Christian Jäggli
Principal Consultant
Microsoft Corporation
IDA management today; a burden on IT
Align IDA with the right people
Microsoft Identity and Access Management
Microsoft Identity Lifecycle Manager (ILM)
How ILM “2” addresses the challenges
ILM “2” features
ILM “2” @ work
Technology behind the scene
Release schedule
Resources
Questions & Answers
IT Professionals
Respond to the business
Respond to users
Architecture & deployment
System admin
Governance & security
Managing permissions
Creating & deleting user
accounts
Policy implementation &
enforcement
Information Workers
Call help desk for password
and access requests
Wait up to weeks for access
Define business policies
Wrong People
Wrong Contexts
Greater Complexity
Higher Cost
Developers
Business rule development
Custom application development
Systems integration
IT Professionals
Information Workers
Users
Access
Credentials
Policy
Business rules & policy
Permissions
Group & role membership
Distribution lists
Passwords & PINs
Architecture
Deployment
System administration
Governance
Security
Developers
System & application integration
Custom application development
Empowers
People
Provides Office-based self-service tools
SharePoint admin console to manage identities
Greater productivity through faster time to resolution
Delivers
Agility and
Efficiency
Reduces costs through automation and self-service
Maximizes existing investments in Identity Infrastructure
Integrates with familiar developer tools to enable new scenarios
Increases
Security and
Compliance
Integrates identity, credential, and access management
Implements a rich permissions and delegation model
Enables system auditing and compliance
Microsoft
Office
Windows
Web
Sites
Visual Studio
User and
Developer
Experiences
Microsoft Solution
Focus Areas
Identity
Lifecycle Mgmt
IDA
Management
Identity Lifecycle Manager
Information
Protection
Certificate
Services
Rights Management
Services
Active Directory
Federation Services
AD Domain Services & AD Lightweight Directory Services
.NET Workflow Foundation
Platform
Components
Federated
Identity
Strong
Authentication
Windows Services
Directory
Services
20+ Connectors
WS-*
Extensibility
User
Management
Credential
Management
Identity Synchronization
User Provisioning
Certificate and
Smartcard Management
Common Platform
Workflow
Connectors
Logging
Web Service API
Synchronization
Group
Management
Policy
Management
Office Integration for Self-Service
Support for 3rd Party CAs
Codeless Provisioning
Group & DL Management
Workflow and Policy
Policy
Management
SharePoint-based console for policy authoring, enforcement & auditing
Extensible WS– * APIs and Windows Workflow Foundation workflows
Heterogeneous identity synchronization and consistency
Credential
Management
Heterogeneous certificate management with 3rd party CAs
Management of multiple credential types, including One Time Passwords
Self-service password reset integrated with Windows logon
User
Management
Integrated provisioning of identities, credentials, and resources
Automated, codeless user provisioning and de-provisioning
Self-service profile management
Group
Management
Rich Office-based self-service group management tools
Offline approvals through Office
Automated group and distribution list updates
On-boarding Joe Miller
HR registers Joe’s information in SAP
ILM imports information into IAM data base
Joe’s profile is available in ILM portal
Joe’s manager receives email with link to profile
Manager assigns System roles and profiles for Joe’s role
System Owner approves system access and profiles
Joe’s user accounts and mail box are provisioned
An email with initial password is sent to Joe’s manager
Joe’s first day at work
Joe logs on to his new workstation
Registers for password reset self service
Modifies his profile
Opens Outlook and requests group/DL membership
Group Owner approves/denies request
Joe forgot his password
Joe has logged out and forgot his password. Reset password self service
ILM “2” Server:
Windows Server 2008, 64-bit
Only supported server platform
Internet Information Services 7 (IIS)
.NET Framework 3.0
Windows Workflow Foundation
Windows Powershell
Web Services (WS*)
MS SQL Server 2008
SharePoint Services 3.0
Visual Studio 2008 (for customizing)
Clients Modules:
Windows XP, Windows Vista or Windows 7
32- and 64-Bit
Office 2007 (for Office integration)
Solutions
Group
Mgmt
User
Mgmt
Credential
Mgmt
Policy
Mgmt
Outlook
Portal
Windows
Custom
Custom
ILM Clients
Portal
ILM Platform
ILM Sync
ILM Web Service
App
DB
Request Delegation
AuthN
Processor & Permissions Workflow
AuthZ
Workflow
Sync
DB
Action
Workflow
