identity and access management overview
TRANSCRIPT
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 1/53
Identity and Access Management:Identity and Access Management:
OverviewOverview
Rafal LukawieckiRafal Lukawiecki
Strategic Consultant, Project Botticelli LtdStrategic Consultant, Project Botticelli Ltd
[email protected]@projectbotticelli.co.uk
www.projectbotticelli.co.ukwww.projectbotticelli.co.uk
Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify allCopyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all
information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field ininformation before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field inFile/Properties. This presentation is based on work of many authors from Microsoft, Oxford Computer Group and other companies. Please see the “Introductions”File/Properties. This presentation is based on work of many authors from Microsoft, Oxford Computer Group and other companies. Please see the “Introductions”
presentation for acknowledgments.presentation for acknowledgments.
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 2/53
22
ObjectivesObjectives
Build a good conceptual background to enableBuild a good conceptual background to enable
later technical discussions of the subjectlater technical discussions of the subject
Overview the problems and opportunities in theOverview the problems and opportunities in the
field of identity and access managementfield of identity and access management
Introduce terminologyIntroduce terminology
Highlight a possible future directionHighlight a possible future direction
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 3/53
33
Session AgendaSession Agenda
Identity Problem of TodayIdentity Problem of Today
Identity Laws and MetasystemIdentity Laws and Metasystem
Components and TerminologyComponents and TerminologyRoadmapRoadmap
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 4/53
44
Identity Problem of Today
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 5/53
55
Universal Identity?Universal Identity?
Internet was build so that communications areInternet was build so that communications are
anonymousanonymous
In-house networks use multiple, often mutually-In-house networks use multiple, often mutually-
incompatible, proprietary identity systemsincompatible, proprietary identity systems
Users are incapable of handling multipleUsers are incapable of handling multiple
identitiesidentities
Criminals love to exploit this messCriminals love to exploit this mess
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 6/53
66
Explosion of IDsExplosion of IDs
Pre 1980’sPre 1980’s 1980’s1980’s 1990’s1990’s 2000’s2000’s
# of
Digital IDs
Time
A
p p l i c
a t i o
n s
MainframeMainframe
Client
Server Client Server
InternetInternet
BusinessBusiness
AutomationAutomationCompanyCompany
(B2E)(B2E)
PartnersPartners
(B2B)(B2B)
CustomersCustomers
(B2C)(B2C)
MobilityMobility
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 7/53
77
The Disconnected RealityThe Disconnected Reality
““Identity Chaos”Identity Chaos”
Lots of users and systems required to do businessLots of users and systems required to do business
Multiple repositories of identity information; Multiple user IDs, multiple passwordsMultiple repositories of identity information; Multiple user IDs, multiple passwords
Decentralized management, ad hoc data sharingDecentralized management, ad hoc data sharing
Enterprise Directory
HRHR
SystemSystem
InfraInfraApplicationApplication
LotusLotusNotes AppsNotes Apps
In-HouseIn-HouseApplicationApplication
COTSCOTSApplicationApplication
NOSNOS
In-HouseIn-HouseApplicationApplication
•Authentication•Authorization•IdentityData
•Authentication•Authorization•IdentityData
•Authentication•Authorization•IdentityData
•Authenticati
on•Authorization•IdentityData
•Authorization•IdentityData
•Authentication
•Authentication•Authorization•IdentityData
•Authentication•Authorization•IdentityData
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 8/53
88
Your COMPANY and
your EMPLOYEES
Your SUPPLIERS
Your PARTNERSYour REMOTE and
VIRTUAL EMPLOYEES
Your CUSTOMERS
Customer satisfaction & customer intimacy
Cost competitivenessReach, personalization
CollaborationOutsourcing
Faster business cycles;
process automation
Value chain
M&A
Mobile/global workforce
Flexible/temp workforce
Multiple ContextsMultiple Contexts
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 9/53
99
Trends Impacting IdentityTrends Impacting Identity
Increasing Threat LandscapeIdentity theft costs banks and credit card issuers $1.2 billion in 1 yr $250 billion lost in 2004 from exposure of confidential info
Maintenance Costs Dominate IT Budget On average employees need access to 16 apps and systemsCompanies spend $20-30 per user per year for PW resets
Deeper Line of Business Automation and
IntegrationOne half of all enterprises have SOA under developmentWeb services spending growing 45% CAGR
Rising Tide of Regulation and ComplianceSOX, HIPAA, GLB, Basel II, 21 CFR Part 11, …$15.5 billion spend in 2005 on compliance (analyst estimate)
