JeanPierre Simonis Data 3 Bruce Smith Data 3 MDC324A Overview Overview Identity Management What is it Who manages it Why do we need it What tools can we use Integration between FIM Orchestrator and Service Manager ID: 675209
Download Presentation The PPT/PDF document "Identity Management, Self Service and Or..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Identity Management, Self Service and Orchestration in the Data Centre
Jean-Pierre Simonis (Data#3)Bruce Smith (Data#3)
MDC324ASlide2
OverviewSlide3
Overview
Identity ManagementWhat is it?Who manages it?Why do we need it?What tools can we use?Integration between FIM, Orchestrator and Service Manager
Self-Service and Orchestration
Common Scenarios and Benefits
Cloud integration
QuestionsSlide4
Identity ManagementSlide5
What is it?Slide6
What is it?
Identity is a summary of information about a person, group or resource in which we wish to store data.
Identity
EXAMPLESlide7
What is it?
Identity management is a set of technologies intended to streamline the management of user identity information both inside and outside the enterprise, including: DirectoriesUser
provisioning
Password management
Federation
Enterprise
single
sign-on
Web access management and web single
sign-onSlide8
What is it?
Identity and access management is a shared platform with consistent processes for managing information about users: Who
they
are?
H
ow
they are
authenticated?
What
they can access?Slide9
Typical state of identity management today
Lots of manual process across different,
decentralised
systems
Cloud
Postini, Workday,
etc
Active Directory
Exchange
HR (PeopleSoft, SAP)
Application
Owner
Business
Manager
Users
IT Helpdesk
Administrator
Administrator
Financials
SharePoint
SalesSlide10
Multiple Identity stores
Modern organisations run a complex mix of IT infrastructure, including: Network operating systems, used to share files and printers. Application servers, running web servers, databases and similar software. Mainframe and midrange servers, typically hosting legacy applications.
Email
and other collaboration software.
User directories, publishing lists of users and other network objects.
Human resources, payroll and contractor management systems.
A variety of line-of-business applications.
Customer relationship management (CRM) and enterprise resource planning (ERP) applications.
Cloud applications
. Slide11
Different user types
Many kinds of users access these systems, including: EmployeesContractorsPartnersVendors
CustomersSlide12
Future state, centralised
identity management
Locate the logic in one place and automate it with many systems
Self Service Group Management
Self Service Password Reset
Improved Productivity
Workflow
Notifications
Approvals
Attestation and Reporting
Automated Provisioning
Automated De-provisioning
Account, Group and Mailbox Management
HR (PeopleSoft, SAP, Workday)
Cloud
Office365, Salesforce, ADP…
Administrators
Active Directory
Exchange
Application
Owners & Managers
Users
Identity
Management
On Premise
Database, Directories
& ApplicationsSlide13
Who manages it?Slide14
Who manages it?
As organisations deploy an ever wider array of IT infrastructure, their identity profiles and their security privileges on those systems becomes increasingly challenging
Identity LifecycleSlide15
Who manages it?
Identity Lifecycle
Human Resources
IT Operations
Managers
Security Operations
End UsersSlide16
Why do we need it?Slide17
Common Challenges
OnboardingDelays and productivity
Requests and approvals
Redundant administration
Manage
Delays
Change requests
Redundant administration
Support
Forgotten passwords
Intruder lockouts
Access denied errors
Offboarding
Reliable
Complete
TimelySlide18
Why do we need it?
BenefitsConsolidation of Identity data from different sourcesReduce IT operations overheadImprove user productivityImproved network security and compliance
Improved authorisation
and a
pproval
Attestation and reportingSlide19
What tools can we use?Slide20
What tools can we use?
PowerShell
.Net
Active Directory
with BHOLDSlide21
ExampleSlide22
What tools did we use?
Solution Components
Custom User Interface
FIM 2010 R2 SP1
FIM Custom Activity (
.Net
)
Orchestrator 2012 SP1
Service Manager 2012 SP1
PowerShellSlide23
What does it do?
Custom user interface
FIM Service
FIM Custom activity
Orchestrator
PowerShell/Orchestrator activities
Service Manager data warehouse
Self-service orchestration for onsite support staff
to provide role based
administration activities.
Benefits
Reduced operational cost
Improved security
Increased visibility
ExtensibleSlide24
Why did we choose this platform?
Leveraged existing skill sets
Supportable and extensible
Centralised
Auditable
Consolidated end to end reportingSlide25
Zero Touch Provisioning Operation
Bruce SmithSlide26
IntegrationSlide27
Integration
Web Services APIFIMOrchestrator
Service Manager
Orchestrator
Runbooks
PowerShell
.Net
Runbook
standard activities
Orchestrator integration packs
FIM Management Agents
Active Directory
Active Directory LDS
SQL
File
Notes
Azure
ECMA 2.0
Web Services… and more
FIM Custom Activities
Custom Workflow
F
oundation activitiesSlide28
IntegrationSlide29
Development and Integration
Bruce SmithSlide30
Self-Service and OrchestrationSlide31
Common ScenariosSlide32
Common Scenarios
New employee
Employee changes position
Provision additional employee services
Self-Service Password reset
Employee leavesSlide33
Self-Service and Orchestration common scenarios
Bruce SmithSlide34
Cloud integrationSlide35
Cloud Integration
Solution Components
FIM Azure Management Agent
Azure Active Directory
Active Directory Federation Services
Orchestrator 2012 SP1
Azure/Office 365
DirSync
PowerShellSlide36
Cloud Integration
Azure Single Sign-on for Cloud applications
http://technet.microsoft.com/en-us/library/dn308588.aspxSlide37
Cloud Integration
Azure Single Sign-on for custom applications
http://msdn.microsoft.com/en-us/library/windowsazure/dn151790.aspxSlide38
QuestionsSlide39
Related content
MDC324B: Service Manager and Orchestrator, the perfect partnership
ATC334: The Identity Jigsaw
ATC421: FIM2010 R2: Custom Workflow
Activities
Find Us Later in the Expo HallSlide40
Developer Network
Resources for Developers
http://
msdn.microsoft.com
/en-au/
Learning
Virtual Academy
http://www.microsoftvirtualacademy.com/
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/
TechEd
/Australia/2013
Resources for IT Professionals
http://technet.microsoft.com/en-au/Slide41
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.