Identity and Access Management. Agenda Introduction What is Idm? Active Directory – what is...

Identity and Access Identity and Access ManagementManagement

AgendaAgenda

Introduction What is Idm? Active Directory – what is

new in Windows Server 2003?

ADAM – easing the pain of AD

Enterprise Single Sign On Federated Identity

Management

Business NeedsBusiness Needs

ExtendedExtendedEnterpriseEnterpriseExtendedExtendedEnterpriseEnterprise

Integrate Partners in Supply ChainIntegrate Partners in Supply Chain Connect with CustomersConnect with Customers Empower the information workersEmpower the information workers

Integrate Partners in Supply ChainIntegrate Partners in Supply Chain Connect with CustomersConnect with Customers Empower the information workersEmpower the information workers

Improve SecurityImprove SecurityImprove SecurityImprove Security Reduce number of userid/passwordReduce number of userid/password Reduce De-provisioning risksReduce De-provisioning risks Enforce policies and improve audit capabilityEnforce policies and improve audit capability

Reduce number of userid/passwordReduce number of userid/password Reduce De-provisioning risksReduce De-provisioning risks Enforce policies and improve audit capabilityEnforce policies and improve audit capability

Regulatory Regulatory ComplianceComplianceRegulatory Regulatory ComplianceCompliance

HIPAAHIPAA Sarbanes Oxley ActSarbanes Oxley Act Gramm-Leach-Bliley Gramm-Leach-Bliley

HIPAAHIPAA Sarbanes Oxley ActSarbanes Oxley Act Gramm-Leach-Bliley Gramm-Leach-Bliley

Reduce Operational Reduce Operational CostsCosts

Reduce Operational Reduce Operational CostsCosts

Provide self-service capabilityProvide self-service capability Decrease IT Security and Management Costs Decrease IT Security and Management Costs Lower application development costsLower application development costs

Provide self-service capabilityProvide self-service capability Decrease IT Security and Management Costs Decrease IT Security and Management Costs Lower application development costsLower application development costs

Consider the factsConsider the facts Too Many User RepositoriesToo Many User Repositories

Enterprises have 68 internal and 12 external account storesEnterprises have 68 internal and 12 external account stores 75% of internal users and 38% of external users are in multiple stores75% of internal users and 38% of external users are in multiple stores

Inefficient Account Provisioning/De-ProvisioningInefficient Account Provisioning/De-Provisioning User management consumes 34% of the total time IT spends on IdMUser management consumes 34% of the total time IT spends on IdM Users gets provisioned in 16 systems and de-provisioned in 10.Users gets provisioned in 16 systems and de-provisioned in 10.

Impact on User Productivity Impact on User Productivity On average IT is managing access to 73 unique applications requiring On average IT is managing access to 73 unique applications requiring

user access.user access. Average user spends 16 minutes a day for loginsAverage user spends 16 minutes a day for logins SSO increases user productivity by 15% and efficiency by 18%SSO increases user productivity by 15% and efficiency by 18%

Increasing IT Operational costsIncreasing IT Operational costs 45% of all help desk calls are for p/w resets45% of all help desk calls are for p/w resets 15% of users will call help desk for p/w reset15% of users will call help desk for p/w reset Organisations are managing on average 46 suppliers, spending over Organisations are managing on average 46 suppliers, spending over

1380 hours managing changes to access privilege.1380 hours managing changes to access privilege.

Source: META Group research conducted on behalf of PricewaterhouseCoopers, June 2002, MSFT InternalSource: META Group research conducted on behalf of PricewaterhouseCoopers, June 2002, MSFT Internal

IAM Adoption DriversIAM Adoption DriversReduce Identity

Related Operational

Costs

Reduce Identity Related

Operational Costs

• Reduce help desk costs for user management and password resets• Reduce cost of provisioning and de-provisioning customers• Reduce the cost of managing multiple user-repositories

• Reduce help desk costs for user management and password resets• Reduce cost of provisioning and de-provisioning customers• Reduce the cost of managing multiple user-repositories

E-Business EnablementE-Business Enablement

• Increase efficiency with supply chain with partner integration• Improve customer experience• Employee portal/personalisation

• Increase efficiency with supply chain with partner integration• Improve customer experience• Employee portal/personalisation

Reduce Risk of Unauthorised

Access

Reduce Risk of Unauthorised

Access

• Auditing and reporting• Rapid revocation of access• Enforcement of security and privacy policy across the enterprise

• Auditing and reporting• Rapid revocation of access• Enforcement of security and privacy policy across the enterprise

Comply with Regulatory

Compliances

Comply with Regulatory

Compliances

• Sarbannes-Oxley Act• GLB Act• HIPAA

• Sarbannes-Oxley Act• GLB Act• HIPAA

IAM Solution RequirementsIAM Solution RequirementsDirectory ServicesDirectory Services

Brings multiple data stores together to form a single digital identity. It includes security and profile information.