Data Sources: Gartner, AMR Research, IDC, eMarketer, U.S. Department. of Justice
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 10/53
1010
BusinessOwner
End User IT Admin Developer Security/
Compliance
Too expensive to
reach newpartners, channels
Need for control
Too manypasswords
Long waits for access toapps,resources
Too many user stores and
account admin requestsUnsafe sync scripts
Pain PointsPain Points
Redundantcode in eachapp
Rework codetoo often
Too many
orphanedaccounts
Limited auditingability
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 11/53
1111
Possible SavingsPossible Savings
Directory SynchronizationDirectory Synchronization
“ “ Improved updating of user data: $185 per user/year” Improved updating of user data: $185 per user/year”
“ “ Improved list management: $800 per list” Improved list management: $800 per list”
- Giga Information Group- Giga Information Group
Password ManagementPassword Management
“ “ Password reset costs range from $51 (best case) to $147 (worst Password reset costs range from $51 (best case) to $147 (worst
case) for labor alone.” –case) for labor alone.” – Gartner Gartner
User ProvisioningUser Provisioning
“ “ Improved IT efficiency: $70,000 per year per 1,000 managed users” Improved IT efficiency: $70,000 per year per 1,000 managed users”
“ “ Reduced help desk costs: $75 per user per year” Reduced help desk costs: $75 per user per year”
- Giga Information Group- Giga Information Group
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 12/53
1212
Can We Just Ignore It All?Can We Just Ignore It All?
Today, average corporate user spends 16 minutes a dayToday, average corporate user spends 16 minutes a daylogging onlogging on
A typical home user maintains 12-18 identitiesA typical home user maintains 12-18 identities
Number of phishing and pharming sites grew over Number of phishing and pharming sites grew over 1600% over the past year 1600% over the past year
Corporate IT Ops manage an average of 73 applicationsCorporate IT Ops manage an average of 73 applicationsand 46 suppliers, often with individual directoriesand 46 suppliers, often with individual directories
Regulators are becoming stricter about compliance andRegulators are becoming stricter about compliance andauditingauditing
Orphaned accounts and identities lead to securityOrphaned accounts and identities lead to securityproblemsproblems
Source: Microsoft’s internal research and Anti-phishing Working Group Feb 2005
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 13/53
1313
One or Two Solutions?One or Two Solutions?
Better Option:Better Option:
Build a global, universal, federated identity metasystemBuild a global, universal, federated identity metasystem
Will take years…Will take years…
Quicker Option:Quicker Option:Build an in-house, federated identity metasystem based onBuild an in-house, federated identity metasystem based on
standardsstandards
Federate it to others, system-by-systemFederate it to others, system-by-system
But: both solutions could share the same conceptualBut: both solutions could share the same conceptual
basisbasis
14
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 14/53
1414
Identity Laws andMetasystem
115
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 15/53
1515
Lessons from PassportLessons from Passport
Passport designed to solve two problemsPassport designed to solve two problems
Identity provider for MSNIdentity provider for MSN
250M+ users, 1 billion logons per day250M+ users, 1 billion logons per day
Significant successSignificant success
Identity provider for the InternetIdentity provider for the InternetUnsuccessful:Unsuccessful:
Not trusted “outside context”Not trusted “outside context”
Not generic enoughNot generic enough
Meant giving up control over identity managementMeant giving up control over identity management
Cannot re-write apps to use a central systemCannot re-write apps to use a central system
Learning: solution must be different thanLearning: solution must be different thanPassportPassport
1616
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 16/53
1616
Idea of an Identity MetasystemIdea of an Identity Metasystem
Not an IdentityNot an Identity SystemSystem
Agreement on metadata and protocols, allowingAgreement on metadata and protocols, allowing
multiple identity providers and brokersmultiple identity providers and brokers
Based on open standardsBased on open standards
Supported by multiple technologies andSupported by multiple technologies and
platformsplatforms
Adhering to Laws of IdentityAdhering to Laws of Identity
With full respect of privacy needsWith full respect of privacy needs
1717
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 17/53
1717
Roles Within Identity MetasystemRoles Within Identity Metasystem
Identity ProvidersIdentity Providers
Organisations, governments, even end-usersOrganisations, governments, even end-users
They provideThey provide Identity ClaimsIdentity Claims about aabout a SubjectSubject
Name, vehicles allowed to drive, age, etc.Name, vehicles allowed to drive, age, etc.
