Identity Lifecycle Identity Lifecycle Management Management Jonny Chambers Jonny Chambers Senior Technical Specialist Senior Technical Specialist Microsoft Ireland Microsoft Ireland [email protected] [email protected]
Dec 24, 2015
Identity Lifecycle ManagementIdentity Lifecycle Management
Jonny ChambersJonny ChambersSenior Technical SpecialistSenior Technical SpecialistMicrosoft IrelandMicrosoft Ireland
[email protected]@microsoft.com
AgendaAgenda The Identity CrisisThe Identity Crisis What is Identity Management?What is Identity Management? Identity Lifecycle Management Identity Lifecycle Management
RequirementsRequirements Microsoft’s SolutionMicrosoft’s Solution DemoDemo Q&AQ&A
Islands Of ApplicationsIslands Of Applications Has lead to islands of identitiesHas lead to islands of identities
Pre 1980’sPre 1980’s 1980’s1980’s 1990’s1990’s 2000’s2000’s
# ofDigital IDs
Time
Applicatio
ns
MainframeMainframe
Client ServerClient Server
InternetInternet
BusinessBusinessAutomationAutomation
CompanyCompany(B2E)(B2E)
PartnersPartners(B2B)(B2B)
CustomersCustomers(B2C)(B2C)
MobilityMobility
What is Identity Management?What is Identity Management?
The process of authenticating The process of authenticating credentials and controlling access credentials and controlling access to networked resources based on to networked resources based on trust and identity.trust and identity.
Repositories for storing and managing Repositories for storing and managing accounts, identity information, and accounts, identity information, and security credentials. security credentials.
The processes used to create and The processes used to create and delete accounts, manage account and delete accounts, manage account and entitlement changes, and track policy entitlement changes, and track policy compliance.compliance.
Directory Services
Access Management
Identity Lifecycle
Management
A system of procedures and policies to A system of procedures and policies to
manage the lifecycle and entitlements manage the lifecycle and entitlements
of electronic credentials.of electronic credentials.
What is Identity Management?What is Identity Management?
The processes used to create and The processes used to create and delete accounts, manage account and delete accounts, manage account and entitlement changes, and track policy entitlement changes, and track policy compliance.compliance.
Identity Lifecycle
Management
The Business ChallengeThe Business Challenge
Lost Productivity Increased IT CostSecurity Risks
Administrator has 34 requests for new user accounts buried in a stack of papers on his desk.
Moved to a different building. Employees still calling her old phone number.
Helpdesk staff spends 1/3 of the day resetting passwords.
Employee terminated 4 months ago. Still has access to the VPN system.
On average, users are provisioned in 16 systems and de-provisioned in 10.
The Business CostThe Business Cost
Lost Productivity Increased IT CostSecurity Risks
Enterprises have 68 internal and 12 external account stores.
75% of internal users and 38% of external users are in multiple stores.
Password resets cost $57-$147.
New User- User ID Creation- Credential Issuance- Entitlements
Change User- Promotions- Transfers- Entitlement Changes
Help Desk- “Lost” Credentials- Password Reset- New Entitlements
Retire User- Delete Accounts- Remove Entitlements
Identity Lifecycle ManagementIdentity Lifecycle ManagementReporting- Compliance- Audit- Security
Integration
Integration
Workflow
Workflow
Self-Serve- Password Kiosk- Identity - New Entitlements
Exchange 5.5Exchange 5.5
MIISMIIS
Synchronizes multiple repositoriesSynchronizes multiple repositories ““Agentless” connection to other systemsAgentless” connection to other systems Provides attribute-level controlProvides attribute-level control Manage global address lists (GAL)Manage global address lists (GAL) Automate group and DL managementAutomate group and DL management
Active DirectoryActive Directory
NotesNotes
iPlanetiPlanet
SQLSQL
OracleOracle
Supported repositories:Supported repositories: Active Directory & Active Directory Application ModeActive Directory & Active Directory Application Mode Computer Associates ACF2Computer Associates ACF2 IBM DB2, Lotus Domino 5.x/6.x, Tivoli Directory Server, RACFIBM DB2, Lotus Domino 5.x/6.x, Tivoli Directory Server, RACF Microsoft SQL 2000, SQL 7Microsoft SQL 2000, SQL 7 Novell eDirectoryNovell eDirectory Oracle 8i/9iOracle 8i/9i Microsoft Exchange 5.5, 2000, 2003Microsoft Exchange 5.5, 2000, 2003 Microsoft NT 4.xMicrosoft NT 4.x Sun/iPlanet/Netscape DirectorySun/iPlanet/Netscape Directory Various flat-file formats: DSML, LDIF, CSV, fixed widthVarious flat-file formats: DSML, LDIF, CSV, fixed width
Case StudyCase Study25000 students, 2500 staff – 6000 25000 students, 2500 staff – 6000
user annual churnuser annual churnMIIS links in-house Ingres SIS MIIS links in-house Ingres SIS One password for core systemsOne password for core systemsHelps in BS7799 accreditationHelps in BS7799 accreditationAnnual savings of £25,000Annual savings of £25,000
http://www.microsoft.com/windowsserversystem/miis2003/evaluation/casestudies/CaseStudy.aspx?CaseStudyID=16022
SummarySummary
Reduce administration costReduce administration costGAL managementGAL management
DL/group managementDL/group management
Helpdesk password resetHelpdesk password reset
Improved productivityImproved productivityUser self-serviceUser self-service
Faster access to systemsFaster access to systems
Identity data fidelityIdentity data fidelity
Increased securityIncreased securityFast de-provisioningFast de-provisioning
iPlanetiPlanet
SQLSQL
OracleOracle
Active DirectoryActive Directory
Exchange 5.5Exchange 5.5
NotesNotes
Additional InformationAdditional Information
MIIS web site MIIS web site http://www.microsoft.com/MIIShttp://www.microsoft.com/MIIS
Identity Management web site Identity Management web site http://www.microsoft.com/IdMhttp://www.microsoft.com/IdM
Solution Accelerator for IdM Solution Accelerator for IdM http://www.microsoft.com/http://www.microsoft.com/IdMIdM
Contact meContact [email protected]@microsoft.com
© 2004 Microsoft Corporation. All rights reserved.© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.