Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to the Microsoft Identity Integration Server and Roadmap

Published by委 刁 Modified over 7 years ago

Similar presentations

Presentation on theme: "Introduction to the Microsoft Identity Integration Server and Roadmap"— Presentation transcript:

1 Introduction to the Microsoft Identity Integration Server and Roadmap
Andreas Luther Group Program Manager MIIS

2 Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A

3 The ID Lifecycle Password Mgmt Retire User Synchronize Identity
Strong Passwords “Lost” Password Password Reset Retire User Delete/Freeze Accounts Delete/Freeze Entitlements Synchronize Identity Extend lifecycle information across all identity stores Entitlement Reporting Audit/log any ILM changes Keep track of Entitlements Account Changes Promotions Transfers New Privileges Attribute Changes New User User ID Creation Credential Issuance Access Rights

4 MIIS – Identity Broker “Identity Integration” HR System Contractor
Authentication Authorization Identity Data HR System Authentication Authorization Identity Data Contractor System Enterprise Directory Authorization Identity Data Authentication Lotus Notes Apps Identity Integration Authentication Authorization Identity Data Infra Application Authentication Authorization Identity Data COTS Application Authentication Authorization Authentication Authorization Identity Data In-House Application Identity Data Authentication Authorization Identity Data In-House Application “Identity Integration” Rock solid software to integrate identity

5 MIIS Identity Broker Scenarios
Hire Scenario Fire Scenario Join Scenario Identity Data Aggregation Identity Data Brokering (Identity Convergence) Identity Data Integrity Enforcement

6 Hire Scenario File MIIS Notes LDAP LDAP SQL LDAP HR System Contractor
Lotus Notes Notes Active Directory LDAP iPlanet Directory LDAP SQL Server SQL AD App Mode LDAP

7 Fire Scenario File MIIS Notes LDAP LDAP SQL LDAP HR System Contractor
Lotus Notes Notes Active Directory LDAP iPlanet Directory LDAP SQL Server SQL AD App Mode LDAP

8 Identity Joining Scenario
MIIS HR System givenName Clark Clark sn Kent Kent PROJECTED Project to Metaverse title mail employeeID 007 007 telephone givenName sn title mail employeeID telephone Clark Kent 007 Lotus Notes givenName Clark sn Kennttt JOINED Join on employeeID title Reporter Reporter 007 007 mail employeeID 007 007 telephone Active Directory givenName Klarke sn Kent JOINED Join on employeeID title Superhero mail employeeID 007 007 telephone iPlanet Directory givenName Klarek sn Cenntt JOINED Join on employeeID title mail employeeID 008 telephone Manual Join

9 Attribute Flow Scenario
MIIS FirstName LastName EmployeeID HR System givenName Clark Clark sn Kent Kent title mail employeeID 007 007 telephone givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone 007 Clark Kent Reporter Title Lotus Notes givenName Clark sn Kennttt title Reporter Reporter mail employeeID 007 Identity Data Aggregation telephone Active Directory givenName Klarke sn Kent title Superhero mail employeeID 007 telephone Telephone iPlanet Directory givenName Klarek sn Cenntt title mail employeeID 008 telephone

10 Attribute Flow Scenario
MIIS FirstName LastName EmployeeID HR System givenName Clark sn Kent title mail employeeID 007 telephone givenName Clark Clark Clark Clark sn Kent Kent Kent Title Lotus Notes title Reporter Reporter Reporter Reporter givenName Clark mail sn Kennttt employeeID 007 Incorrect or Missing Information title Reporter telephone mail employeeID 007 Identity Data Brokering (Convergence) telephone Active Directory givenName Klarke sn Kent title Superhero mail employeeID 007 telephone Telephone iPlanet Directory givenName Klarek sn Cenntt title mail employeeID 007 telephone