ProvisioningProvisioningHow identities are created, modified and retired using taking advantage of user information in the directory infrastructure.Authenticati

onAuthenticati

onProving an identity to a network application or resource. This includes user-id/password log-ons and public key certificates.

Authorisation

Authorisation

Determine the entitlements of the digital identity once it is authorised for access and action performance.

PrivacyPrivacyProvide precise control of access rights and privileges, digital information is secured and privacy is protected.

ApplicationsApplicationsUltimate consumers of digital identity and the enforcers of the entitlements derived from the identity.

Active Directory &Microsoft Identity Integration Server

Active Directory &Microsoft Identity Integration Server

Microsoft Identity Integration ServerMicrosoft Identity Integration Server

Security Services in Windows Server 2003

Security Services in Windows Server 2003

Role Based Access Control in

Windows Server 2003

Role Based Access Control in

Windows Server 2003

Active Directory & Microsoft Identity Integration Server

Active Directory & Microsoft Identity Integration Server

Microsoft Applications

Microsoft Applications

Key Solution ScenariosKey Solution Scenarios

Business to Enterprise

Business toBusiness

Business to Consumer

• Required level of authorisation security• Elimination of multiple sign-ins for all

client platforms• Synchronisation of digital identity

across multiple platforms• Application integration and business

process automation across multiple platforms

• Access to host based systems and management of digital assets located on other platforms

• Secure management of information assets

• Active Directory

• MIIS• Biztalk Server

2004• Host

Integration Server

• Unix, Netware & Mac Services• Establish and maintain trust between

separate but trusted business partners• Federate systems with a single trust

relationship to provide a seamless authentication and authorisation experience


• Windows Server 2003

• Oblix and OpenNetwork partner products• Extend information systems and

applications to consumer • Outsource consumer authorisation tasks

but still maintain control of authorisation

• Integration with a system or platform that is not supported by a Microsoft product


• Windows Server 2003

• Microsoft .NET Passport

• Oblix and OpenNetwork

What is new in ADS for What is new in ADS for Windows Server 2003?Windows Server 2003?

MachinesMachinesMachinesMachines ApplicationsApplicationsApplicationsApplicationsDevicesDevicesDevicesDevices

Active Directory Active Directory ArchitectureArchitecture

Active Directory organizes information Active Directory organizes information hierarchically to ease network use and hierarchically to ease network use and managementmanagement

RootRootRootRoot

UsersUsersUsersUsers

MarketingMarketingMarketingMarketing PersonnelPersonnelPersonnelPersonnel

= Container= Container

= Object= Object

ActiveActive Directory Directory ArchitectureArchitecture

Directory objects have attributesDirectory objects have attributes Object and attributes are protected by ACLsObject and attributes are protected by ACLs

RootRootRootRoot

UsersUsersUsersUsers MachinesMachinesMachinesMachines ApplicationsApplicationsApplicationsApplications


Name: Bob JonesName: Bob JonesEmail: [email protected]: [email protected]: 555-1234Phone: 555-1234SSN: 456-78-9101SSN: 456-78-9101

Name: Bob JonesName: Bob JonesEmail: [email protected]: [email protected]: 555-1234Phone: 555-1234SSN: 456-78-9101SSN: 456-78-9101

DevicesDevicesDevicesDevices

ActiveActive Directory Architecture Directory Architecture

Active Directory supports multi-master Active Directory supports multi-master replication for flexibility, high-availability replication for flexibility, high-availability and performanceand performance

Change Change Room# to Room# to

6/21106/2110

Change Change Room# to Room# to

6/21106/2110

Add User: Add User: BillBill

Add User: Add User: BillBill

NorthNorthAmericaAmerica

SiteSite

EuropeEuropeSiteSite

Top-level Domain

DC2

DC1

DC3

DC5

DC6

DC4

SimplifiesSimplifies Management Management

Active Directory organizes users and network Active Directory organizes users and network resources hierarchically to simplify resources hierarchically to simplify managementmanagement

