virtual techdaysINDIA │ 18-20 august 2010

Managing Active Directory Using Microsoft Forefront Identity Manager:

Amol R Bhandarkar│ Tech Specialist – Identity & Access, Microsoft Corp.

Overview of FIM How FIM can help manage AD Demo

Various scenarios of using FIM to manage AD

virtual techdaysINDIA │ 18-20 august 2010

S E S S I O N A G E N D A

virtual techdaysINDIA │ 18-20 august 2010

Overview of Forefront Identity Manager 2010 (FIM 2010)

Identity Lifecycle Manager -> Forefront Identity Manager

Identity SynchronizationUser ProvisioningCertificate and Smartcard Management

Office Integration for Self-ServiceSupport for 3rd Party CAsCodeless ProvisioningGroup & DL ManagementWorkflow and Policy

User Management

GroupManagement

Credential Management

Common PlatformWorkflowConnectorsLoggingWeb Service APISynchronization

PolicyManagement

Credential Management

Heterogeneous certificate management with 3rd party CAsManagement of multiple credential types, including One Time PasswordsSelf-service password reset integrated with Windows logon

GroupManagement

Rich Office-based self-service group management toolsOffline approvals through OfficeAutomated group and distribution list updates

UserManagement

Integrated provisioning of identities, credentials, and resourcesAutomated, codeless user provisioning and de-provisioningSelf-service profile management

PolicyManagement

SharePoint-based console for policy authoring, enforcement & auditingExtensible WS– * APIs and Windows Workflow Foundation workflowsHeterogeneous identity synchronization and consistency

Forefront Identity Manager - Feature areas

5

End User Scenarios

Credential Management

GroupManagement

UserManagement

PolicyManagement

6

Self-service smart card provisioning & management

User asks to join secure distribution list for newproduct development

User changes cell phone number

Integration with Windows logonNo need to call help deskFaster time to resolution

Request process through OfficeNo waiting for help deskFaster time to resolution

Automatic updating of business applicationsNo need to call help deskFaster time to resolution

Example Scenario FIM 2010 Advantages

CFO gives final approval for newuser to access app with associated SOX compliance requirement

Automatic routing of multiple approvalsApproval process through OfficeAudit trail of approvals

IT Administrator Scenarios

Credential Management

GroupManagement

UserManagement

7

PolicyManagement

Create workflow to automatically issue passwords and smart cards to new users

Design policy to automatically create departmental security groups

Author policy to require HRapproval for job title change

Automatically provision new employees with identity, mailbox, and credentials

Centralized managementAutomatic policy enforcement across systems

Automatic policy enforcement across systemsManagement of role changes & retirements

Generation and delivery of initialone-time use passwordIntegration of smart card & cert enrollment with provisioning

Automatic management of group membershipSecure access to departmental resources, with audit trail

Example Scenario FIM 2010 Advantages

Forefront Identity Manager in Action

Directories

Custom

Self-Service integration

LOB Applications

FIM Portal

ISV PartnerSolutions

WindowsLog On

IT Departments

Databases

Policy ManagementCredential Management

User Management Group Management

9

How does FIM help in managing AD

• User Lifecycle Management– Creation of users / deletion of users

• Creating users in specific OU’s– Based on attributes like locations or departments

• Create OU, if none exist before, automatically• Maintaining group memberships

– Based on criteria like attribute values• Managing Groups and DLs

– Allow users to create / manage groups and memberships• Self-Service Password reset

– Reset your own password based on challenge / response mechanism– Users can unlock their account if locked

10

How does FIM help in managing AD

• Privilege management tool– Users can request for high level of access– Access can be granted based on approvals– Time based criteria

• Enable Smartcard provisioning– Smartcards can be used as two-factor/Strong authentication

• Allow user to maintain and manage their own profile– Users can update their information like mobile #, Phone details, etc.

virtual techdaysINDIA │ 18-20 august 2010

DEMO: Managing AD using FIM 2010

Amol R Bhandarkar│

12

Demo scenarios

• User provisioning / de-provisioning• Group membership change• Automatic change in OU membership• Self-service Password reset• Workflow based approval process• Creation of DL and managing group

memberships

virtual techdaysINDIA │ 18-20 august 2010

RESOURCES

More information about Forefront Identity Manager www.microsoft.com/fim www.microsoft.com/ilm http://blogs.technet.com/amolrb

virtual techdaysTHANKS│18-20 august 2010

amolrb@microsoft.com │http://blogs.technet.com/amolrb