11 Attribute Flow Scenario
MIIS FirstName LastName EmployeeID HR System givenName Clark sn Kent title Reporter mail 007 employeeID 007 telephone givenName Clark sn Kent Title Lotus Notes title Superhero Superhero Superhero Reporter Superhero givenName Clark mail sn Kent employeeID 007 title Superhero Reporter telephone mail employeeID 007 Identity Data Integrity Enforcement telephone Active Directory givenName Clark sn Kent title Reporter mail employeeID 007 telephone Telephone iPlanet Directory givenName Clark sn Kent title Reporter mail employeeID 007 telephone

12 Identity Data Integrity Enforcement
MIIS FirstName LastName EmployeeID HR System givenName Clark sn Kent title Reporter mail 007 employeeID 007 telephone givenName Clark sn Kent Title Active Directory title Reporter Superhero Reporter Reporter Reporter givenName Clark mail sn Kent employeeID 007 title Reporter Reporter telephone mail employeeID 007 Identity Data Integrity Enforcement telephone Lotus Notes givenName Clark sn Kent title Publisher mail employeeID 007 telephone Telephone iPlanet Directory givenName Clark sn Kent title Publisher mail employeeID 007 telephone

13 MIIS Reach Wide range of connectivity
Active Directory & ADAM Sun/iPlanet Directory IBM DS Novell eDirectory Microsoft SQL 2000 & SQL 7 Oracle 9i/8i IBM DB2 Lotus Notes 5.x/6.x Microsoft Exchange 5.5, 2K, 2K3 Microsoft NT 4.x RACF DSML, LDIF, CSV, fixed width …others to follow MA SDK allows ISVs and corporate developers to build custom MAs NOS LDAP SQL LOB Apps Identity Data

14 MIIS Reach - The Management Agent SDK
Easy to use SDK to build Management Agents .Net hosted set of interfaces Address IT Pro and ISV audiences IT Pro Fast MA development using template Simple to configure by reusing “Extensible MA UI” ISVs Allow customizing MA configuration UI and provide customized look and feel Enable packaging and redistribution of management agents Enable Identity Manager-integrated development of MA configuration UI Supports password synchronization

15 Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A

16 Robust State-based Engine
State-based systems are robust Storing state information means MIIS knows what to expect on the connected system MIIS can respond if things go wrong Built on the assumption that systems go down and connectivity can be intermittent MIIS can easily recover from disaster Architecture allows high flexibility Runs can be controlled via schedules, events via WMI, etc. MIIS can attain near-real time by constantly running management agents MIIS can process only changes in the connected systems

17 MIIS Terms MIIS MV CS CD MA Connected Data Source (CD)
Any source and/or destination containing identity data Management Agent (MA) Facilitates the communication between MIIS and the CD Connector Space (CS) Staging area (SQL) for inbound or outbound synchronized attributes Metaverse (MV) Central (SQL) store of identity information Matching CS entries to a single MV entry is called “join”

18 MIIS Concepts – Example
Scenario: HR system in Oracle Hiring Approval system on SQL Server Sun One Directory Server Notes Notes Sun One MIIS Oracle SQL

19 MIIS Concepts Let’s zoom in on what MIIS does Connector Metaverse
Connected Data Sources (CD) Notes Oracle SQL Sun One MV entries are linked to CS entries through: Projection Provisioning a connector Joining CS entries represent objects in Connected Data Sources Synchronization is between MV and CS Staging is from CD to CS Export is from CS to CD Metaverse (MV) Connector Space (CS) User MIIS Let’s zoom in on what MIIS does

20 MIIS Sequence Of Events
Connected Data Sources (CD) Notes Sun One Oracle HR database staged and projected Provision and export to SQL-based approval system Manager approval app causes import and delta synchronization Sun One and Notes connectors provisioned and exported SQL User Oracle Connector Space (CS) Metaverse (MV)

21 MIIS Synchronization Rules and Extension Model
Rules can be defined declaratively or can be scripted Declaratively Use Identity Manager Extensions allow the user to modify the behavior of MIIS MIIS calls methods on the interface in response to changes in the system Model defines a managed interface Configuration set in UI determines which methods are called Write custom extensions in any programming language with a compiler for the CLR Visual Studio projects auto-generated for VB or C#