RootRootRootRoot




Give ‘Personnel’ Members Give ‘Personnel’ Members the HR Applicationthe HR Application

Give ‘Personnel’ Members Give ‘Personnel’ Members the HR Applicationthe HR Application

Color Printer in Color Printer in Building 6Building 6

Color Printer in Color Printer in Building 6Building 6

Delegate Management Delegate Management Tasks to Office AdminsTasks to Office AdminsDelegate Management Delegate Management Tasks to Office AdminsTasks to Office Admins

StrengthensStrengthens Security Security

Active Directory provides Internet-ready Active Directory provides Internet-ready security services to protect data while security services to protect data while facilitating accessfacilitating access

RootRootRootRoot


MarketingMarketingMarketingMarketing ExtranetExtranetExtranetExtranet


Restrict Access Rights of Restrict Access Rights of Extranet UsersExtranet Users

Restrict Access Rights of Restrict Access Rights of Extranet UsersExtranet Users

KerberosKerberosX.509X.509

Smart CardSmart Card

KerberosKerberosX.509X.509

Smart CardSmart Card

PKI CertificatesPKI CertificatesPKI CertificatesPKI Certificates

ExtendsExtends Interoperability Interoperability

Active Directory provides a platform for Active Directory provides a platform for integrating and extending systems through integrating and extending systems through open interfaces, connectors and open interfaces, connectors and synchronization mechanismssynchronization mechanisms

RootRootRootRoot


FinanceFinanceFinanceFinance PersonnelPersonnelPersonnelPersonnel


Policy: Give Personnel Policy: Give Personnel access to ‘Change access to ‘Change

Salary’ Menu OptionsSalary’ Menu Options

Policy: Give Personnel Policy: Give Personnel access to ‘Change access to ‘Change

Salary’ Menu OptionsSalary’ Menu Options

Policy: Give Finance Policy: Give Finance more bandwidth at the more bandwidth at the

end of the monthend of the month

Policy: Give Finance Policy: Give Finance more bandwidth at the more bandwidth at the

end of the monthend of the month

Application: Exchange Application: Exchange mailbox informationmailbox information

Application: Exchange Application: Exchange mailbox informationmailbox information

Windows UsersWindows Users• Account infoAccount info• PrivilegesPrivileges• ProfilesProfiles• PolicyPolicy

Windows ClientsWindows Clients• Mgmt profileMgmt profile• Network infoNetwork info• PolicyPolicy

Windows ServersWindows Servers• Mgmt profileMgmt profile• Network infoNetwork info• ServicesServices• PrintersPrinters• File sharesFile shares• PolicyPolicy

A Focal Point for:A Focal Point for:• ManageabilityManageability• SecuritySecurity• InteroperabilityInteroperability

ActiveActiveDirectoryDirectory

ApplicationsApplications• Server configServer config• Single Sign-OnSingle Sign-On• App-specificApp-specific

directory info directory info • PolicyPolicy

Network DevicesNetwork Devices• ConfigurationConfiguration• QoS policyQoS policy• Security policySecurity policy

InternetInternet

Firewall ServicesFirewall Services• ConfigurationConfiguration• Security PolicySecurity Policy• VPN policyVPN policy

OtherOtherDirectoriesDirectories• White pagesWhite pages• E-CommerceE-Commerce

Other NOSOther NOS• User registryUser registry• SecuritySecurity• PolicyPolicy

E-Mail ServersE-Mail Servers• Mailbox infoMailbox info• Address bookAddress book

Windows Windows Active DirectoryActive Directory

Well-known New FeaturesWell-known New Features LVR replicationLVR replication Improved ISTGImproved ISTG Domain renameDomain rename Cross-forest trustCross-forest trust Universal Group CachingUniversal Group Caching Install from MediaInstall from Media No-GC-Full-Sync for PAS No-GC-Full-Sync for PAS

schema extensionsschema extensions SID History migration SID History migration

delegationdelegation Concurrent LDAP bindsConcurrent LDAP binds Manual trigger of online Manual trigger of online

defragdefrag DNS in app partitionsDNS in app partitions Single instance storeSingle instance store

