Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront...
-
date post
19-Dec-2015 -
Category
Documents
-
view
219 -
download
3
Transcript of Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront...
virtual techdaysINDIA │ 18-20 august 2010
Managing Active Directory Using Microsoft Forefront Identity Manager:
Amol R Bhandarkar│ Tech Specialist – Identity & Access, Microsoft Corp.
Overview of FIM How FIM can help manage AD Demo
Various scenarios of using FIM to manage AD
virtual techdaysINDIA │ 18-20 august 2010
S E S S I O N A G E N D A
Identity Lifecycle Manager -> Forefront Identity Manager
Identity SynchronizationUser ProvisioningCertificate and Smartcard Management
Office Integration for Self-ServiceSupport for 3rd Party CAsCodeless ProvisioningGroup & DL ManagementWorkflow and Policy
User Management
GroupManagement
Credential Management
Common PlatformWorkflowConnectorsLoggingWeb Service APISynchronization
PolicyManagement
Credential Management
Heterogeneous certificate management with 3rd party CAsManagement of multiple credential types, including One Time PasswordsSelf-service password reset integrated with Windows logon
GroupManagement
Rich Office-based self-service group management toolsOffline approvals through OfficeAutomated group and distribution list updates
UserManagement
Integrated provisioning of identities, credentials, and resourcesAutomated, codeless user provisioning and de-provisioningSelf-service profile management
PolicyManagement
SharePoint-based console for policy authoring, enforcement & auditingExtensible WS– * APIs and Windows Workflow Foundation workflowsHeterogeneous identity synchronization and consistency
Forefront Identity Manager - Feature areas
5
End User Scenarios
Credential Management
GroupManagement
UserManagement
PolicyManagement
6
Self-service smart card provisioning & management
User asks to join secure distribution list for newproduct development
User changes cell phone number
Integration with Windows logonNo need to call help deskFaster time to resolution
Request process through OfficeNo waiting for help deskFaster time to resolution
Automatic updating of business applicationsNo need to call help deskFaster time to resolution
Example Scenario FIM 2010 Advantages
CFO gives final approval for newuser to access app with associated SOX compliance requirement
Automatic routing of multiple approvalsApproval process through OfficeAudit trail of approvals
IT Administrator Scenarios
Credential Management
GroupManagement
UserManagement
7
PolicyManagement
Create workflow to automatically issue passwords and smart cards to new users
Design policy to automatically create departmental security groups
Author policy to require HRapproval for job title change
Automatically provision new employees with identity, mailbox, and credentials
Centralized managementAutomatic policy enforcement across systems
Automatic policy enforcement across systemsManagement of role changes & retirements
Generation and delivery of initialone-time use passwordIntegration of smart card & cert enrollment with provisioning
Automatic management of group membershipSecure access to departmental resources, with audit trail
Example Scenario FIM 2010 Advantages
Forefront Identity Manager in Action
Directories
Custom
Self-Service integration
LOB Applications
FIM Portal
ISV PartnerSolutions
WindowsLog On
IT Departments
Databases
Policy ManagementCredential Management
User Management Group Management
9
How does FIM help in managing AD
• User Lifecycle Management– Creation of users / deletion of users
• Creating users in specific OU’s– Based on attributes like locations or departments
• Create OU, if none exist before, automatically• Maintaining group memberships
– Based on criteria like attribute values• Managing Groups and DLs
– Allow users to create / manage groups and memberships• Self-Service Password reset
– Reset your own password based on challenge / response mechanism– Users can unlock their account if locked
10
How does FIM help in managing AD
• Privilege management tool– Users can request for high level of access– Access can be granted based on approvals– Time based criteria
• Enable Smartcard provisioning– Smartcards can be used as two-factor/Strong authentication
• Allow user to maintain and manage their own profile– Users can update their information like mobile #, Phone details, etc.
12
Demo scenarios
• User provisioning / de-provisioning• Group membership change• Automatic change in OU membership• Self-service Password reset• Workflow based approval process• Creation of DL and managing group
memberships
virtual techdaysINDIA │ 18-20 august 2010
RESOURCES
More information about Forefront Identity Manager www.microsoft.com/fim www.microsoft.com/ilm http://blogs.technet.com/amolrb