Amol Bhandarkar Technology Specialist Identity & Access Microsoft

Transcription

1

2 Amol Bhandarkar Technology Specialist Identity & Access Microsoft

3 Agenda Identity & Access ILM 2 High level architecture ILM 2 Features Demo of ILM 2

4 Identity & Access Identity & Access Compliance and Audit: Monitoring, reporting, auditing of identity-based access activity Policy : Identity policy, user/role-based access policy, federation policy, Delegation Access : Group, Federation/Trust, Entitlements, RBAC Identity & Credential : User provisioning, Certificate & Smartcard, User self-service Identity-Based Access Remote Access Access resources remotely - e.gssl VPN Network Access Identity-oriented edge access - e.g. NAP App Access SSO, Web/Ent/Host Access, Federation Info Access Drive Encryption, ILP, Rights Identity Infrastructure Identity & Credentials Infrastructure : Directory Identity/Credentials, Infocards, Meta/Virt Dir, Basic Policy

5 Microsoft Identity Lifecycle Manager Identity Synchronization User Provisioning Certificate and Smartcard User Credential Common Platform Workflow Connectors Logging Web Service API Synchronization Group Policy Office Integration for Self-Service Support for 3rd Party CAs Codeless Provisioning Group & DL Workflow and Policy

6 ILM 2 High Level Architecture

7 Identity Lifecycle Manager 2 Features Policy SharePoint-based console for policy authoring, enforcement & auditing Extensible WS * APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization and consistency Credential Heterogeneous certificate management with 3rd party CAs of multiple credential types, including One Time Passwords Self-service password reset integrated with Windows logon User Integrated provisioning of identities, credentials, and resources Automated, codeless user provisioning and de-provisioning Self-service profile management Group Rich Office-based self-service group management tools Offline approvals through Office Automated group and distribution list updates 7

8 End User Scenarios Policy Automatic routing of multiple approvals Approval process through Office Audit trail of approvals Credential Integration with Windows logon No need to call help desk Faster time to resolution User Automatic updating of business applications No need to call help desk Faster time to resolution Group Request process through Office No waiting for help desk Faster time to resolution 8

9 IT Administrator Scenarios Policy Centralized management Automatic policy enforcement across systems Credential Generation and delivery of initial one-time use password Integration of smart card enrollment with provisioning User Automatic policy enforcement across systems of role changes & retirements Group Automatic management of group membership Secure access to departmental resources, with audit trail 9

10 ILM "2" in Action ILM 2 Portal Self-Service integration Windows Log On LOB Applications Policy Credential User Group Custom Databases ISV Partner Solutions Directories IT Departments

11 ILM "2" In Action HR-driven provisioning a of new employee New user added in HR app Sync receives request ILM manages manager and dept head approvals Once approved, changes committed to ILM app store Sync DB App DB Agents AuthN & AuthZ Workflows ILM synchronizes updates with external identity stores ILM sends welcome and confirmation s Sync DB Identity Stores Agents Action Workflow

12 ILM "2" In Action Self-service smart card provisioning New user added in HR app Sync receives request Does user have permission to add user to ILM? ILM manages manager and dept head approvals Sync DB ILM syncs to external identity stores Agents Delegation & Permissions ILM sends welcome and confirmation s AuthN & AuthZ Workflows Once approved, changes committed to ILM app store Sync DB App DB Identity Stores Agents Action Workflow Approval workflows Card created & printed Certificates requested Self-service notification and One Time Password sent to end user End user downloads certificates onto smart card

13 ILM "2" In Action Self-service password management User forgets password Requests password reset at Win logon and answers Q/A ILM receives XML Does user have permission to reset password? ILM validates Q/A response from user Request Processor Delegation & Permissions AuthN & AuthZ Workflows ILM syncs new password to external identity stores ILM makes WMI call to reset password in AD Changes committed to ILM app store Sync DB App DB Identity Stores Agents Action Workflow

14 Identity in various scenarios

15 References Identity Lifecycle Manager 2 technet.microsoft.com/ilm Intelligent Application Gateway AD Rights Services

16 Contact Address

17

18

19 Related Content Breakout Sessions (session codes and titles) Interactive Theater Sessions (session codes and titles) Hands-on Labs (session codes and titles) Hands-on Labs (session codes and titles)

20 Track Resources Resource 1 Resource 2 Resource 3 Resource 4

21 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.