Relying PartiesRelying Parties
Online services or sites, doors, etc.Online services or sites, doors, etc.
SubjectsSubjects
Individuals and other bodies that need its identityIndividuals and other bodies that need its identity
establishedestablished
1818
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 18/53
1818
Metasystem PlayersMetasystem Players
Relying PartiesRelying PartiesRequire identitiesRequire identities
SubjectsSubjectsIndividuals and other Individuals and other entities about whomentities about whom
claims are madeclaims are made
IdentityIdentityProvidersProviders
Issue identitiesIssue identities
1919
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 19/53
1919
Identity Metasystem TodayIdentity Metasystem Today
Basically, the set of WS-* Security Guidelines asBasically, the set of WS-* Security Guidelines as
we have itwe have it
PlusPlus
Software that implements the servicesSoftware that implements the services
Microsoft and many others working on itMicrosoft and many others working on it
Companies that would use itCompanies that would use it
Still to come, but early adopters existStill to come, but early adopters exist
End-users that would trust itEnd-users that would trust it
Will take timeWill take time
2020
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 20/53
2020
Identity LawsIdentity Lawswww.identityblog.comwww.identityblog.com
1.1. User Control and ConsentUser Control and Consent
2.2. Minimal Disclosure for a Constrained UseMinimal Disclosure for a Constrained Use
3.3. Justifiable PartiesJustifiable Parties4.4. Directed IdentityDirected Identity
5.5. Pluralism of Operators and TechnologiesPluralism of Operators and Technologies
6.6. Human IntegrationHuman Integration
7.7. Consistent Experience Across ContextsConsistent Experience Across Contexts
2121
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 21/53
2121
Enterprise ApplicabilityEnterprise Applicability
That proposed metasystem would work wellThat proposed metasystem would work well
inside a corporationinside a corporation
Of course, we need a solution before it becomesOf course, we need a solution before it becomes
a realitya reality
Following the principles seems a good ideaFollowing the principles seems a good idea
while planning immediate solutionswhile planning immediate solutions
Organic growth likely to lead to an identityOrganic growth likely to lead to an identity
metasystem in long termmetasystem in long term
2222
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 22/53
2222
Enterprise TrendsEnterprise Trends
Kerberos isKerberos is very useful very useful but increasingly it does not spanbut increasingly it does not span
disconnected identity forests and technologies easilydisconnected identity forests and technologies easily
We are moving away fromWe are moving away from static static Groups and traditionalGroups and traditional
ACLs…ACLs…Increasingly limited and difficult to manage on large scalesIncreasingly limited and difficult to manage on large scales
……towards atowards a dynamic dynamic combination of:combination of:
Role-Based Access Management, and,Role-Based Access Management, and,
Rich Claims AuthorizationRich Claims Authorization
PKI is still too restrictive, but it is clearly a component of PKI is still too restrictive, but it is clearly a component of
a possible solutiona possible solution
2323
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 23/53
2323
Components andTerminology
2424
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 24/53
2424
What is Identity Management?What is Identity Management?