Adapters
Identity Stores
Directories
Applications
Databases
E-Mail Systems
CLM
CLM
DB
Cert Mgmt
ILM Web Service
App
DB
Request
Delegation
Processor & Permissions
AuthN
Workflow
AuthZ
Workflow
Service on the ILM Server
Providing Web services interfaces for WS* requests by
clients and Web interface
Handles Authentication, Authorization, Workflows
through Management Policy Rules
All Requests performed are logged and reported
Based on .NET and Windows Workflow foundation
 Management Agent
 Connector Space
 Metaverse
SharePoint Web Portal
(SharePoint Services) for
ILM Administrator
End users for self service
Resource and group
administrators
Workflow requestors and
approvers
Password Management
User sees only what they are
entitled to see and manage
Predefined page layout
But can be customized and
branded to user needs trough
interface (no coding)
ILM Clients
Outlook
Portal
Windows
Custom
ILM can use different Clients to access the
functionality:
SharePoint portal via Internet Explorer
Windows XP or Windows Vista for Credential
Management (Passwords and Smart Cards)
Office Outlook for Group management, approvals and
request handling
Any application which can send WS* requests to the
ILM Service (for example Helpdesk application)
RTM
Q1 CY 2010
Includes
Customer reported updates
Experience and guidance from lengthy
RC 1 deployment validation
Release Candidate 1
Q3 2009
Updates Include
Management Policy Rules Explorer
Portal updates for usability
Historical Data is stored in separated DB
RC1 to RTM Migration support
Release Candidate
Nov 2008
Updates Include
Support for scaleout
Cross forest group management
Email notification enhancements
Beta 3
June 2008
3rd party CA support
New Features Include
Codeless Provisioning
Policy Management
Self-service password reset
Learn more about Identity Lifecycle Manager
ILM “2” Product Page: http://www.microsoft.com/ilm2
ILM 2007 Product Page: www.microsoft.com/ILM 2007
Learn About Microsoft Identity and Access (IDA)
IDA Solutions Home Page: www.microsoft.com/IDA
IDA Partners: www.microsoft.com/IDA
Evaluate the ILM “2” Release Candidate
Visit http://www.microsoft.com/ilm2
check out these websites, blogs & more!
Presentations
TechDays: www.techdays.ch
MSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspx
MSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspx
MSDN Events
MSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspx
Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin
MSDN Flash (our by weekly newsletter)
Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspx
MSDN Team Blog
RSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspx
Developer User Groups & Communities
Mobile Devices: http://www.pocketpc.ch/
Microsoft Solutions User Group Switzerland: www.msugs.ch
.NET Managed User Group of Switzerland: www.dotmugs.ch
FoxPro User Group Switzerland: www.fugs.ch
check out these websites, blogs & more!
Presentations
TechDays: www.techdays.ch
TechNet Events
TechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx
Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin
TechNet Flash (our by weekly newsletter)
Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspx
Schweizer IT Professional und TechNet Blog
RSS: http://blogs.technet.com/chitpro-de/
IT Professional User Groups & Communities
SwissITPro User Group: www.swissitpro.ch
NT Anwendergruppe Schweiz: www.nt-ag.ch
PASS (Professional Association for SQL Server): www.sqlpass.ch
7. – 8. April 2010
Congress Center Basel
Premium Sponsoring Partners
Classic Sponsoring Partners
Media Partner
(Management Agents)
Type of System
Management Agents
Network Operating Systems
and Directory Services
• Microsoft Active Directory Windows Server 2003 R2, 2003, and 2000
• Microsoft Active Directory Application Mode Windows Server 2003 R2
and 2003
• Microsoft Windows NT 4.0
• IBM Tivoli Directory Server
• Novell eDirectory 8.6.2, 8.7, and 8.7.x
• Sun Directory Server (Netscape/iPlanet/SunONE) 4.x and 5.x
Mainframe
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Email and Messaging
Applications
Databases
File-Based
All Other
IBM Resource Access Control Facility (RACF)
Computer Associates eTrust ACF2
Computer Associates eTrust Top Secret
Microsoft Exchange 2007, 2003, 2000, and 5.5
Lotus Notes 6.x, 5.0, and 4.6
SAP 5.0 and 4.7
Telephone switches
XML-based systems
DSML-based systems
Microsoft SQL Server 2005, 2000, and 7
IBM DB2
Oracle 10g, 9i, and 8i
Attribute value Pairs
CSV
Delimited
Fixed Width
Directory Services Markup Language (DSML) 2.0
LDAP Interchange Format (LDIF)
Extensible Management Agent for connectivity to all other systems