Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Forefront Identity Manager 2010 Elton AGOLLI Chief of Infrastructure Section TETRA Solutions

Similar presentations


Presentation on theme: "Microsoft Forefront Identity Manager 2010 Elton AGOLLI Chief of Infrastructure Section TETRA Solutions"— Presentation transcript:

1 Microsoft Forefront Identity Manager 2010 Elton AGOLLI Chief of Infrastructure Section TETRA Solutions

2 Agenda Customer challenges Microsoft’s Identity and Access Strategy Identity and Access Management −The business challenges −How Identity Manager addresses the challenges −Scenarios Summary Resources

3 Identity & Access Customer Challenges Enabling new high business value scenarios Supporting mergers, acquisitions & reorganizations Integrated user provisioning & credential management Ensuring that only authorized users can access resources Compliance with regulatory requirements Auditable processes for granting access to resources Reducing help desk burden for end user requests Managing the complexity of distributed identity information Compliance Operational Efficiency IT Security Business Agility

4 Business Ready Security Solutions Identity and Access Management Secure Messaging Secure Endpoint Secure Collaboration Active Directory ® Federation Services Information Protection

5 IDENTITY AND ACCESS MANAGEMENT

6 Business and IT Challenges

7 Create Provision user Provision credentials Provision resources Policy authoring Policy enforcement Approvals and notifications Audit trails Policy Management De-provision identities Revoke credentials De-provision resources Retire Role changes Password and PIN reset Resource requests Update Identity and Access Management

8 Identity Lifecycle Manager -> Forefront Identity Manager Identity Synchronization User Provisioning Certificate and Smartcard Management Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Management Workflow and Policy UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement

9 Version Feature Comparison

10 Heterogeneous certificate management with 3rd party CAs Management of AD credentials Self-service password reset integrated with Windows logon Rich Office-based self-service group management tools Offline approvals through Office Automated group and distribution list updates Integrated provisioning of identities, credentials, and resources Automated, declarative user provisioning and de-provisioning Self-service profile management SharePoint-based console for policy authoring, enforcement & auditing Extensible WS– * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency Forefront Identity Manger - Key Feature Areas Credential Management Group Management User Management Policy Management

11 Solutions Group Mgmt Credential Mgmt Policy Mgmt Custom User Mgmt OutlookFIM PortalWindowsCustom FIM Client Experiences FIM Service and Portal ILM Sync FIM Service AuthZ Workflow AuthN Workflow Delegation & Permissions Action Workflow App DB Adapters Request Processor Sync DB DirectoriesDatabases SystemsApplications Identity and data stores Cert Mgmt ILM-CM DB ILM-CM ILM-CM Portal Forefront Identity Manger 2010 Architecture

12 USER SCENARIOS

13 End User Scenarios Credential Management Group Management User Management Policy Management Integration with Windows logon No need to call help desk Faster time to resolution Request process through Office No waiting for help desk Faster time to resolution Automatic updating of business applications No need to call help desk Faster time to resolution Automatic routing of multiple approvals Approval process through Office Audit trail of approvals

14 IT Administrator Scenarios Credential Management Group Management User Management Policy Management Centralized management Automatic policy enforcement across systems Management of role changes & retirements Generation and delivery of initial one-time use password Integration of smart card & cert enrollment with provisioning Automatic management of group membership Secure access to departmental resources, with audit trail

15 Customizable Identity Portal How you extend it SharePoint-based Identity Portal for Management and Self Service Add your own portal pages or web parts Build new custom solutions Expose new attributes to manage by extending FIM schema Choose SharePoint theme to customize look and feel

16 New Employee Scenario FIM 2010 MAINFRAME FINANCE APPLICATION FINANCE PORTAL iPLANET SMART CARD EXCHANGE ACTIVE DIRECTORY HR SYSTEM FIM PROVISIONING POLICY APPLIED MANAGER APPROVAL MANAGER APPROVAL