Update logon timestamp Update logon timestamp attributeattribute

Kerberos KDC versionKerberos KDC version User password on User password on

INetOrgPersonINetOrgPerson DC rename with netdomDC rename with netdom Auth manager can store Auth manager can store

auth policiesauth policies Selective authentication Selective authentication

cross-forestcross-forest Dynamic aux classesDynamic aux classes User to INetOrgPerson User to INetOrgPerson

changechange Schema de-/reactivationSchema de-/reactivation BasicBasic and and query basedquery based

groupsgroups

Areas of ADS ChangesAreas of ADS Changes

DeploymentDeployment SecuritySecurity ReplicationReplication Backup / RestoreBackup / Restore Time ServiceTime Service Migration - ADMTMigration - ADMT

Deployment - Redirected Deployment - Redirected Users and Computers Users and Computers ContainersContainers CN=Users and CN=computers have object class CN=Users and CN=computers have object class

“container”“container” No GPO, no managed containerNo GPO, no managed container

Down level APIs and shell move objects into these Down level APIs and shell move objects into these containers by defaultcontainers by default ““net user”, “net group”, “netdom /add” with no OUnet user”, “net group”, “netdom /add” with no OU Computer properties – domain membershipComputer properties – domain membership Additional administrative work needed to move Additional administrative work needed to move

objectsobjects Use “rediruser.exe” and “redircomp.exe” from Use “rediruser.exe” and “redircomp.exe” from

Windows 2003 Resource KitWindows 2003 Resource Kit CaveatsCaveats

Windows 2003 domain functional level requiredWindows 2003 domain functional level required Exchange 2000 domainprep failsExchange 2000 domainprep fails

Deployment - Property SetsDeployment - Property Sets

Property set: Collection of attributes that can Property set: Collection of attributes that can be managed together in a one setbe managed together in a one set Granting permissionsGranting permissions Example: “Public Information Set”, includes Example: “Public Information Set”, includes

attributes like department, manager and attributes like department, manager and surnamesurname

Base schema defines list of property setsBase schema defines list of property sets Windows 2000: Base schema property sets Windows 2000: Base schema property sets

could not be changedcould not be changed Windows 2003: Attributes can be removed Windows 2003: Attributes can be removed

from base property sets and moved to self-from base property sets and moved to self-defined property setsdefined property sets Attributes can still only be member in a Attributes can still only be member in a

single attribute setsingle attribute set

Deployment - KCCDeployment - KCC

KCC changes in Windows 2003KCC changes in Windows 2003 Bridgehead server load balancingBridgehead server load balancing ADLB (Active Directory Load Balancing tool)ADLB (Active Directory Load Balancing tool)

Deployment - Lingering Deployment - Lingering Objects ImprovementsObjects Improvements Windows 2000 ServerWindows 2000 Server

Lingering object was revived when replicatedLingering object was revived when replicated Windows 2000 SP3 and Windows Server 2003Windows 2000 SP3 and Windows Server 2003

If “Strict Replication Consistency” reg key is set, source DC If “Strict Replication Consistency” reg key is set, source DC is “quarantined”is “quarantined”

New Windows Server 2003 forest always has reg key setNew Windows Server 2003 forest always has reg key set Windows Server 2003 DC ALWAYS quarantines replication Windows Server 2003 DC ALWAYS quarantines replication

source if replication has not succeeded for more than source if replication has not succeeded for more than tombstone lifetimetombstone lifetime Independent from “Strict Replication Consistency” reg keyIndependent from “Strict Replication Consistency” reg key Independent from lingering object detectionIndependent from lingering object detection Can be overwritten with repadmin or registry keyCan be overwritten with repadmin or registry key

Make sure that you run tool to bulk-delete lingering Make sure that you run tool to bulk-delete lingering objects firstobjects first

Deployment - New Deployment - New Replication Latency EventReplication Latency Event

Event ID 1864Event ID 1864 Helps finding domain controllers that Helps finding domain controllers that

have not replicated withinhave not replicated within 8 hours8 hours 1 weeks1 weeks 1 month1 month 2 months2 months > TSL / number of days> TSL / number of days

Replication - Performance Replication - Performance ImprovementsImprovements

New compression algorithm New compression algorithm Trades CPU for network trafficTrades CPU for network traffic

~20% CPU performance improvements~20% CPU performance improvements Fully backwards compatibleFully backwards compatible Can be disabled via registry keyCan be disabled via registry key

