Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux."— Presentation transcript:

1 Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux

2 Agenda What is identity? Microsoft’s Identity and Access Strategy Business Ready Security −The business challenges −How Forefront Identity Manager (FIM) 2010 addresses the challenges −Scenarios Summary Resources

3 What is Identity? Definition from ‘http:// www.thefreedictionary.com ’: Identity: The collective aspect of the set of characteristics by which a thing is definitively recognizable or known Example Definition for Identity Management: A system of procedures and policies enabled by software to manage the lifecycle and entitlements of digital credentials. IP-Address Username /PW Biometrics SmartcardsPassport Picture Identity Name, Address, Telephone, Mobile, Fax, Building, Room number, …

4 Exponential Growth of IDs Pre 1980’s 1980’s1990’s2000’s # of Digital IDs Time Applications Mainframe Client Server Internet BusinessAutomation Company(B2E) Partners(B2B) Customers(B2C) Mobility

5 Services as Identities Application to Application Rich Interactions -Office -Real time Communications -Live Meeting Rich Client Devices & Apps Web Browsers Web Service Web Service Web Service Web Service Web Server InternetOrganizationPartner Web Service Web Service

6 Identity at the Center Gartner: Companies spend $20-30 per user per year for password resets. PC Pitstop User Survey: 38% of users recycle old passwords, 18% write them down. AMR Research: $15.5B spent in 2005 on compliance with SOX, HIPAA, GLB, …

7 Across on-premises & cloud Highly Secure & Interoperable Platform Protect everywhere, access anywhere Simplify the security experience, manage compliance Block from: Enable CostValue SiloedSeamless to: Business Ready Security Help securely enable business by managing risk and empowering people Integrate and extend security across the enterprise

8 Business Ready Security Solutions Identity and Access Management Secure Messaging Secure Endpoint Secure Collaboration Active Directory ® ® Federation Services Information Protection

9 Delegated admin Identity and Access Management IDA Business Drivers Automate processes In-synch data Single password Protect system Role-based access IRMSoxBasel IIHIPAADS… Remote access Strong AuthN Assure compliance Improve security Single sign-on Self service Improve service and productivity Federation CentralizeHelp desk Pre-audit checks Reduce costs

10 Basic Standardized Rationalized Dynamic Directory Services Information Protection Strong Authentication Cost Center More Efficient Cost Center Business Enabler Strategic Asset IDA Optimization Model Physical protection of information Separate authentication for each application Identity store per application Basic Passwords Ad-hoc user provisioning & de-provisioning Data protection for local files and folders Primary directory for authorization Simpler access to core enterprise Established access policy Enforceable written policies Persistent data protection Trust-based federation across organizational boundaries Primary id store for heterogeneous enterprise Stronger access security for high risk scenarios Simpler access to core enterprise Automatic policy application for data protection Seamless authentication for web services Primary identity store for extended enterprise Enterprise-wide strong access security Automated digital identity management

11 Identity Infrastructure Secure Platform Security Username and Credentials Identity and Access Identity Based Access Common platform and infrastructure Simplified and integrated management Systems ApplicationInformationNetworkRemote ManagementManagement End-to-end access Microsoft’s Integrated Solutions Delivering TCO in the drive to Dynamic IT Across physical and virtual environments ClientMobileServerCloud Threat Mitigation Comprehensive security ApplicationEndpointNetworkCloud

12 Identity and Access Management Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device Provide more secure, always-on access Enable access from virtually any device Extend powerful self- service capabilities to users Automate and simplify management tasks PROTECT everywhere ACCESS anywhere INTEGRATE and EXTEND security SIMPLIFY security, MANAGE compliance Control access across organizations Provide standards- based interoperability

13 Provide More Secure, Anywhere Access EMPOWER BUSINESS Consolidated secure portal to simplify remote access to resources Simplified sign-on EMPOWER IT Policy-based resource access EMPOWER BUSINESS Seamless and more secure access Simplified, always-on access EMPOWER IT Policy-based network access Ability to manage machines anywhere EMPOWER BUSINESS Access from virtually any device EMPOWER IT Policy-based restricted access DIRECT ACCESS