P r ov isioningP r ov isioning
S i n g l e S i g n
S i n g l e S i g
n
O n O n
PKIPKI
S t r o n g S t r o n g
A u t h e n t i c a t
i o nA u t h e
n t i c a t i o n
F e d e r a t i o n
F e d e r a t i o n
D i r e c t o
r i e s
D i r e c t o
r i e s
AuthorizationAuthorization
Secure Remote Secure Remote AccessAccess
P a s s w o r d
P a s s w o r d
M a n a g e m e
n t M a n a
g e m e n t
Web ServicesWeb ServicesSecuritySecurity
A u d i t i n
g &
A u d i t i n
g &
R e p o r t i n g R e p o r t i n g
RoleRoleManagement Management
DigitalDigital
Rights Rights
ManagementManagement
2525
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 25/53
2525
Identity and Access ManagementIdentity and Access Management
The process of authenticating credentials andThe process of authenticating credentials andcontrolling access to networked resourcescontrolling access to networked resourcesbased on trust and identitybased on trust and identity
Repositories for storing and managingRepositories for storing and managingaccounts, identity information, andaccounts, identity information, andsecurity credentialssecurity credentials
The processes used to create and deleteThe processes used to create and deleteaccounts, manage account and entitlementaccounts, manage account and entitlementchanges, and track policy compliancechanges, and track policy compliance
Directory Services
AccessManagement
Identity Lifecycle
Management
A system of procedures, policies andtechnologies to manage the lifecycle
and entitlements of electronic
credentials
2626
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 26/53
2626
Remember the Chaos?Remember the Chaos?
Enterprise Directory
HRHRSystemSystem
InfraInfraApplicationApplication
LotusLotus
Notes AppsNotes Apps
In-HouseIn-HouseApplicationApplication
COTSCOTSApplicationApplication
NOSNOS
In-HouseIn-HouseApplicationApplication
•Authentication•Authorization•IdentityData
•Authenticati
on•Authorization•IdentityData
•Authentication•Authorization•IdentityData
•Authentication•Authorization•IdentityData
•Authorizatio
n•IdentityData
•Authentication
•Authentication•Authorization•IdentityData
•Authentication•Authorization•IdentityData
2727
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 27/53
2727
Identity IntegrationIdentity Integration
HRHRSystemSystem
InfraInfraApplicationApplication
LotusLotus
Notes AppsNotes Apps
In-HouseIn-HouseApplicationApplication
COTSCOTSApplicationApplication
StudentStudentAdminAdmin
In-HouseIn-HouseApplicationApplication
•Authentication•Authorization•IdentityData
•Authenticati
on•Authorization•IdentityData
•Authentication•Authorization•IdentityData
•Authentication•Authorization•IdentityData
•Authorizatio
n•IdentityData
•Authentication
•Authentication•Authorization•IdentityData
•Authentication•Authorization•IdentityData
I d e n t i t
y
I n t e g
r a t i o n
S e r v e
r
I d e
n t i t
y
I n t e g
r a t i o n
S e r v e
r
Enterprise Directory
2828
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 28/53
2828
IAM BenefitsIAM Benefits
Benefits to takeyou forward
(Strategic)
Benefits today(Tactical)
Save money and improve operationalSave money and improve operationalefficiencyefficiency
Improved time to deliver applicationsImproved time to deliver applicationsand serviceand service
Enhance SecurityEnhance Security
Regulatory Compliance and AuditRegulatory Compliance and Audit
New ways of workingNew ways of working
Improved time to marketImproved time to market
Closer Supplier, Customer,Closer Supplier, Customer,Partner and EmployeePartner and Employeerelationshipsrelationships
2929
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 29/53
29
Some Basic DefinitionsSome Basic Definitions
Authentication (AuthN)Authentication (AuthN)
Verification of a subject’s identity by means of relying on aVerification of a subject’s identity by means of relying on aprovided claimprovided claim
IdentificationIdentification is sometimes seen as a preliminary step of is sometimes seen as a preliminary step of
authenticationauthenticationCollection of untrusted (as yet) information about a subject, such asCollection of untrusted (as yet) information about a subject, such asan identity claiman identity claim
Authorization (AuthZ)Authorization (AuthZ)
Deciding what actions, rights or privileges can the subject beDeciding what actions, rights or privileges can the subject be
allowedallowed
Trend towards separation of those twoTrend towards separation of those two
Or even of all three, if biometrics are usedOr even of all three, if biometrics are used
3030
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 30/53
Components of IAMComponents of IAM
AdministrationAdministration
User ManagementUser Management
Password ManagementPassword Management
WorkflowWorkflow
DelegationDelegation
Access ManagementAccess Management
AuthenticationAuthentication
AuthorizationAuthorization
