1 / 20

Forefront Identity Manager 2010

GOPAS TechEd 2012. Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@ sevecek.com | www.sevecek.com |. Forefront Identity Manager 2010. Forefront Identity Manager 2010. Overview. Forefront Identity Manager. Identity Management

luigi
Télécharger la présentation

Forefront Identity Manager 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GOPAS TechEd 2012 Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com | Forefront Identity Manager 2010

  2. Forefront Identity Manager 2010 Overview

  3. Forefront Identity Manager • Identity Management • syncing AD/LDS/SQL/etc. database contents • indentity centered • Automatic group management • attribute values • manager • user self service • Web portal user/group management • SharePoint based • Self service password reset • web based and GUI extension

  4. Identity? • User • Group • table, cabinet, pc, car, ...

  5. History • Identity Integration Server 2003 (MIIS 2003) • Identity Lifecycle Manager 2007 (ILM 2007) • MIIS 2003 + CLM 2007 • Forefront Identity Manager 2010 (FIM 2010) • Forefront Idnetity Manager 2010 R2

  6. Price? • 5000 USD per CPU socket • 80 USD per managed identity

  7. Forefront Identity Manager • FIM Synchronization service • syncing AD/LDS/SQL/etc. database contents • indentity centered • FIM Service • attribute values • manager • user self service • FIM Portal • SharePoint based • Self service password registration and reset • web based and GUI extension

  8. Forefront Identity Manager 2010 Component Details

  9. FIM Synchronization AD AD FIM Sync Metaverse AD MA AD MA AD LDS ADLDS MA SQL MA DB MA SQL DB

  10. FIM Service and Portal Idea AD FIMService FIM Sync AD MA AD LDS SharePoint Portal ADLDS MA Metaverse SQL MA SQL

  11. FIM Service Management FIMService AD FIM SVC DB FIM Sync AD MA FIM MA AD LDS ADLDS MA Metaverse SQL MA SQL

  12. FIM Portal SharePoint Portal FIMService AD FIM SVC DB FIM Sync AD MA FIM MA AD LDS ADLDS MA Metaverse SQL MA SQL

  13. Forefront Identity Manager 2010 FIM Service and Portal Management Scenarios

  14. AD Object Management • Manual group membership • scripting • Permission based delegation • OU hierarchy • using “static” groups • no attribute validation

  15. AD Object Management Example • Prague managers can reset passwords for OU=Prague • Sales manager can change department to all users in OU=Sales and OU=Marketing • Sales manager can change group membership of Sales IS group • Users cannot reset their own passwords anonymously

  16. FIM Management • Dynamic group membership • attribute query based • manager based • Policy based delegation • group membership • attribute value based • attribute validation

  17. FIM Management Examples • Sales manager can change department to all users in OU=Sales and OU=Marketing • but only from Marketing to Sales • Users can reset their own passwords anonymously • after providing answers to several questions

  18. FIM Management Examples • CZ Users can change their own telephone • but the format must be +420... • CZ Users can change their own city • but the result must still be CZ User • School director can change department of his students • but the students must remain in the same school • Sales manager can change group members of Sales IS group • but can add only his own users

  19. FIM Management Examples • We have Sales Management group which contains several sales managers • Every sales user is assigned one of the sales managers • We can create a group that would contain all Sales people • group whos members are those people, whos manager is member of the Sales Management group

  20. GOPAS TechEd 2012 Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com | Thank you!

More Related