DC then reverts to Windows 2000 compression DC then reverts to Windows 2000 compression algorithmalgorithm

Best PracticeBest Practice Use new compression algorithm to reduce load on Use new compression algorithm to reduce load on

Bridgehead ServersBridgehead Servers Only revert to Windows 2000 algorithm in very slow Only revert to Windows 2000 algorithm in very slow

network conditions ( 64 KBit and lower)network conditions ( 64 KBit and lower)

Replication - Enhanced Tools Replication - Enhanced Tools for Replication HealthCheckfor Replication HealthCheck Run against multiple DCsRun against multiple DCs Make changes on multiple DCsMake changes on multiple DCs ExamplesExamples

Check all Bridgehead serversCheck all Bridgehead servers Check replication latency forest wideCheck replication latency forest wide Replication summaryReplication summary Dump summary to csv fileDump summary to csv file Disable inbound replication on all DCsDisable inbound replication on all DCs

Replication ImprovementsReplication Improvements

Un-GC operation improvedUn-GC operation improved Removing GC NCs took a long time in Removing GC NCs took a long time in

Windows 2000Windows 2000 KCC only deleted 500 objects / passKCC only deleted 500 objects / pass Resulted in 2,000 objects / hourResulted in 2,000 objects / hour

Windows 2003Windows 2003 KCC removes objects as fast as it canKCC removes objects as fast as it can Back-ported to Windows 2000 SP4Back-ported to Windows 2000 SP4

Deployment – Force Deployment – Force RemovalRemoval Some DC issues are hard to troubleshootSome DC issues are hard to troubleshoot Re-installing AD in Windows 2000 means re-Re-installing AD in Windows 2000 means re-

installing Windows 2000installing Windows 2000 Including all applications, shares etc.Including all applications, shares etc.

Windows 2003 has “force removal”Windows 2003 has “force removal” Removes AD even if server cannot communicate Removes AD even if server cannot communicate

over the networkover the network Ignores any service failures on local machineIgnores any service failures on local machine Standalone server after demotionStandalone server after demotion No automatic server metadata clean-upNo automatic server metadata clean-up

Needs to be performed manuallyNeeds to be performed manually Back-ported to Windows 2000 SP4Back-ported to Windows 2000 SP4

Deployment – Password Deployment – Password ResetsResets Administrator initiated password resets Administrator initiated password resets

lead to users not being able to logonlead to users not being able to logon Admin selected password not recognized Admin selected password not recognized

when user tries to change password againwhen user tries to change password again

Solution: Single object replicationSolution: Single object replication When DC chains authentication request to When DC chains authentication request to

PDC and password has changed, PDC PDC and password has changed, PDC replicates user object to DCreplicates user object to DC

Password now updated on DCPassword now updated on DC

Account LockoutAccount LockoutAdmin EnhancementsAdmin Enhancements

ACCTINFO.DLL: ACCTINFO.DLL: Allows administrators to reset user account password on Allows administrators to reset user account password on

a DC in the users sitea DC in the users site

LOCKOUTSTATUS.EXELOCKOUTSTATUS.EXE Displays bad password count and lockout status across Displays bad password count and lockout status across

all DC’s in a domain.all DC’s in a domain. Both utilities in Windows Server 2003 Resource Kit. Both utilities in Windows Server 2003 Resource Kit.

Password Policy + AL RecommendationsPassword Policy + AL Recommendations Environments can be secure without enabling ALEnvironments can be secure without enabling AL Recommendations for AL + Domain P/W settingsRecommendations for AL + Domain P/W settings Key Problem: Setting Bad P/W threshold too low.Key Problem: Setting Bad P/W threshold too low.

ACCTINFO Property PageACCTINFO Property PageShipped in Windows Server 2003 ResKitShipped in Windows Server 2003 ResKit

F1: ACCTINFO tab in AD Users & Computers snap-in

F2: Domain Password Policy

F3: Users computer name used to change p/w on DC in AD same site

LOCKOUTSTATUS.EXELOCKOUTSTATUS.EXEShipped in Windows 2003 ResKitShipped in Windows 2003 ResKit

F1: Runs as Standalone utility or extension to ACCTINFO. Shows bad p/w count and time across all DC’s in domain

