Session 1: Identity and Access Management - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Session 1: Identity and Access Management

Description:

... and Access Management. Kim Mikkelsen. Senior Technology Specialist ... Extranet access management. Managing Digital Identities: What Are the Challenges? ... – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 38
Provided by: profile4
Category:

less

Transcript and Presenter's Notes

Title: Session 1: Identity and Access Management


1
Session 1 Identity and Access Management
  • Kim Mikkelsen
  • Senior Technology Specialist
  • Microsoft

2
Session Overview
  • Overview of Identity and Access Management
    Concepts
  • Identity Management
  • Intranet Access Management
  • Extranet Access Management

3
Overview of Identity and Access Management
Concepts
  • Overview of Identity and Access Management
    Concepts
  • Identity Management
  • Intranet Access Management
  • Extranet Access Management

4
Managing Digital Identities What Are the
Challenges?
Challenges to managing digital identities include
  • Multiple identity stores
  • Intranet access management
  • Extranet access management

5
What Is Identity and Access Management?
Identity Life CycleManagement
Access Management
Directory Services
Application Integration
6
How Can Identity and Access Management Reduce
Directory Management Effort?
Initiatives that reduce directory management
effort include
  • Automating provisioning and deprovisioning
  • Implementing identity aggregation and
    synchronization
  • Establishing directory service and security
    standards
  • Establishing software development and
    procurement standards
  • Reducing TCO

7
How Can Identity and Access Management Simplify
the End User Experience?
Initiatives that simplify the end user experience
include
  • Consolidating identity stores
  • Improving password management
  • Enabling SSO
  • Improving access for employees, customers, and
    partners

8
How Can Identity and Access Management Increase
Security?
Initiatives that increase security include
  • Establishing security and access policies
  • Improving password management
  • Strengthening authentication mechanisms
  • Establishing security audit policy
  • Developing identity-aware applications

9
Understanding Identity and Access Management
Technologies
10
Identity Management
  • Overview of Identity and Access Management
    Concepts
  • Identity Management
  • Intranet Access Management
  • Extranet Access Management

11
Managing Identities What Are the Challenges?
Challenges related to managing multiple identity
stores include
  • Management costs
  • Employee productivity
  • Security
  • Customer service and supply chain integration

12
Understanding the Identity Life Cycle
13
Managing Identity Integration
Approaches to managing identity integration among
directory stores include
  • Manual administration
  • Custom scripts
  • Integration services
  • Identity integration products

14
Understanding Identity Integration Products and
Services
You can implement identity integration by using a
number of identity integration products and
services
  • Identity Integration Feature Pack
  • Microsoft Identity Integration Server 2003
  • Services for UNIX
  • Services for NetWare
  • Host Integration Server
  • Active Directory Connector
  • Active Directory to ADAM Synchronizer

15
Using the Identity Integration Feature Pack to
Manage Identities
IIFP is a free product that provides connections
to only the following directories and e-mail
applications
  • Active Directory for Windows 2000 Server and
    later
  • Active Directory Application Mode (ADAM)
  • GAL synchronization for Exchange 2000 Server and
    Exchange Server 2003

16
Using Microsoft Identity Integration Server to
Manage Identities
MIIS 2003 provides the following set of features
Identity aggregation and synchronization
  • Support for over 20 repositories
  • Provides a single enterprise view of a user
  • Uses SQL Server as the information repository

Account provisioning
  • Automated account creation/deletion
  • Group distribution list management
  • Workflow
  • Password management

17
Understanding Identity Integration Using MIIS
  • Synchronizes multiple repositories
  • Agentless connection to other systems
  • Attribute level control
  • Manage global address lists
  • Automate group and DL management

Intranet Active Directory
Sun ONE Directory
Extranet Active Directory
Legend CSConnector Space MAManagement
Agent MVMetaverse
MIIS 2003
Lotus Notes
18
Implementing Account Provisioning
Typical ways of implementing account provisioning
include
  • HR-driven provisioning
  • Web-driven provisioning
  • Complex workflow provisioning using Microsoft
    BizTalk Server 2004 orchestration