Identity ManagementIdentity ManagementAccount ProvisioningAccount Provisioning
Account DeprovisioningAccount Deprovisioning
SynchronisationSynchronisation Reliable Identity Data
A d
m i n
i s t
r a
t i o
n
A u t h
o r
i z a
t i o
n
A u
t h
e n
t i c
a t i o
n
3131
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 31/53
IAM ArchitectureIAM Architecture
3232
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 32/53
Roadmap
3333
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 33/53
Microsoft’s Identity ManagementMicrosoft’s Identity Management
PKI / CAPKI / CA
Extended DirectoryExtended DirectoryServicesServices
ActiveActive
Directory & ADAMDirectory & ADAM
EnterpriseEnterpriseSingle Sign OnSingle Sign On
AuthorizationAuthorization
Manager Manager
Active DirectoryActive Directory
Federation ServicesFederation Services
Audit CollectionAudit CollectionServicesServices
BizTalkBizTalk
Identity IntegrationIdentity Integration
Server Server
ISAISA
Server Server SQL Server SQL Server
ReportingReporting
Services for Unix /Services for Unix /
Services for NetwareServices for Netware
Directory (Store)Directory (Store)ServicesServices
AccessAccessManagementManagement
IdentityIdentityLifecycleLifecycle
ManagementManagement
3434
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 34/53
Components of a Microsoft-based IAMComponents of a Microsoft-based IAMInfrastructure Directory Active Directory
Application Directory AD/AM (LDAP)Lifecycle Management MIIS
Workflow BizTalk, Partner Solutions (Ultimus BPM, SAP)
Role-Based Access Control Authorization Manager or Partner Solutions(ex: OCG, RSA) and traditional approaches
Directory & PasswordSynchronization
MIIS & Partner solutions
SSO (Intranet) Kerberos/NTLM, Vintela/Centrify
Enterprise SSO (Intranet) Sharepoint ESSO, BizTalk ESSO, HIS ESSO
Strong Authentication SmartCards, CA/PKI, Partner (eg. RSA – SecurID,MCLMS, WizeKey)
Web SSO ADFS, Partner (eg. RSA – ClearTrust)
Integration of UNIX/Novell SFU, SFN, Partner (eg. Vintella/Centrify)
Federation ADFS
3535
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 35/53
Summary
3636
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 36/53
SummarySummary
We have reached an “Identity Crisis” both on theWe have reached an “Identity Crisis” both on the
intranet and the Internetintranet and the Internet
Identity Metasystem suggests a unifying wayIdentity Metasystem suggests a unifying way
forwardforward
Meanwhile, Identity and Access ManagementMeanwhile, Identity and Access Management
systems need to be built so enterprises cansystems need to be built so enterprises can
benefit immediatelybenefit immediatelyMicrosoft is rapidly becoming a strong provider Microsoft is rapidly becoming a strong provider
of IAM technologies and IM visionof IAM technologies and IM vision
www.microsoft.com/www.microsoft.com/idmidm && www.microsoft.com/www.microsoft.com/itsshowtimeitsshowtime && www.microsoft.com/www.microsoft.com/technettechnet
3737
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 37/53
Special ThanksSpecial ThanksThis seminar was prepared with the help of:This seminar was prepared with the help of:
Oxford Computer Group LtdOxford Computer Group Ltd
Expertise in Identity and AccessExpertise in Identity and AccessManagement (Microsoft Partner)Management (Microsoft Partner)
IT Service Delivery and TrainingIT Service Delivery and Training
www.oxfordcomputergroup.comwww.oxfordcomputergroup.com
MicrosoftMicrosoft, with special thanks to:, with special thanks to:
Daniel Meyer – thanks for Daniel Meyer – thanks for many many slidesslides
Steven Adler, Ronny Bjones, OlgaSteven Adler, Ronny Bjones, OlgaLonder – planning and reviewingLonder – planning and reviewing
Philippe Lemmens, Detlef Eckert –Philippe Lemmens, Detlef Eckert –SponsorshipSponsorship
Bas Paumen & NGN - feedbackBas Paumen & NGN - feedback
3838
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 38/53
Appendix
3939
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 39/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Managemen
t
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectoryServicesServices
4040
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 40/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Managemen
t
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectoryServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDM
Workflow
Auditing &
Reporting
Policy
Management
EnterpriseRole-Man.
EnterpriseUser-Man.
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend Services
4141
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 41/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Managemen
t
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectoryServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDM
Workflow
Auditing &
Reporting
Policy
Management
EnterpriseRole-Man.
