT Unified Device Management with SCCM + Windows Intune

People Centric IT Unified Device Management with SCCM + Windows Intune
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
SP 2013 User Profile Service Overview Connecting your Profile to the Portal.

SP 2013 User Profile Service Overview Connecting your Profile to the Portal.
Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection.

Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection.
1111 Superior Avenue Suite 310 Cleveland Ohio 44114 Tel: 216.589.9626 Fax: 216.589.9639 Identity Management.

1111 Superior Avenue Suite 310 Cleveland Ohio Tel: Fax: Identity Management.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.

Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Carol Wapshere MVP Senior Consultant LANexpert SA.

Carol Wapshere MVP Senior Consultant LANexpert SA.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
SIM332 UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement.

SIM332 UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement.
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.

©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.
Jean-Pierre Simonis (Data # 3) Bruce Smith (Data # 3)

Jean-Pierre Simonis (Data # 3) Bruce Smith (Data # 3)

Similar presentations

Ads by Google