Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Published byKelly Wyman Modified over 10 years ago

Similar presentations

Presentation on theme: "Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM"— Presentation transcript:

1 Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Build 2012 3/31/2017 Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM Demo © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 2 factor authentication
Build 2012 3/31/2017 2 factor authentication What We know What we have 2 Factor Authentication What you know – e.g. PIN What you have – e.g. smart card, devices © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Why 2 factor authentication
Build 2012 3/31/2017 Why 2 factor authentication “In 2013 more than 90% of user-generated passwords, even those considered strong by IT departments, will be vulnerable to hacking” – Deloitte “The age of the password is over. We just haven’t realized it yet.” – Wired “73% of users share the passwords which they use for online banking, with at least one nonfinancial website.” – Trusteer Inc. Reused Login Credentials 2010 2 Factor Authentication © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Virtual smart cards Introduced in Windows 8
Build 2012 3/31/2017 Virtual smart cards Introduced in Windows 8 Uses TPM module on the PC for isolated crypto operations generation of non-exportable keys dictionary attack prevention (wrong PIN) Exposed as smart cards to applications and OS PIN is what you know, the device is what you have. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Where can virtual smart cards be used
Remote access using VPN or DirectAccess BYOD (Bring Your Own Device) Logon to PC SSL client authentication Secure Document protection (signing, encryption) BitLocker drive encryption for data volumes 2 factor authentication

6 Important aspects of a smart card
Build 2012 3/31/2017 Important aspects of a smart card User selected PIN Auto generated admin key for PIN reset or unblock (some cards have PUK) Unique ID (card ID, serial number, etc.) for inventory management Certificates and private keys © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Deployment types Managed virtual smart cards
Build 2012 3/31/2017 Deployment types Managed virtual smart cards Unmanaged virtual smart cards Inventory management PIN reset and unblock PIN change Policy enforcement Certificate issuance and management © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Deployment complexity
Managed virtual smart cards Unmanaged virtual smart cards Server side virtual smart card management Policy enforcement modules PIN management components Certificate server Browser plugin or client app

9 Certificate enrollment
Additional proofs Domain username and password Challenge questions OTP sent to mobile phone or Corpnet connection with user name and password Sign with a physical smart card Visit to an IT office/kiosk

10 FIM Synchronization Service FIM 2010 Certificate Management
FIM 2010 Components FIM Web Service Provides solutions for management of users, access, credentials, and policies Automates common identity lifecycle management tasks, including self-service solutions FIM Synchronization Service Provides identity synchronization services and user provisioning across multiple directories Includes many management agents (MAs) to allow communication between the FIM Synchronization Service and external databases and systems Allows development of custom management agents FIM CM Management Agent Extensible management agent that allows issuance/termination of certificates during account processing. Support scenarios: Initial enrollment during provisioning Disable/Retire/Revoke during deprovisioning Suspend/reinstated during account suspension FIM 2010 Certificate Management Single administration point for software and smart card certificates Configurable policy-based workflows for common tasks Detailed auditing and reporting Integration with existing infrastructure

11 Certification Authority
FIM CM Components FIM CM Server Server SQL Server Corporate Partner Corporate User Customer Certification Authority Active Directory

12 FIM CM Architecture Physical Architecture Logical Architecture
Other Services Certification Authority FIM CM Policy Module FIM CM Exit Module Enterprise CA or Third Party CA Server FIM CM AD Integration FIM CM ASP.NET Web App IIS 7.0 or 7.1 (64-bit) Active Directory FIM CM Server IE 6.x or IE 7.x or IE 8.x FIM CM Client Smart Card Middleware / Smart Card Base CSP SQL Server End User

13 FIM 2010 Licensing FIM 2010 licensing requires two separate license purchases: Server license Client Access license Server licensing One license per physical FIM 2010 server Server can run FIM Web Service, FIM Synchronization Service, or FIM CM Service, Can run each on separate server, or any combination of the three services Client access license for every person that receives a certificate managed by FIM 2010 Software certificates Smart card certificates Includes ability to do user self-service password reset and self-service group management Can consider purchasing an External Connector license if certificate are issued to subscribers outside of the organization Licensing Server License FIM 2010 Server CALs If a person has two accounts in Active Directory, only a single CAL is required to manage certificates issued to the two accounts

14 Introducing Profile Templates
Certificate Templates Management Policies . . . Enrollment Enroll Recover Revoke Profile Template Profile Details

15 Introducing FIM CM Roles
Description Certificate Subscriber Can perform a limited number of functions against their own certificates or smart cards Has access to the FIM CM Subscriber Portal Certificate Manager Performs management functions for a group of subscribers Has access to the FIM CM Manager Portal

16 Demo – use virtual smart card

17 Resources Virtual smart card white paper MSDN links for WinRT APIs
MSDN links for WinRT APIs Samples link

Download ppt "Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM"

Similar presentations

Forefront Identity Manager 2010

Forefront Identity Manager 2010
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Microsoft® Windows® Rights Management Services (RMS) Deployment and Usage, Step-by-Step.

Microsoft® Windows® Rights Management Services (RMS) Deployment and Usage, Step-by-Step.
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.

Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.

Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda  The challenge: Authenticator life-cycle management  eToken TMS (Token Management System)  eToken.

EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda  The challenge: Authenticator life-cycle management  eToken TMS (Token Management System)  eToken.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures

Similar presentations

Ads by Google