17 Workflow Create user

18 Employee Transition Scenario FIM 2010 MAINFRAME FINANCE APPLICATION FINANCE PORTAL iPLANET SMART CARD HR SYSTEM FIM PROVISIONING POLICY APPLIED MARKETING APPLICATION MARKETING PORTAL EXCHANGE ACTIVE DIRECTORY

19 Separation/Fire Scenario FIM 2010 MAINFRAME MARKETING APPLICATION MARKETING PORTAL iPLANET SMART CARD HR SYSTEM FIM PROVISIONING POLICY APPLIED EXCHANGE ACTIVE DIRECTORY

20 FIM 2010 In Action Self-service password management AuthN & AuthZ Workflows Delegation & Permissions Action Workflow Service DB Sync DB Management Agents User forgets password Requests password reset at Win logon and answers Q/A Does user have permission to reset password? FIM validates Q/A response from user Changes committed to FIM app store FIM makes call to reset password in AD Identity Stores FIM syncs new password to external identity stores FIM receives XML Request Processor

21 FIM 2010 In Action Self-service smart card provisioning Approval workflows Card created & printed Certificates requested Self-service notification and One Time Password sent to end user End user downloads certificates onto smart card FIM CM

22 Self-Service Group Management Melissa Meyers, Business User Chad Rice, Accounts Administrator Calls help desk Manually edits AD Users and Computers to add user to group Situation: User needs to join the Fabrikam Project Virtual Team group Without Forefront Identity Manager 2010 Lost productivity No resource access when she needs it Risk of error and policy non-compliance Cost of manual administration ActivityCosts to the Business

23 Self-Service Group Management Melissa Meyers, Business User Chad Rice, Accounts Administrator Request to join Group from Outlook FIM routes approvals and grants appropriate access Uses FIM to establish group management policies and workflows Situation: User needs to join the Fabrikam Project Virtual Team group With Forefront Identity Manager 2010 User productivity Enables effective business interactions Efficiency Security Compliance ActivityBusiness Benefits

24 Create Distribution List

25

26

27 Unauthorized User Attribute Change HR Administrator, Samantha Smith Chad Rice, Accounts Administrator Updates Megan Meyers’ title in SAP Asked to update Megan Meyers titles other systems Accidentally changes Melissa Meyers title in ADUC Situation: IT accidentally makes an unauthorized change to a user’s title Without Forefront Identity Manager 2010 Risk of error and policy non-compliance Cost of manual admin Ted Smith, Compliance Auditor Discovers error in manual audit process of purchase order application Cost of manual auditing Delay in discovery of non- compliance ActivityCosts to the Business

28 Unauthorized Change HR Administrator, Samantha Smith Chad Rice, Accounts Administrator Updates Megan Meyers’ title in SAP Title change data flows to other systems that use it, per FIM policy Uses FIM to establish policies and workflows to that include management of job title data Situation: IT accidentally makes an unauthorized change to a user’s title With Forefront Identity Manager 2010 Efficiency Security Compliance Ted Smith, Compliance Auditor Uses FIM audit trail to audit approvals Efficiency Compliance ActivityBusiness Benefits Efficiency Compliance

29 Integrates identity, credential, and access management Rich permissions and delegation model Enables system auditing and compliance Provides Office-based self-service tools SharePoint admin console to manage identities Greater productivity through faster time to resolution Reduces costs through automation and self-service Maximizes existing investments in Identity Infrastructure Integrates with familiar developer tools to enable new scenarios Empowers People Delivers Agility and Efficiency Increases Security and Compliance Summary: FIM 2010

30 Resources Learn more about Forefront Identity Manager FIM 2010 Product Page: Learn about Microsoft Forefront Identity and Security Forefront Home Page: Evaluate the Identity Manger Visit

31 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "Microsoft Forefront Identity Manager 2010 Elton AGOLLI Chief of Infrastructure Section TETRA Solutions"

Similar presentations


Ads by Google