Microsoft Identity and Access
Solutions
Market Trends and Futures
Jesus Martin
Identity and Access Lead, Middle East and Africa
Microsoft Corp
[email protected]
Identity and Access Management
•
•
•
•
•
•
•
•
•
•
•
•
Provisioning/Deprovisioning
User/Profile Self Service
Group & Role Management
Password Self Service & Password
Management
Certificate Management
Two Factor Authentication
Federation
Enterprise SSO
Attestation & Certification
Privileged Account Management
Compliance & Auditing
Reporting
Gartner states: By 2014, investments
in IAM solutions will increase 60
percent to address regulatory
1
compliance requirements
The Journey
Identity Management is not anymore
about
• Provisioning and Deprovisioning
• Identity Synchronization
• Deliver tools to IT to control and secure the
environment
Trends in Identity and Access
Market Trends ….. Futures ?
•
Identity Management goal will be about simplifying the way we deliver services that
IT provides to end users rather than delivering tools to IT departments.
•
Business Managers will be able to deliver users access to business services without
the need to contact IT
•
End User Interfaces that can be used as a “Web Shop” will enable users to get
access to data as easily as they can create a Dropbox/hotmail account
•
Interfaces will be as easy to use as Facebook
•
Will manage the Access to Internal / Cloud based Applications
•
Any device / same user experience (Identity in the Cloud)
•
Windows 8 will drive the future of Identity Management and Information Protection
User Management and Web Shop Self
Services
User Self Service Management
Self service group
management integrated
with Outlook and
Exchange
Integrated approval
Simplify Identity Management : FIM
2010
Empower Business
GOVERNED SELF-SERVICE AND
AUTOMATION
• Self-service profile, credential, and group
management
• Password and PIN reset from Windows login
• Group management from within Microsoft
Office
• Single identity across heterogeneous
applications
Empower IT
• End-to-end, workflow-driven user provisioning
• Policy-controlled self-service capabilities
• Automatic, attribute-based group membership
for simplified resource access
“
Source: Windows identity management tools move closer to completion. Tech Target, November 2008. http://searchwinit.techtarget.com/news/article/0,289142,sid1_gci1337386,00.html
Identity Management
User provisioning
•
•
•
•
Policy-based identity lifecycle management system
Built-in workflow for identity management
Automatically synchronize all user information to different directories across the enterprise
Automates the process of on-boarding users
Active
Directory
Lotus
Domino
Workflow
User Enrollment
LDAP
HR System
FIM
SQL
Server
Approval
Oracle DB
User provisioned on all allowed systems
Manager
FIM CM
Identity Management
User de-provisioning
• Automated user de-provisioning
• Built-in workflow for identity management
• Real-time de-provisioning from all systems to prevent unauthorized access and information leakage
Active
Directory
Lotus
Domino
Workflow
User de-provisioned
LDAP
HR System
FIM
SQL
Server
Oracle DB
FIM CM
User de-provisioned or disabled on all systems
Group Management
• Self-service group and distribution list management with the FIM 2010 Web portal
• Office integration allows users to manage group membership from within Microsoft Office Outlook®
for maximum productivity
• Enables users to use Outlook to manage approvals while they are offline
• Automatically add users to either group based on their employee type at the time they are provisioned to Active Directory
• Group and distribution list management, including dynamic membership calculation in these groups and distribution lists
based on user’s attributes
FIM Add-in for Outlook
SharePoint-Based Management Console
Self-Service Password Management
• Enables users to reset their own passwords through both Windows logon and FIM password reset portal
• Controls helpdesk costs by enabling end users to manage certain parts of their own identities
• Improves security and compliance with minimal errors while managing multiple identities and passwords
Active
Directory
User requests password
reset
Oracle
FIM Server
Passwords
updated
End User
SQL
Server
IBM DS
Reset Password
• FIM capabilities integrated with Windows logon
• Randomly selects a number of questions
LDAP
Demo
•
•
•
•
•
•
•
HR Onboarding
Provisioning / ZeroTouch
Password Self Service
Role Based Provisioning
User Self Service
Approvals Workflow
Deprovisioning