Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft has had been Identity Management via MIIS and ILM 2007.
MIIS – Microsoft Identity Integration Server 2003, has been provides various customers a capability to -
-
- synchronize the identities across various data sources
- Synchronize the password
- user provisioning, de-provisioning, managing users etc.
However, MIIS lacked the workflows, reporting, powerful self-service capabilities that makes Identity Management solution a complete solution.
ILM 2007 provides MIIS capabilities as well as Certificate Lifecycle Management capabilities. Certificate Lifecycle Management allows organizations to -
-
- Manage the life cycle of digital certificates and smart cards
- Centralized administration of certificates and smart cards
- Workflow and policies for activities -
- Configurable policy-based workflows for common tasks
- Enroll/renew/update
- Recover/card replacement
- Revoke
- Retire/disable smart card
- Issue temporary/duplicate smart card
- Personalize smart card
- Self-service capabilities to end-users to reset the PINs, request for above activities
- auditing and reporting; and
- Integration with Active Directory Certificate Services.
ILM 2 provides more capabilities than its predecessor. The capabilities of ILM 2 includes -
-
- Extensible Windows Workflow Foundation based workflows -
- allow IT professional to quick create, update and modify the Workflow based on business processes
- Does not require any languages or coding / scripting.
- The workflow are based on WF (Windows Workflow Foundation) which enables organizations to import and reuse the workflows
- Provides WS* APIs to enable customization at product & solution level.
- Extensible Windows Workflow Foundation based workflows -
-
- Enforces policies from a centralized Server. The interface is Windows SharePoint Services (WSS).
- Management of 3rd Party CAs and OTPs.
- Credential Management using workflows for e.g. automatically provision a user account, set their initial password, and kick off the process to issue smart cards and digital certificates to the user.
- Powerful Self-Service Password Reset – Allows users to reset the password at Desktop logon. Additionally portal based password reset is also available.
- Self-service Profile management – allows users to manage their profiles, raise request for additional accounts, access etc.
- Codeless User Provisioning – Unlike MIIS, ILM 2 does not require writing any codes to perform Identity Management.
- Group Management – Capability to manage the Security groups, DLs in the target systems
- Tighter integration with Office -
- Group Management via Office - Users can use Outlook to raise request for group memberships, DL subscription etc.
- Offline approvals - The Managers can approve the request on mails instead of logging on to portal and approving the request.
These are few of the capabilities that makes ILM 2 a more powerful solution.
High Level Architecture of ILM 2 is as below -
In order to understand how ILM 2 works and have a quick peek look at various scenarios, I would attach the Video of my session in recent Virtual Tech Day, in my next post.