14 Geneva (ADFS) project is one of the most significant enhancements for future use and dissemination of the Identity Federation. -Kuppinger Cole Geneva (ADFS) project is one of the most significant enhancements for future use and dissemination of the Identity Federation. -Kuppinger Cole “ “ Extend Access Across Organizations EMPOWER BUSINESS Ability to move seamlessly between applications using a single identity Collaboration across organizations EMPOWER IT No need to manage external accounts Simplified and flexible claims-based federation Common authentication controls for building custom applications Source: Awards for Outstanding Identity Management Projects. Kuppinger Cole, May 2009. http://www.id-conf.com/blog/2009/05/07/awards-for-outstanding-identity-management-projects/http://www.id-conf.com/blog/2009/05/07/awards-for-outstanding-identity-management-projects/

15 “ “ Empower Business Self-service profile, credential, and group management Password and PIN reset from Windows login Group management from within Microsoft Office Single identity across heterogeneous applications Empower IT End-to-end, workflow-driven user provisioning Policy-controlled self-service capabilities Automatic, attribute-based group membership for simplified resource access Source: Windows identity management tools move closer to completion. Tech Target, November 2008. http://searchwinit.techtarget.com/news/article/0,289142,sid1_gci1337386,00.html http://searchwinit.techtarget.com/news/article/0,289142,sid1_gci1337386,00.html GOVERNED SELF-SERVICE AND AUTOMATION Simplify Identity Management

16 Customers’ Identity & Access Requirements An end-to-end integrated stack that has 3 components 16 Identity-Based Access Network Access Identity-oriented edge access - e.g. NAP Identity Infrastructure Identity & Credentials Infrastructure : Directory – Identity/Credentials, Infocards, Meta/Virt Dir, Basic Policy Identity & Access Management Compliance and Audit: Monitoring, reporting, auditing of identity-based access activity Identity & Credential Management: User provisioning, Certificate & Smartcard Management, User self-service Policy Management: Identity policy, user/role-based access policy, federation policy, Delegation Access Management: Group Management, Federation/Trust Management, Entitlements, RBAC Remote Access Access resources remotely - e.gSSL VPN App Access SSO, Web/Ent/Host Access, Federation Info Access Drive Encryption, ILP, Rights Management

17 Business rules & policy Permissions Group & role membership Distribution lists Passwords & PINs Aligning Experiences With The Right People Architecture Deployment System administration Governance Security System & application integration Custom application development Users AccessCredentials Policy IT Professionals Information Workers Developers Add Update Revoke Audit

18 User Centric Open & Extensible Open & Extensible Best TCO Rich Office Integration Privacy Enabled Easiest to Deploy Broadest Ecosystem Simplified Licensing Service oriented Application Platform Integration Interoperable Comprehensive Solutions Comprehensive Solutions On Premises and Cloud (ADFS) Physical and Virtual Turnkey Offerings Consistent User Experience Microsoft’s Identity & Access Strategy 18

19 Compliance Single sign-on (SSO)/ Federation Strong authN & authZ Privacy Access Accessmanagement Identity life cycle Network operating system (NOS) directory Internetdirectory Authentication Windowsmanagement Meta-directory The Changing Role of IT Lower total cost of ownership (TCO) 2000 Compliance Security and privacy Operational efficiency Business enablement IDA

20 MIIS CLM Beta Previously ILM 2007 Microsoft Identity Lifecycle Manager 2007 Identity Synchronization User Provisioning Certificate and Smartcard Management Today: FIM 2010 Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Management Workflow and Policy FIM 2010 User Management Access Management Credential Management Common Platform Connectors Delegation Workflow Logging Web Service API Policy Management Identity Lifecycle Management Roadmap

21 Credential Management Heterogeneous certificate management with 3rd party CAs Management of multiple credential types Self-service password reset integrated with Windows logon Group Management Rich Office-based self-service group management tools Offline approvals through Office Automated (dynamic calculated) group and distribution list updates User Management Integrated provisioning of identities, credentials, and resources Automated, codeless user provisioning and de-provisioning Self-service profile management Policy Management SharePoint-based console for policy authoring, enforcement & auditing Extensible WS– * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency Key Pillars of Forefront Identity Manager 21