19
Managing Passwords
MIIS 2003 provides the ability to manage
passwords through
  • Help desk reset
  • Windows-initiated changes
  • Web-initiated changes
  • Other systeminitiated changes through
    non-Microsoft software

20
Identity Management Best Practices
Define all business rules before implementation
ü
Determine service-level agreements
ü
Identify all existing systems or processes that
might conflict with identity synchronization
ü
Train development and support staff
ü
Plan for custom code development
ü
Implement a disaster recovery plan and secure the
MIIS service accounts
ü
21
Intranet Access Management
  • Identity and Access Management Concepts
  • Identity Management
  • Intranet Access Management
  • Extranet Access Management

22
Intranet Access Management What Are the
Challenges?
Common business challenges related to intranet
access management include
  • No single sign-on capabilities
  • A higher number of password reset requests
  • Multiple, inconsistent approaches to security
    services

23
Approaches to Single Sign-on
Approaches to single sign-on, in order of
preference, include
  • Application integration with Windows security
    services
  • Platform integration with Windows directory and
    security services
  • Application integration with Windows directory
    services
  • Indirect integration through credential mapping
  • Synchronized accounts and passwords

24
Implementing Single Sign-on
Approaches to implementing single sign-on include
  • Desktop-integrated SSO
  • Web SSO
  • Credential mapping, or Enterprise SSO

25
Using Credential Manager
Credential Manager is used to save the users
credentials automatically and use them for future
access to a resource
Credential Manager supports the following types
of credentials
  • User name and password combinations
  • X.509 digital certificates
  • Microsoft Passport credentials

26
Understanding Windows Authorization Options
Windows Server 2003 supports a number of
authorization mechanisms
  • The Windows access control listbased
    impersonation model
  • Role-based authorization
  • ASP.NET authorization

27
Understanding Windows Server 2003 Authorization
Manager
Authorization Manager organizes users into
various roles within the application, as shown
Authorization Policy Store
Mary
Mary Manager
Bob
Role-based Access to Resources
Authorization Checked at Application Server
28
Extranet Access Management
  • Overview of Identity and Access Management
  • Identity Management
  • Intranet Access Management
  • Extranet Access Management

29
Extranet Access Management What Are the
Challenges?
Challenges related to extranet access management
include
  • Providing secure sessions over the Web
  • The need for a robust authentication and access
    control mechanism
  • The need for a common security model that
    includes authentication, Web SSO, authorization,
    and personalization

30
Identifying Extranet Considerations
Considerations that may affect your extranet
access management approach include
  • Virtual Private Network or Web SSO access
  • Directory service selection
  • Existing applications
  • Identity life-cycle management
  • Password security

31
Understanding Authentication Methods for Extranet
Access

Protocols used for extranet access include
  • SSL 3.0 and TLS 1.0
  • Passport authentication
  • Digest authentication
  • Forms-based authentication
  • Basic authentication

32
Understanding Authorization Techniques for
Extranet Access
Extranet authorization techniques can include the
following
  • ACL
  • RBAC

33
Using Trusts and Shadow Accounts for Extranet
Access
Alternatives to using trusts include
  • Using shadow accounts
  • Implementing public key infrastructure trusts
  • Using qualified subordination

34
Implementing Security Auditing
Use security auditing to monitor the following
services
  • Directory services
  • Authentication
  • Authorization

The following products and technologies can be
used for security auditing and reporting
  • Windows Security Event Log
  • WMI
  • MOM

35
Session Summary
36
Next Steps
  • Find additional security training events
  • http//www.microsoft.com/seminar/events/security.
    mspx
  • Sign up for security communications
  • http//www.microsoft.com/technet/security/signup/
    default.mspx
  • Order the Security Guidance Kit
  • http//www.microsoft.com/security/guidance/order/
    default.mspx
  • Get additional security tools and content
  • http//www.microsoft.com/security/guidance

37
Questions and Answers
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Session 1: Identity and Access Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!