Security - QuotasSecurity - Quotas Users or services can create a large number of Users or services can create a large number of

objects in ADobjects in AD ““Create Child” permission on any containerCreate Child” permission on any container I.e., DNS records, print queues, workstationsI.e., DNS records, print queues, workstations

Security concern: Denial of Service attack, run Security concern: Denial of Service attack, run DC out of disk spaceDC out of disk space

Solution: QuotasSolution: Quotas Goal: Users can only create an x number of Goal: Users can only create an x number of

objectsobjects Objects Objects ownedowned by a user count, not all objects by a user count, not all objects

ever createdever created Efficient to protect from disk space attacksEfficient to protect from disk space attacks Delegated users who can create security Delegated users who can create security

principals (users, inetOrgPersons) still need to principals (users, inetOrgPersons) still need to be fully trustedbe fully trusted

Security - AuditingSecurity - Auditing Windows 2000 auditing hardWindows 2000 auditing hard

Auditing disabled by defaultAuditing disabled by default Single SACL on domain rootSingle SACL on domain root

Fresh install Windows 2003 enables Fresh install Windows 2003 enables auditing by defaultauditing by default Goals: Accountability of changesGoals: Accountability of changes Non-goal: Security breaches and hacksNon-goal: Security breaches and hacks Dedicated SACLs on DS objectsDedicated SACLs on DS objects

ReplicationReplication

DSRM password reset can be auditedDSRM password reset can be audited

Other Security Other Security ImprovementsImprovements Anonymous queries restricted to Anonymous queries restricted to

RootDSE onlyRootDSE only AdminSDHolder extendedAdminSDHolder extended

AdminSDHolder has place-holder ACL for AdminSDHolder has place-holder ACL for administrative accountsadministrative accounts

Extended to all built-in and well-known Extended to all built-in and well-known groups in Windows 2003groups in Windows 2003 Examples: Account Operators, Server Examples: Account Operators, Server

Operators etc.Operators etc. Exceptions: Users and Domain UsersExceptions: Users and Domain Users

Time ServiceTime Service

Windows 2003 uses NTP protocolWindows 2003 uses NTP protocol More robust and flexible protocolMore robust and flexible protocol Higher accuracyHigher accuracy

Easy to customizeEasy to customize Higher sync frequency vs. network trafficHigher sync frequency vs. network traffic Use Group PolicyUse Group Policy

Migration - ADMTMigration - ADMT

Profile Migration in ADD mode while user is Profile Migration in ADD mode while user is logged on to workstationlogged on to workstation

ADMT agent results added to migration log ADMT agent results added to migration log Any attributes not part of the base schema Any attributes not part of the base schema

excluded by defaultexcluded by default ADMT queries schema for extensions at first ADMT queries schema for extensions at first

runrun Schema extensions added to the system Schema extensions added to the system

attribute listattribute list Can be removed manually from the listCan be removed manually from the list Example: Exchange 2000 schema extensionsExample: Exchange 2000 schema extensions

NetBIOS-less supportNetBIOS-less support

Microsoft IAM RoadmapMicrosoft IAM RoadmapLonghorn Wave

MIIS 3.0 Active Directory Application Mode

2004

XML Web Services Specifications• WS-Security working group

within OASIS

Jupiter

TrustBridge

2003

SummarySummary Identity management essential part of Identity management essential part of

business strategybusiness strategy Highly leveraged – simultaneously Highly leveraged – simultaneously

increase security and productivity while increase security and productivity while reducing costsreducing costs

Competitive advantage - quickly enable Competitive advantage - quickly enable new scenarios, business opportunitiesnew scenarios, business opportunities

Microsoft and partners deliver Microsoft and partners deliver complete solutioncomplete solution Get more from investment in Active Get more from investment in Active

DirectoryDirectory Cross-platform capableCross-platform capable

Next StepsNext Steps Assign a ownerAssign a owner Develop a vision and strategyDevelop a vision and strategy Start small with focus on ROIStart small with focus on ROI Leverage Solution AcceleratorsLeverage Solution Accelerators

PlanningPlanning ImplementationImplementation

Establish policyEstablish policy New applications must leverage New applications must leverage

infrastructure sign-on infrastructure sign-on

Engage MCS and/or PartnersEngage MCS and/or Partners

© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Identity and Access Management. Agenda Introduction What is Idm? Active Directory – what is...

Documents

Transcript of Identity and Access Management. Agenda Introduction What is Idm? Active Directory – what is...