microsoft identity and access solutions market trends and futures jesus martin identity and access...
TRANSCRIPT
Microsoft Identity and Access SolutionsMarket Trends and Futures
Jesus MartinIdentity and Access Lead, Middle East and Africa
Microsoft [email protected]
• Provisioning/Deprovisioning• User/Profile Self Service• Group & Role Management• Password Self Service & Password
Management• Certificate Management• Two Factor Authentication• Federation• Enterprise SSO• Attestation & Certification• Privileged Account Management• Compliance & Auditing• Reporting
Identity and Access ManagementGartner states: By 2014, investments in IAM solutions will increase 60 percent to address regulatory compliance requirements
1
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Identity Management is not anymore about
• Provisioning and Deprovisioning• Identity Synchronization• Deliver tools to IT to control and secure the
environmentThe Next Wave of Identity Management is aboutIt’s all about the app / Self Service Everything
Deliver IT as a ServiceWebshops/Service CatalogsEmpower the End Users and Business ManagersAnywhere Access on Any DeviceCompliance & AuditingROI/TCO
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Trends in Identity and Access
Identity and Access as a ServiceEnabling consumerization of IT
Streamlined pricing and complexity of on traditional Identity solutions
Identity and Access Governance
Federation management
Help customers extend enterprise identity to address control and governance of cloud adoption
Self Service Everything
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Market Trends ….. Futures ?
• Identity Management goal will be about simplifying the way we deliver services that IT provides to end users rather than delivering tools to IT departments.
• Business Managers will be able to deliver users access to business services without the need to contact IT
• End User Interfaces that can be used as a “Web Shop” will enable users to get access to data as easily as they can create a Dropbox/hotmail account
• Interfaces will be as easy to use as Facebook
• Will manage the Access to Internal / Cloud based Applications
• Any device / same user experience (Identity in the Cloud)
• Windows 8 will drive the future of Identity Management and Information Protection
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
User Self Service Management
Self service group management integrated with Outlook and Exchange
Integrated approval
If you wanted to access a file share in your network, previously you might have had to call your service desk and get approval. Now it is all workflow based. You go to a portal. There is no manual labor.- Brian Desmond, Microsoft MVP“
Simplify security,manage
compliance
Empower Business
• Self-service profile, credential, and group management
• Password and PIN reset from Windows login
• Group management from within Microsoft Office
• Single identity across heterogeneous applications
Empower IT
• End-to-end, workflow-driven user provisioning
• Policy-controlled self-service capabilities
• Automatic, attribute-based group membership for simplified resource access
Source: Windows identity management tools move closer to completion. Tech Target, November 2008. http://searchwinit.techtarget.com/news/article/0,289142,sid1_gci1337386,00.html
GOVERNED SELF-SERVICE AND AUTOMATION
Simplify Identity Management : FIM 2010
ActiveDirectory
LotusDomino
LDAP
SQLServer
Oracle DB
HR SystemFIM
Workflow
Manager
• Policy-based identity lifecycle management system
• Built-in workflow for identity management
• Automatically synchronize all user information to different directories across the enterprise
• Automates the process of on-boarding users
User Enrollment
Approval
User provisioned on all allowed systems
Identity ManagementUser provisioning
FIM CM
Simplify security,manage
compliance
HR SystemFIM
Workflow
• Automated user de-provisioning
• Built-in workflow for identity management
• Real-time de-provisioning from all systems to prevent unauthorized access and information leakage
User de-provisioned
User de-provisioned or disabled on all systems
Identity ManagementUser de-provisioning
ActiveDirectory
LotusDomino
LDAP
SQLServer
Oracle DB
FIM CM
Simplify security,manage
compliance
SharePoint-Based Management Console
FIM Add-in for Outlook
Group Management
• Self-service group and distribution list management with the FIM 2010 Web portal
• Office integration allows users to manage group membership from within Microsoft Office Outlook® for maximum productivity
• Enables users to use Outlook to manage approvals while they are offline
• Automatically add users to either group based on their employee type at the time they are provisioned to Active Directory
• Group and distribution list management, including dynamic membership calculation in these groups and distribution lists based on user’s attributes
Simplify security,manage
compliance
Simplify security,manage
compliance
• Enables users to reset their own passwords through both Windows logon and FIM password reset portal
• Controls helpdesk costs by enabling end users to manage certain parts of their own identities
• Improves security and compliance with minimal errors while managing multiple identities and passwords
End User
ActiveDirectory
Oracle
SQLServer
IBM DS
LDAP
User requests password reset
FIM Server
Passwords updated
Self-Service Password Management
• FIM capabilities integrated with Windows logon• Randomly selects a number of questions
Reset Password