Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brian Komar President IdentIT Inc. SESSION CODE: SIA307 Craig Carlston SE System Analyst Microsoft Corporation.

Similar presentations


Presentation on theme: "Brian Komar President IdentIT Inc. SESSION CODE: SIA307 Craig Carlston SE System Analyst Microsoft Corporation."— Presentation transcript:

1 Brian Komar President IdentIT Inc. SESSION CODE: SIA307 Craig Carlston SE System Analyst Microsoft Corporation

2 2

3 3

4 4

5 5

6 6

7 7

8 8

9 9 Smart Card Architecture

10 10 Smart Card Architecture

11 11

12 12

13 13

14 14

15 15

16 16

17 Management policies must enforce security policies and certificate policies Certificate Policy Certification Practice Statement Security Policy Enrollment Enroll Enrollment Unblock Management Policies

18 18

19 19

20 20

21 21

22 22

23 User added to MS-Smartcard-LogonOnly Or MS-Smartcard-LogonandEncrypt (FIM 2010 will ensure user only a member of one group) User visits DIO and smart card printed in Lenel User has existing smartcard ? Enrollment Process takes place Certificates loaded on smart card PIN is randomized Admin Key is diversified by custom Admin Key Diversifier application Enrollment Process takes place Certificates loaded on smart card PIN is randomized Admin Key is diversified by custom Admin Key Diversifier application User Sent sending link to FIM CM portal and instructions on self-service enrollment User moves to Unblock workflow to use card No Yes

24 User added to MS-Smartcard-UnblockEnabled group User must meet face-to-face to meet CP- defined assurance level requirements Has User been Vetted? User initiates: -Online Unblock if on corporate network -Offline Unblock if network connectivity not possible User initiates: -Online Unblock if on corporate network -Offline Unblock if network connectivity not possible User opens PIN Tool Card Ready for Use No Yes Admin Key retrieved from FIM CM database and re-set using Admin Key Generator

25

26 Card distributed to user User visits DIO and replacement smart card printed in Lenel New Smart Card Logon certificate issued User connects to FIM CM portal User moves to Unblock workflow to use card DIO employee validates picture on smart card with person receiving replacement smart card Encryption Certificates: Previous encryption certificates recovered External Certificates re-populated New encryption certificate issued Encryption Certificates: Previous encryption certificates recovered External Certificates re-populated New encryption certificate issued

27 27

28

29

30

31

32

33

34

35 At the end of the day, IT operations is really about running your business as efficiently as you can so you have more dollars left for innovation. IPD guides help us achieve this. Peter Zerger, Consulting Practice Lead for Management Solutions, AKOS Technology Services

36

37 SIA321 |Business Ready Security: Exploring the Identity and Access Management Solution SIA201 |Understanding Claims-Based Applications: An Overview of Active Directory Federation Services (AD FS) 2.0 and Windows Identity Foundation SIA302 | Identity and Access Management: Centralizing Application Authorization Using Active Directory Federation Services 2.0 SIA303|Identity and Access Management: Windows Identity Foundation and Windows Azure SIA304 | Identity and Access Management: Windows Identity Foundation Overview SIA305 | Top 5 Security and Privacy Challenges in Identity Infrastructures and How to Overcome Them with U-Prove SIA306 | Night of the Living Directory: Understanding the Windows Server 2008 R2 Active Directory Recycle Bin SIA307 | Identity and Access Management: Deploying Microsoft Forefront Identity Manager 2010 Certificate Management for Microsoft IT SIA318 | Microsoft Forefront Identity Manager 2010: Deploying FIM SIA319 | Microsoft Forefront Identity Manager 2010: In Production SIA326 | Identity and Access Management: Single Sign-on Across Organizations and the Cloud - Active Directory Federation Services 2.0 Architecture Drilldown SIA327 | Identity and Access Management: Managing Active Directory Using Microsoft Forefront Identity Manager SIA01-INT | Identity and Access Management: Best Practices for Deploying and Managing Active Directory Federation Services (AD-FS) 2.0 SIA03-INT | Identity and Access Management: Best Practices for Deploying and Managing Microsoft Forefront Identity Manager SIA06-INT | Identity and Access Management Solution Demos SIA02-HOL | Microsoft Forefront Identity Manager 2010 Overview SIA06-HOL | Identity and Access Management Solution: Business Ready Security with Microsoft Forefront and Active Directory Red SIA-5 & SIA-6 | Microsoft Forefront Identity and Access Management Solution

38 Learn more about our solutions: Try our products:

39

40

41 Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

42

43


Download ppt "Brian Komar President IdentIT Inc. SESSION CODE: SIA307 Craig Carlston SE System Analyst Microsoft Corporation."

Similar presentations


Ads by Google