22 Integrates identity, credential, and access management Implements a rich permissions and delegation model Enables system auditing and compliance Provides Office-based self-service tools SharePoint admin console to manage identities Greater productivity through faster time to resolution Reduces costs through automation and self-service Maximizes existing investments in Identity Infrastructure (e.g.: OTP…) Integrates with familiar developer tools to enable new scenarios Empowers People Delivers Agility and Efficiency Increases Security and Compliance Microsoft IDA Management

23 IT Administrator Scenarios Credential Management Group Management User Management 23 Policy Management Centralized management Automatic policy enforcement across systems Management of role changes & retirements Generation and delivery of initial one-time use password Integration of smart card & cert enrollment with provisioning Automatic management of group membership Secure access management to departmental resources, with audit trail

24 New User User ID Creation Credential / Smartcard Issuance Entitlements Change User Entitlement Changes Renew/Update Certificate Promotions Transfers Help Desk “Lost” Credentials Recover/card replacement Issue temp card Password Reset New Entitlements Retire User Delete Accounts Remove Entitlements Disable Smartcard Reporting Compliance Audit Security e.g. Revoke Certificates Integration Workflow Self-Service Password Kiosk Identity New Entitlements Personalize card Identity Lifecycle Management

25 New Employee Scenario FIM 2010 MAINFRAME FINANCE APPLICATION FINANCE PORTAL iPLANET SMART CARD EXCHANGE ACTIVE DIRECTORY HR SYSTEM ILM PROVISIONING POLICY APPLIED MANAGER APPROVAL MANAGER APPROVAL

26 Employee Transition Scenario FIM 2010 MAINFRAME FINANCE APPLICATION FINANCE PORTAL iPLANET SMART CARD HR SYSTEM ILM PROVISIONING POLICY APPLIED MARKETING APPLICATION MARKETING PORTAL EXCHANGE ACTIVE DIRECTORY

27 Separation/Fire Scenario FIM 2010 MAINFRAME MARKETING APPLICATION MARKETING PORTAL iPLANET SMART CARD HR SYSTEM ILM PROVISIONING POLICY APPLIED EXCHANGE ACTIVE DIRECTORY

28 End User Scenarios Credential Management Group Management User Management Policy Management Integration with Windows logon No need to call help desk Faster time to resolution Request process through Office No waiting for help desk Faster time to resolution Automatic updating of business applications No need to call help desk Faster time to resolution Automatic routing of multiple approvals Approval process through Office Audit trail of approvals

29 Integrated Office Experience For Group Management & Password Management At Login

30 Answer Questions to Authenticate

31 Set a New Password

32 Identity is core to the people-driven business Today the identity life cycle management burden is on IT Microsoft’s approach: Align experiences with the right people Lowers cost Empowers people Provides IT with control with less effort How we get there ILM 2007: Brings together metadirectory, certificate management, and provisioning across Windows and enterprise systems FIM 2010: Extends ILM 2007 with new solutions to manage users, credentials, access, and policy using the tools that IT, users, and developers are most familiar with Summary

33 Resources Learn more about Identity Lifecycle Manager FIM 2010 Product Page: http://www.microsoft.com/fim http://www.microsoft.com/fim ILM 2007 Product Page: www.microsoft.com/ILM 2007www.microsoft.com/ILM 2007 Learn About Microsoft Identity and Access (IDA) IDA Solutions Home Page: www.microsoft.com/IDAwww.microsoft.com/IDA IDA Partners: www.microsoft.com/IDAwww.microsoft.com/IDA

34 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Forefront Identity Manager 2010 Henk Den Baes Technology advisor Microsoft Belux."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.

Microsoft Forefront Identity Manager 2010 Daniel MEYER Enterprise Technology Architect EMEA.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory
Communication Challenges Communication Overload Distributed teams, partners, and customers High cost of communications Security and compliance.

Communication Challenges Communication Overload Distributed teams, partners, and customers High cost of communications Security and compliance.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.

Brjann Brekkan Technical Product Manager Microsoft Corp. Session Code: SIA307.
Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.

Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Optimizing Business Operations Business Priorities Presentation.

Optimizing Business Operations Business Priorities Presentation.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
SIM332 UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement.

SIM332 UserManagement GroupManagement CredentialManagement Common Platform WorkflowConnectorsLogging Web Service API Synchronization PolicyManagement.
Private Cloud: Application Transformation Business Priorities Presentation.

Private Cloud: Application Transformation Business Priorities Presentation.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Similar presentations

Ads by Google