Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland [email protected].

Identity Lifecycle ManagementIdentity Lifecycle Management

Jonny ChambersJonny ChambersSenior Technical SpecialistSenior Technical SpecialistMicrosoft IrelandMicrosoft Ireland

[email protected]@microsoft.com

AgendaAgenda The Identity CrisisThe Identity Crisis What is Identity Management?What is Identity Management? Identity Lifecycle Management Identity Lifecycle Management

RequirementsRequirements Microsoft’s SolutionMicrosoft’s Solution DemoDemo Q&AQ&A

Islands Of ApplicationsIslands Of Applications Has lead to islands of identitiesHas lead to islands of identities

Pre 1980’sPre 1980’s 1980’s1980’s 1990’s1990’s 2000’s2000’s

# ofDigital IDs

Time

Applicatio

ns

MainframeMainframe

Client ServerClient Server

InternetInternet

BusinessBusinessAutomationAutomation

CompanyCompany(B2E)(B2E)

PartnersPartners(B2B)(B2B)

CustomersCustomers(B2C)(B2C)

MobilityMobility

What is Identity Management?What is Identity Management?

The process of authenticating The process of authenticating credentials and controlling access credentials and controlling access to networked resources based on to networked resources based on trust and identity.trust and identity.

Repositories for storing and managing Repositories for storing and managing accounts, identity information, and accounts, identity information, and security credentials. security credentials.

The processes used to create and The processes used to create and delete accounts, manage account and delete accounts, manage account and entitlement changes, and track policy entitlement changes, and track policy compliance.compliance.

Directory Services

Access Management

Identity Lifecycle

Management

A system of procedures and policies to A system of procedures and policies to

manage the lifecycle and entitlements manage the lifecycle and entitlements

of electronic credentials.of electronic credentials.

What is Identity Management?What is Identity Management?

The processes used to create and The processes used to create and delete accounts, manage account and delete accounts, manage account and entitlement changes, and track policy entitlement changes, and track policy compliance.compliance.

Identity Lifecycle

Management

The Business ChallengeThe Business Challenge

Lost Productivity Increased IT CostSecurity Risks

Administrator has 34 requests for new user accounts buried in a stack of papers on his desk.

Moved to a different building. Employees still calling her old phone number.

Helpdesk staff spends 1/3 of the day resetting passwords.

Employee terminated 4 months ago. Still has access to the VPN system.

On average, users are provisioned in 16 systems and de-provisioned in 10.

The Business CostThe Business Cost

Lost Productivity Increased IT CostSecurity Risks

Enterprises have 68 internal and 12 external account stores.

75% of internal users and 38% of external users are in multiple stores.

Password resets cost $57-$147.

New User- User ID Creation- Credential Issuance- Entitlements

Change User- Promotions- Transfers- Entitlement Changes

Help Desk- “Lost” Credentials- Password Reset- New Entitlements

Retire User- Delete Accounts- Remove Entitlements

Identity Lifecycle ManagementIdentity Lifecycle ManagementReporting- Compliance- Audit- Security

Integration

Integration

Workflow

Workflow

Self-Serve- Password Kiosk- Identity - New Entitlements

Exchange 5.5Exchange 5.5

MIISMIIS

Synchronizes multiple repositoriesSynchronizes multiple repositories ““Agentless” connection to other systemsAgentless” connection to other systems Provides attribute-level controlProvides attribute-level control Manage global address lists (GAL)Manage global address lists (GAL) Automate group and DL managementAutomate group and DL management

Active DirectoryActive Directory

NotesNotes

iPlanetiPlanet

SQLSQL

OracleOracle

Supported repositories:Supported repositories: Active Directory & Active Directory Application ModeActive Directory & Active Directory Application Mode Computer Associates ACF2Computer Associates ACF2 IBM DB2, Lotus Domino 5.x/6.x, Tivoli Directory Server, RACFIBM DB2, Lotus Domino 5.x/6.x, Tivoli Directory Server, RACF Microsoft SQL 2000, SQL 7Microsoft SQL 2000, SQL 7 Novell eDirectoryNovell eDirectory Oracle 8i/9iOracle 8i/9i Microsoft Exchange 5.5, 2000, 2003Microsoft Exchange 5.5, 2000, 2003 Microsoft NT 4.xMicrosoft NT 4.x Sun/iPlanet/Netscape DirectorySun/iPlanet/Netscape Directory Various flat-file formats: DSML, LDIF, CSV, fixed widthVarious flat-file formats: DSML, LDIF, CSV, fixed width

Case StudyCase Study25000 students, 2500 staff – 6000 25000 students, 2500 staff – 6000

user annual churnuser annual churnMIIS links in-house Ingres SIS MIIS links in-house Ingres SIS One password for core systemsOne password for core systemsHelps in BS7799 accreditationHelps in BS7799 accreditationAnnual savings of £25,000Annual savings of £25,000

http://www.microsoft.com/windowsserversystem/miis2003/evaluation/casestudies/CaseStudy.aspx?CaseStudyID=16022

SummarySummary

Reduce administration costReduce administration costGAL managementGAL management

DL/group managementDL/group management

Helpdesk password resetHelpdesk password reset

Improved productivityImproved productivityUser self-serviceUser self-service

Faster access to systemsFaster access to systems

Identity data fidelityIdentity data fidelity

Increased securityIncreased securityFast de-provisioningFast de-provisioning

iPlanetiPlanet

SQLSQL

OracleOracle

Active DirectoryActive Directory

Exchange 5.5Exchange 5.5

NotesNotes

Additional InformationAdditional Information

MIIS web site MIIS web site http://www.microsoft.com/MIIShttp://www.microsoft.com/MIIS

Identity Management web site Identity Management web site http://www.microsoft.com/IdMhttp://www.microsoft.com/IdM

Solution Accelerator for IdM Solution Accelerator for IdM http://www.microsoft.com/http://www.microsoft.com/IdMIdM

Contact meContact [email protected]@microsoft.com

© 2004 Microsoft Corporation. All rights reserved.© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.