22 Data Aggregation and Synchronization Rules

23 Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A

24 Provisioning Scenarios
Dataflow driven provisioning Provisioning data mastered from an upstream system (like SAP) MIIS 2003 scenario Self-Service entry point with workflow Allow delegated users to trigger provisioning actions through web applications Personal information changes, password resets Approval processes can be required Account requests, group membership requests Dataflow driven provisioning with workflow Add approval processes to provisioning processes initiated by upstream system (like SAP) New employee joins, manager needs to approve DL membership

25 MIIS 2003 SP1 Provisioning MIIS 2003 MIIS SP1 Resource Kit
Administrator had to write code for provisioning MIIS SP1 Resource Kit Additional tools Provisioning code generator Declarative UI for provisioning Generates provisioning code Enables provisioning and registers provisioning DLL Source code can be extended with custom code

26 Group Management Manage group membership across heterogeneous systems
Use of the built in capabilities for managing reference attributes Authoritative data for group membership can be a connected directory (e.g. AD) calculated based on attributes; results imported into MIIS by using a Management Agent

27 Query against the integrated view Import group definition and members
Group Populator HR Database Query against the integrated view MIIS Active Directory Import group definition and members

28 Workflow with MIIS 2003 Workflow not integrated in MIIS 2003
Easy to extend MIIS with workflow MIIS 2003 SP1 Resource Kit Workflow application (account request application) Complex workflow Integrate BizzTalk with MIIS Future MIIS versions Powerful workflow engine fully integrated in MIIS

29 Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A

30 MIIS Password Management A Complete Solution
Accounts secure from provisioning to de-provisioning Initial password set feature Guarantees strong passwords Reduced sign-on capabilities Password sync initiated from Windows desktop Ability for end user to manage passwords in systems that do not participate in password synchronization Web portal allows end uses to manage passwords in connected identity stores Forgotten passwords (SP2 deliverable) Self-service password reset solution

31 Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management MIIS roadmap Summary Q&A

32 Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A

33 Summary Reduce administration cost through automation
Active Directory Summary Reduce administration cost through automation Provisioning and de-provisioning Entitlement management GAL management DL/group management Password management Improved productivity User self-service Faster access to systems Increased security Least access for users Fast de-provisioning Exchange 5.5 iPlanet Notes SQL Oracle

34 Summary – Deployment and Management
Easy to deploy No agents to deploy on connected systems MIIS can stand-alone or share clustered SQL Migrate configuration from test to production via XML files Easy to extend existing deployment System is designed so that it’s easy to incrementally add capabilities Easily add more systems or business rules Easy to troubleshoot and manage Preview Mode Data Lineage No log files to grep through - All error information stored in the database MOM Management Pack available for download

35 Solution Map

36 Founding Members NetPro drives the health, security and control of essential infrastructure services like MIIS and Active Directory. NetPro's MissionControl for MIIS offers administrators complete, operations management capability over their MIIS environments. Oxford Computer Group is an IT service company who specializes in identity and access management (IAM). This includes the provision of specific tactical solutions to address their customers' identity and access management needs. PointBridge is an IT consulting firm delivering Microsoft infrastructure solutions for the most complex business and technology environments. Vintela provides a family of innovative, extensible platform integration solutions built around the Vintela Integration Architecture (VIA) that enable non-Windows environments to integrate with Microsoft-centric environments.

37 NetPro The only solution to manage the enterprise-wide operations of MIIS Provides graphical presentation of MIIS Proactively troubleshoots and diagnoses MIIS issues Delivers service level reports for baselining, capacity planning and management reporting Monitors and alerts on MIIS health Audits and reports on critical MIIS configuration changes The MIIS World

38 Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A

Download ppt "Introduction to the Microsoft Identity Integration Server and Roadmap"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014

New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS

Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Identity Management with Microsoft Identity Integration Server.

Identity Management with Microsoft Identity Integration Server.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
SharePoint Collaboration Features & Workflow

SharePoint Collaboration Features & Workflow
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Similar presentations

Ads by Google