Methodologies And Tools To Make User Self Service A Reality
1. AusCERT 2010 Speaker Presentation Methodologies & Tools to make user self service a reality Paul Conroy – Identity & Access Technology Specialist
2. Agenda Business Challenges Meta-directory concepts User Self Service Scenarios Automated provisioning Attribute change User self service password reset Deprovisioning Summary Resources
3. Business Challenges Threats Current Solutions Business Landscape Increased volume Product proliferation Increased regulatory and compliance pressure More connectivity and collaboration Greater need for identity-based protection and access Greater IT choice; lower budgets Greater sophistication Lack of integration High cost of ownership Profit motivated Security not aligned to business needs and new opportunities
4.
5. Methodologies for Identity Management Directory Synchronisation Automated Provisioning Self Service Management of :- Groups/Distribution Lists Attributes Passwords Delegated Administration (e.g. for approvals)
6. Meta Directory Concept Meta-directory MAINFRAME ACTIVE DIRECTORY FINANCEAPPLICATION EXCHANGE FINANCEPORTAL SMARTCARD iPLANET
7. Methodologies for Identity Management Directory Synchronisation Automated Provisioning Self Service Management of :- Groups/Distribution Lists Attributes Passwords Delegated Administration (e.g. for approvals)
8. HR SYSTEM MANAGER APPROVAL PROVISIONING POLICY APPLIED New Employee Scenario Meta-directory MANAGER APPROVAL MAINFRAME ACTIVE DIRECTORY FINANCEAPPLICATION EXCHANGE FINANCEPORTAL SMARTCARD iPLANET
9. Methodologies for Identity Management Directory Synchronisation Automated Provisioning Self Service Management of :- Groups/Distribution Lists Attributes Passwords Delegated Administration (e.g. for approvals)
State that automated provisioning is of users and resources
State that automated provisioning is of users and resources
Key points we want to illustrate: Melissa is a new employee starting her first day of work at Contoso. She sits down in her assigned office to begin her work which is heavily dependent on LOB applications and being ‘plugged in’ to key DLs.Rather than calling the help desk to get access, groups, etc. Melissa’s accounts and mailbox are automatically provisioned and available at first login, due to preconfigured rules in ILM “2”She is automatically granted access to the LOB apps relevant to her roleShe is dynamically added to key DLsAnimation flow:Data flows in from HR system. Would like a file to pass from HR to ILM “2” with information on the new hire like Name = Melissa Meyers, Employee ID = 122145, Dept = Finance, Title = Analyst, Employee Type = Full Time.Data flows to each of the target systems. For Exchange a mailbox is created. I want icons to travel along the arrow to represent the data passed to Exchange as well mailbox created. Her email address should be filled in as mmeyers@contoso.com.For AD, a password is assigned and sent to her manager. She is also given membership in the “Finance,” “New Hire” and “FTE” groups in AD. I want icons to travel along the arrow to represent the data passed to AD as well as the password and new groups created.A smart card is also provisioned so for remote access and for her to access the finance appFor the other accounts show the data passing along the arrows. Show only her name, employee ID, and department being passed to iPlanet, and show her Name, ID, and Employee Type passing to the mainframe.
State that automated provisioning is of users and resources
New Employee scenarioCreate new userNow invoke set, workflow and management policy rule. All constructs in Identity ManagementCreate second userNB Mention delegated administration
Logon as the newly created userShow how SSPR worksgoto slideShow DL management in OutlookChange MPR and show self service of fax numbergotoattrmgt slide
Key points we want to illustrate: Melissa is a new employee starting her first day of work at Contoso. She sits down in her assigned office to begin her work which is heavily dependent on LOB applications and being ‘plugged in’ to key DLs.Rather than calling the help desk to get access, groups, etc. Melissa’s accounts and mailbox are automatically provisioned and available at first login, due to preconfigured rules in ILM “2”She is automatically granted access to the LOB apps relevant to her roleShe is dynamically added to key DLsAnimation flow:Data flows in from HR system. Would like a file to pass from HR to ILM “2” with information on the new hire like Name = Melissa Meyers, Employee ID = 122145, Dept = Finance, Title = Analyst, Employee Type = Full Time.Data flows to each of the target systems. For Exchange a mailbox is created. I want icons to travel along the arrow to represent the data passed to Exchange as well mailbox created. Her email address should be filled in as mmeyers@contoso.com.For AD, a password is assigned and sent to her manager. She is also given membership in the “Finance,” “New Hire” and “FTE” groups in AD. I want icons to travel along the arrow to represent the data passed to AD as well as the password and new groups created.A smart card is also provisioned so for remote access and for her to access the finance appFor the other accounts show the data passing along the arrows. Show only her name, employee ID, and department being passed to iPlanet, and show her Name, ID, and Employee Type passing to the mainframe.
Now logon as Melissa and run her approval and logon as new user