EnterpriseUser-Man.
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend Services
WebSSO
Federated
SSO
Unix/LinuxSSO
HostSSO
RemoteAccess
AccessAudit&Rep
Access ServicesAccess Services
4242
f
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 42/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
WebSSO
FederatedSSO
Unix/Linux
SSO
HostSSO
RemoteAccess
AccessAudit&Rep
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
4343
Id i M Pl f
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 43/53
Identity Management PlatformIdentity Management Platform
User Management
InfrastructureManagement
NetworkSecurity
AccessControl
NetworkManagement
ServiceManagement
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
WebSSO
FederatedSSO
Unix/Linux
SSO
HostSSO
RemoteAccess
AccessAudit&Rep
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest /Centrify
4444
Id tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 44/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
WebSSO
FederatedSSO
Unix/Linux
SSO
HostSSO
RemoteAccess
AccessAudit&Rep
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
4545
Id i M Pl fId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 45/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
Unix/Linux
SSO
HostSSO
RemoteAccess
AccessAudit&Rep
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
ActiveDirectory
FederationServer
4646
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 46/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
HostSSO
RemoteAccess
AccessAudit&Rep
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
ActiveDirectory
FederationServer
Quest/Centrify
4747
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 47/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
AccessAudit&Rep
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
ActiveDirectory
FederationServer
Quest/Centrify
HIS & ESSO
ISAServer
4848
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 48/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
ActiveDirectory
FederationServer
Quest/Centrify
HIS & ESSO
ISAServer
MOM& ACS
4949
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 49/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
t
CertificateManagement
InformationRights
Mgmt.
Extended Directory ServicesExtended Directory Services
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
ActiveDirectory
FederationServer
Quest/Centrify
HIS & ESSO
ISAServer
MOM& ACS
InfoCard
5050
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 50/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.
AutomatedProvisioning
PasswordManagemen
t
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.
EnterpriseUser-Man.
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
ActiveDirectory
FederationServer
Quest/Centrify
HIS & ESSO
ISAServer
MOM& ACS
InfoCard MS
AlacrisWindows
PKIRMS
Server
Extended Directory ServicesExtended Directory Services
5151
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 51/53
Identity Management PlatformIdentity Management Platform
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
Quest/Centri
fy
SharepointActive
DirectoryFederation
Server
Quest/Centrify
ISAServer
MOM& ACS
HIS/ESSO
MSAlacris
WindowsPKI
RMSServer
Extended Directory ServicesExtended Directory ServicesInfoCard
IISAzMan
SQL-Server BizTalk
5252
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 52/53
Identity Management PlatformIdentity Management Platform
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
Quest/Centri
fy
bHoldActive
DirectoryFederation
Server
Quest/Centrify
ISAServer
MOM& ACS
HIS/ESSO
MSAlacris
WindowsPKI
RMSServer
Extended Directory ServicesExtended Directory ServicesInfoCard
FastPassAVAC
Quest Ultimus
5353
Id tit M t Pl tfId tit M t Pl tf
8/8/2019 Identity and Access Management Overview
http://slidepdf.com/reader/full/identity-and-access-management-overview 53/53
Identity Management PlatformIdentity Management Platform
UserManagement
Infrastructure
Management
Network Security
AccessControl
Network Management
ServiceManagemen
t
DirectoryDirectory
ServicesServices
AutomatedSynch.AutomatedProvisioning PasswordManagement
Self-ServiceInterface
IDMWorkflow
Auditing &Reporting
PolicyManagemen
t
EnterpriseRole-Man.EnterpriseUser-Man.
RemoteAccess
AccessAudit&Rep
ProvisioningProvisioning
ServicesServices
Frontend ServicesFrontend ServicesAccess ServicesAccess Services
SmardcardManagemen
CertificateManagement
InformationRights
Extended Directory ServicesExtended Directory ServicesDesktopIDM Env.
Windows Server
(Active Directory/ADAM,PKI, AzMan)
DirectoryDirectory
ServicesServices
Quest/
Centrify
Microsoft Identity IntegrationServer
Provisioning & Password Management ServicesProvisioning & Password Management Services
ActiveDirectory
FederationServer
Quest/Centrify
HIS & ESSO