methodologies and tools to make user self service a reality
DESCRIPTION
Presentation given to AusCERT 2010. Goals for improving service delivery and security by enabling self-service.TRANSCRIPT
Paul Conroy – Identity & Access Technology Specialist
Methodologies & Tools to make user self service a reality
AusCERT2010
Speaker Presentation
Agenda
Business Challenges
Meta-directory concepts
User Self Service Scenarios
Automated provisioning
Attribute change
User self service password reset
Deprovisioning
Summary
Resources
Increased volume
Greater sophistication
Profit motivated
Increased regulatory and compliance pressure
More connectivity and collaboration
Greater need for identity-based protection and
access
Greater IT choice; lower budgets
Business Landscape Product proliferation
Lack of integration
High cost of ownership
Business Challenges
Threats Current Solutions
Security not aligned to business needs and new opportunities
• Deliver results in achievable increments
• Centralised source for auditors
• Credential Management
• Enhanced User Experience – Includes self-service password reset
• Account Provisioning and Access Request
Empower
People
Deliver
Agility and
Efficiency
Increase
Security and
Compliance
Goals of an Identity Management project
Methodologies for Identity Management
Directory Synchronisation
Automated Provisioning
Self Service Management of :-
Groups/Distribution Lists
Attributes
Passwords
Delegated Administration (e.g. for approvals)
Meta Directory Concept
Meta-directory
MAINFRAME
FINANCE
APPLICATION
FINANCE
PORTAL
iPLANET
SMART
CARD
EXCHANGE
ACTIVE
DIRECTORY
Methodologies for Identity Management
Directory Synchronisation
Automated Provisioning
Self Service Management of :-
Groups/Distribution Lists
Attributes
Passwords
Delegated Administration (e.g. for approvals)
New Employee Scenario
Meta-directory
MAINFRAME
FINANCE
APPLICATION
FINANCE
PORTAL
iPLANET
SMART
CARD
EXCHANGE
ACTIVE
DIRECTORY
HR SYSTEM
Given Name Melissa
Surname Meyers
Title Analyst
Department Finance
EmployeeID 122145
Employee ty Full Time
PROVISIONING
POLICY APPLIED
MANAGER
APPROVAL
MANAGER
APPROVAL
Given Name Melissa
Surname Meyers
Title Analyst
Department Finance
EmployeeID 122145
Employee ty Full Time
Given Name Melissa
Surname Meyers
Title Analyst
Department Finance
EmployeeID 122145
Employee ty Full Time
emailmmeyers@
contoso.com
Methodologies for Identity Management
Directory Synchronisation
Automated Provisioning
Self Service Management of :-
Groups/Distribution Lists
Attributes
Passwords
Delegated Administration (e.g. for approvals)
iPLANET
Password Reset And Synchronisation
Meta-directory
FINANCE
APPLICATION
FINANCE
PORTAL
ACTIVE
DIRECTORY
WINDOWS
MACHINE
PASSWORD
SYCHRONISATION
MELISSA
Given Name Melissa
Surname Meyers
Title
Group
Marketing
Manager
Department Marketing
EmployeeID 122145
Employee ty Full Time
emailmmeyers@
contoso.com
Attribute Management
Meta-directory
MAINFRAME
FINANCE
APPLICATION
FINANCE
PORTAL
iPLANET
SMART
CARD
HR SYSTEM
Given Name Melissa
Surname Meyers
Title
Group
Marketing
Manager
Department Marketing
EmployeeID 122145
Employee ty Full Time
emailmmeyers@
contoso.comPROVISIONING
POLICY APPLIED
MARKETING
APPLICATION
MARKETING
PORTAL
Given Name Melissa
Surname Meyers
Title Analyst
Department Finance
EmployeeID 122145
Employee ty Full Time
emailmmeyers@
contoso.com
EXCHANGE
ACTIVE
DIRECTORY
Methodologies for Identity Management
Directory Synchronisation
Automated Provisioning
Self Service Management of :-
Groups/Distribution Lists
Attributes
Passwords
Delegated Administration (e.g. for approvals)
• Deliver results in achievable increments
• Centralised source for auditors
• Credential Management
• Enhanced User Experience – Includes self-service password reset
• Account Provisioning and Access Request
Empower
People
Deliver
Agility and
Efficiency
Increase
Security and
Compliance
Summary
Resources
Learn About Identity and Access (IDA)
www.microsoft.com/IDA