Business ChallengesOrganizations today are confronted with a number of identity and access challenges that FIM can help address. Chief among these:n The burden of complexity on IT,

which must manage identities across heterogeneous systems.

n High help-desk costs associated with password resets and smart card deployment.

n Loss of end-user productivity because users cannot manage the routine aspects of their own identity and access.

n Lengthy development time for identity management customization because existing developer interfaces require specialized knowledge.

n Security gaps and risk to the business due to noncompliance with internal and external regulations.

Forefront Identity Manager BenefitsEmpowers peopleFIM puts the right tools in the hands of end users, IT professionals, and developers to increase their productivity and to lower help desk and other costs.

n Increases end-user productivity through self-help tools integrated into Office and Windows®. Without calling the help desk, users can reset a password or smart card PIN, create an e-mail distribution group, or add co-workers to a group. FIM portal also provides users with capabilities such as update their own profile, search for co-workers.

n Helps IT professionals manage identities more efficiently through a SharePoint®–based administrative console. IT can use the menu-driven user interface of the console to create policies and workflows that govern account management and access throughout the enterprise.

n Increases developer productivity through extensibility. Developers can access Web Services–based APIs and .NET to customize FIM functionality through the familiar Microsoft Visual Studio® and .NET development environments.

Delivers agility and efficiencyThrough automation, self-service, and rich extensibility, FIM reduces the high costs and risk often associated with identity management.

n Reduces costs through automation and self-service. FIM automates the management of users, groups, and other resources based on business policy, and delivers tools to help end users manage their own identity information in the web based interface.

n Integrates the heterogeneous identity infrastructure of the enterprise. FIM

Microsoft® Forefront™ Identity Manager 2010 offers a comprehensive solution for managing identities, credentials, and identity-based access policies across heterogeneous environments. FIM empowers users with self service password reset and embeds self-help tools in Office so users can manage routine aspects of identity and access, gives IT professionals rich administrative tools and enhanced automation, and delivers .NET and Web Services-based extensibility for developers.

Integrated identity management delivering powerful self-service capabilities for end users and enhanced administrative tools and automation for IT professionals

Empowers peopleDelivers agility & efficiency

Improves security & compliance

LOB Applications

Databases

FIM Portal

Self-Service Integration

Windows Log On

Custom

ISV PartnerSolutions

IT DepartmentsDirectories

HETEROGENEO

US CO

NN

ECTI

VITY

EXTENSIBILITY

IT AND END USER INTERFACES

FIM empowers people, delivers agility and efficiency, and improves security and compliance.

provides a single place to manage identities across a broad range of leading network operating systems, e-mail and collaboration tools, databases, directories, and applications.

n Maximizes existing investments. FIM makes it easier to manage identities across the existing infrastructure including Active Directory® Domain Services, Microsoft Exchange, and Active Directory Certificate Services.

n Integrates with familiar developer tools such as Visual Studio and .NET to enable easier customization.

Increases security and complianceFIM improves security and compliance, with management and auditing across identities, credentials, and resources.

n Secures the enterprise by integrating identity, credential, and access manage-ment across the organization. FIM enables IT to use a single, unified policy management system to manage users, their access and resources, and their credentials (including strong credentials).

n Implements a rich permission and delegation model to increase control and decrease compliance risk. For instance, IT can delegate the creation of groups and the management of distribution group membership to end users while enforcing such policies as the life span of the group.

n Enables system audits to reduce the risk of noncompliance. Policy management tools enable business owners and IT to audit business rules and events processed by FIM, and

to enforce those rules that support compliance automatically.

How Forefront Identity Manager WorksFIM delivers solutions to manage user accounts and access, password- and certificate-based credentials such as smart cards, and identity-based policies across Windows and heterogeneous environments.

Policy managementFIM establishes a framework for automating and integrating identity management so all enterprise systems use the same set of policies. This is accomplished through:

n Centralized authoring, enforcement, and auditing of policies. IT administrators can manage policies that govern users and groups with menu-driven controls, thereby reducing the risk of noncompliance.

n Extensible Windows Workflow Foundation–based workflows. IT can use these to approve account creation and delegate tasks and other such actions, and can easily extend them to deliver complex custom workflows.

Credentials managementFIM integrates the management of credentials for both administrators and end users through:

n Credential lifecycle management integrated with provisioning. IT professionals can manage the process of provisioning accounts and credentials using a single tool.

n Centralized management of multiple credentials such as Microsoft and third-party certificate authorities.

n Password synchronization across systems, which enables simplified sign-on.

n Intuitive experiences built into the Windows desktop logon so users can reset their own passwords and provision their own smart cards.

User managementFIM delivers tools for more efficient user provisioning and de-provisioning. These include:

n Improved tools for user provisioning. Automated user provisioning is managed through a user interface rather than writing customized code.

n Integrated provisioning of identities, credentials, and resources. IT can use FIM to create policies that seamlessly provision and de-provision the appropriate accounts, resources, and credentials.

n Self-service profile management for users. IT can set policies to enable end users to update profile information, such as their phone numbers, and to require approvals for and notifications of user-generated changes. End users can use these pages to search for other users as a whitepages application.

Group managementFIM group management helps increase end-user productivity, frees IT from repetitive identity management tasks, and provides better security and compliance through:

n Self-service group management tools integrated into Office and SharePoint. These enable users to manage group membership requests using familiar applications and include enabling requests offline.

n Automated dynamic updates of group and distribution groups. IT can use FIM management tools to create policies that keep groups and distribution groups up to date automatically.

For more information about Forefront Identity Manager, visit www.microsoft.com/FIM

©2009 Microsoft Corporation. All rights reserved. This data sheet is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.Microsoft, Active Directory, the Office logo,SharePoint, Visual Studio, Windows, and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

User ExperiencesSharePoint-based IT management portal

End user self-service through Office and WindowsIntegrated notifications and approvals

User Management

Credentials Management

Access Management

Policy Management

Common PlatformWeb Service APIs

Identity synchronization

FIM builds the management of users, credentials, access, and policy on a common platform and delivers powerful user experiences to IT professionals, developers, and end users.