Microsoft Identity and Access SolutionsMarket Trends and Futures

Jesus MartinIdentity and Access Lead, Middle East and Africa

Microsoft Corpjesusem@microsoft.com

• Provisioning/Deprovisioning• User/Profile Self Service• Group & Role Management• Password Self Service & Password

Management• Certificate Management• Two Factor Authentication• Federation• Enterprise SSO• Attestation & Certification• Privileged Account Management• Compliance & Auditing• Reporting

Identity and Access ManagementGartner states: By 2014, investments in IAM solutions will increase 60 percent to address regulatory compliance requirements

1

The Journey

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Identity Management is not anymore about

• Provisioning and Deprovisioning• Identity Synchronization• Deliver tools to IT to control and secure the

environmentThe Next Wave of Identity Management is aboutIt’s all about the app / Self Service Everything

Deliver IT as a ServiceWebshops/Service CatalogsEmpower the End Users and Business ManagersAnywhere Access on Any DeviceCompliance & AuditingROI/TCO

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Trends in Identity and Access

Identity and Access as a ServiceEnabling consumerization of IT

Streamlined pricing and complexity of on traditional Identity solutions

Identity and Access Governance

Federation management

Help customers extend enterprise identity to address control and governance of cloud adoption

Self Service Everything

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Market Trends ….. Futures ?

• Identity Management goal will be about simplifying the way we deliver services that IT provides to end users rather than delivering tools to IT departments.

• Business Managers will be able to deliver users access to business services without the need to contact IT

• End User Interfaces that can be used as a “Web Shop” will enable users to get access to data as easily as they can create a Dropbox/hotmail account

• Interfaces will be as easy to use as Facebook

• Will manage the Access to Internal / Cloud based Applications

• Any device / same user experience (Identity in the Cloud)

• Windows 8 will drive the future of Identity Management and Information Protection

User Management and Web Shop Self Services

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

User Self Service Management

Self service group management integrated with Outlook and Exchange

Integrated approval

If you wanted to access a file share in your network, previously you might have had to call your service desk and get approval. Now it is all workflow based. You go to a portal. There is no manual labor.- Brian Desmond, Microsoft MVP“

Simplify security,manage

compliance

Empower Business

• Self-service profile, credential, and group management

• Password and PIN reset from Windows login

• Group management from within Microsoft Office

• Single identity across heterogeneous applications

Empower IT

• End-to-end, workflow-driven user provisioning

• Policy-controlled self-service capabilities

• Automatic, attribute-based group membership for simplified resource access

Source: Windows identity management tools move closer to completion. Tech Target, November 2008. http://searchwinit.techtarget.com/news/article/0,289142,sid1_gci1337386,00.html

GOVERNED SELF-SERVICE AND AUTOMATION

Simplify Identity Management : FIM 2010

ActiveDirectory

LotusDomino

LDAP

SQLServer

Oracle DB

HR SystemFIM

Workflow

Manager

• Policy-based identity lifecycle management system

• Built-in workflow for identity management

• Automatically synchronize all user information to different directories across the enterprise

• Automates the process of on-boarding users

User Enrollment

Approval

User provisioned on all allowed systems

Identity ManagementUser provisioning

FIM CM

Simplify security,manage

compliance

HR SystemFIM

Workflow

• Automated user de-provisioning

• Built-in workflow for identity management

• Real-time de-provisioning from all systems to prevent unauthorized access and information leakage

User de-provisioned

User de-provisioned or disabled on all systems

Identity ManagementUser de-provisioning

ActiveDirectory

LotusDomino

LDAP

SQLServer

Oracle DB

FIM CM

Simplify security,manage

compliance

SharePoint-Based Management Console

FIM Add-in for Outlook

Group Management

• Self-service group and distribution list management with the FIM 2010 Web portal

• Office integration allows users to manage group membership from within Microsoft Office Outlook® for maximum productivity

• Enables users to use Outlook to manage approvals while they are offline

• Automatically add users to either group based on their employee type at the time they are provisioned to Active Directory

• Group and distribution list management, including dynamic membership calculation in these groups and distribution lists based on user’s attributes

Simplify security,manage

compliance

Simplify security,manage

compliance

• Enables users to reset their own passwords through both Windows logon and FIM password reset portal

• Controls helpdesk costs by enabling end users to manage certain parts of their own identities

• Improves security and compliance with minimal errors while managing multiple identities and passwords

End User

ActiveDirectory

Oracle

SQLServer

IBM DS

LDAP

User requests password reset

FIM Server

Passwords updated

Self-Service Password Management

• FIM capabilities integrated with Windows logon• Randomly selects a number of questions

Reset Password

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Demo

• HR Onboarding• Provisioning / ZeroTouch • Password Self Service• Role Based Provisioning • User Self Service• Approvals Workflow• Deprovisioning