End-to-End Identity Management With Oblix and Microsoft WHITEPAPER



Similar documents
Oracle Access Manager. An Oracle White Paper

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

White paper December Addressing single sign-on inside, outside, and between organizations

Oracle Access Manager

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

OracleAS Identity Management Solving Real World Problems

Microsoft SQL Server Master Data Services Roadmap

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

IBM Tivoli Identity Manager

An Oracle White Paper Dec Oracle Access Management Security Token Service

IBM WebSphere application integration software: A faster way to respond to new business-driven opportunities.

PingFederate. SSO Integration Overview

BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use

Integrating Hitachi ID Suite with WebSSO Systems

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

AD Self-Service Suite for Active Directory

The Top 5 Federated Single Sign-On Scenarios

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Reduce Trial Costs While Increasing Study Speed and Data Quality with Oracle Siebel CTMS Cloud Service

When millions need access: Identity management in an increasingly connected world

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT

Clustering and Queue Replication:

1 Product. Open Text is the leading fax server vendor in the world. *

How To Create A Help Desk For A System Center System Manager

Manufacturer to Enhance Efficiency with Improved Identity Management

BES10 Cloud architecture and data flows

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

Oracle Net Services for Oracle10g. An Oracle White Paper May 2005

Highmark Unifies Identity Data With Oracle Virtual Directory. An Oracle White Paper January 2009

Oracle Identity and Access Management

An Oracle White Paper June Integration Technologies for Primavera Solutions

Dell One Identity Manager Scalability and Performance

agility made possible

CA Clarity Integration

Authentication Integration

SharePoint 2013 Logical Architecture

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Simplify Identity Management with the CA Identity Suite

The Case for a Stand-alone Rating Engine for Insurance. An Oracle Brief April 2009

Can I customize my identity management deployment without extensive coding and services?

PeopleSoft Enterprise Directory Interface

Veritas Enterprise Vault for Microsoft Exchange Server

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Documentation. CloudAnywhere. Page 1

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

Deployment of Cisco Extension Mobility in Enterprises White Paper

Xerox Workflow Automation Services Solutions Brochure. Xerox DocuShare 7.0. Enterprise content management for every organization.

SAML:The Cross-Domain SSO Use Case

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

<Insert Picture Here> Oracle Identity And Access Management

Two-Factor Authentication

SharePoint Composites. Do-It-Yourself SharePoint solutions

Cisco and IBM: Enhancing the Way People Work Through Unified Communications

Vodafone Total Managed Mobility

Self-Service Provisioning and the Private Cloud

Build A private PaaS.

Overcoming Active Directory Audit Log Limitations. Written by Randy Franklin Smith President Monterey Technology Group, Inc.

Support and Service Management Service Description

can I customize my identity management deployment without extensive coding and services?

FileNet and SharePoint Better Together. Tom Moen Channel Development Manager

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

RSA SecurID Two-factor Authentication

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Best Practices for Designing a Secure Active Directory: Multi-Org Exchange Edition. written by Dmitry Sotnikov, Aelita Software.

IBM Rational ClearCase, Version 8.0

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

CA Process Automation for System z 3.1

Provide access control with innovative solutions from IBM.

MassTransit Leveraging MassTransit and Active Directory for Easier Account Provisioning and Management

CA Federation Manager

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

Reporting Services. White Paper. Published: August 2007 Updated: July 2008

Deciding When to Deploy Microsoft Windows SharePoint Services and Microsoft Office SharePoint Portal Server White Paper

STRONGER AUTHENTICATION for CA SiteMinder

Managing SSL Security in Multi-Server Environments

Understanding Enterprise Cloud Governance

IBM Tivoli Directory Integrator

INTRODUCTION PRODUCT PRIORITIES INTEGRATION

Apache Syncope OpenSource IdM

SOA REFERENCE ARCHITECTURE: WEB TIER

agility made possible

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF

CA Performance Center

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Business-Driven, Compliant Identity Management

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

An Oracle White Paper January Oracle Database Firewall

Implementing Support and Monitoring For a Business- Critical Application Migrated to Windows Azure

Transcription:

End-to-End Identity Management With Oblix and Microsoft WHITEPAPER

Copyright 2004 Oblix, Inc. All rights reserved This white paper is for informational purposes only. Oblix makes no warranties, expressed or implied, in this document. Mention of third-party products within this publication is for informational; purposes only and constitutes neither an endorsement nor a recommendation. The information contained in this document represents the current view of Oblix on the issues discussed as of the date of the publication. Because Oblix must respond to changing market conditions, it should be not be interpreted to be a commitment on the part of Oblix, and Oblix cannot guarantee the accuracy of any information presented after the date of publication. Software and documentation Copyright 1996-2003 by Oblix, Inc. All rights reserved. Oblix, NetPoint, Oblix NetPoint, COREid, and the Oblix logo are registered trademarks of Oblix, Inc. NetPoint COREid System; User Manager, Group Manager, Organization Manager, IdentityXML, Certificate Processing Server (Verisign ), COREid Server, and WebPass; NetPoint Access System: Access Manager, Access Server, WebGate, and AccessGate; SHAREid, SmartMarks, SmartWalls, SmartMaps, SAML quickconnect, FEDERATEDid Layer, Oblix IDLin k, Associate Portal Services, NetPoint System Console, NetPoint Ready Realm, NetPoint Federation Services, NetPoint Mainframe Security Connector, NetPoint SAML Services, and their logos are trademarks of Oblix, Inc. All other company and product names are trade names, service marks, trademarks, or registered trademarks of their respective companies. Printed in the United States of America Printing Date: January 2004 Part Number: obx9h Oblix, Inc. 18922 Forge Drive Cupertino, CA 95014, USA +1 408 861 6800 European Headquarters Atrium Court The Ring, Bracknell Berkshire RG12 1BW, UK +44 1344 393 054 www.oblix.com info@oblix.com 2

The Need for Identity Management Both inside and outside the corporate firewall, identity information determines who has access to electronic data and applications. With nearly all key company data now accessible through the network, enterprises want to ensure that only authorized users have access to protected information. At the same time, companies must ensure that partners, customers, and employees can access the data and applications required to conduct business. Balancing these objectives is the challenge of identity management. Oblix COREid and SHAREid combined with Microsoft s Identity Management products provide a comprehensive solution for managing and applying identity of internal and external users in both centralized and federated identity environments. Oblix and Microsoft offer a comprehensive solution supporting the key features necessary for automated and manual administration, security, synchronization, aggregation and transformation of identity data and its application in securing access to applications and resources. Oblix COREid identity products provide critical functionality that extend Microsoft s Active Directory /ADAM, Identity Integration Server (MIIS), and SharePoint Portal to support identity based initiatives such as single sign on, regulatory compliance, identity synchronization, federation, and others. Oblix COREid wraps key features around the Microsoft infrastructure to deliver a complete enterprise identity management solution. This paper summarizes how Oblix COREid can be used to build an enterprise scale, end-to-end identity management system using the Microsoft infrastructure. Microsoft Identity Management Products Microsoft provides a comprehensive suite of products aimed at addressing the identity management problem at the attribute level. These products consist of Active Directory/ ADAM, MIIS, and the SharePoint portal. Oblix COREid provides the business level application that provides the security, administration, and access control features required to deploy the Microsoft infrastructure at the enterprise level. A short description of the components of this infrastructure is provided below. Microsoft Active Directory Active Directory provides the means to manage the identities and relationships that make up network environments. Windows Server 2003 makes Active Directory simpler to manage, easing migration and deployment. Microsoft Active Directory Application Mode (ADAM) is a Lightweight Directory Access Protocol (LDAP) directory service that runs as a standalone user directory, decoupled from the network operating system. ADAM represents a breakthrough in directory services technology that provides flexibility and helps organizations avoid increased infrastructure costs. Microsoft Identity Integration Server (MIIS) - MIIS 2003 enables corporations to increase security and productivity while lowering IT costs. MIIS provides metadirectory and user provisioning capabilities to ensure consistent identity data across data stores. MIIS automates the process of distributing identity changes and profile updates across enterprise applications. 3

SharePoint Portal Server 2003 - SharePoint supports intelligent portals that connect users, teams, applications, and data over the Web. SharePoint operates at both the department and enterprise levels and integrates seamlessly with the desktop applications and tools used by nearly every employee. Oblix COREid Extends the Microsoft Identity Platform Oblix COREid wraps around the Microsoft identity management infrastructure to provide identity administration, provisioning workflow, and a complete web access control system. COREid provides features that extend the Microsoft identity management products to support the scalability and administrative requirements for large enterprises, especially within high-volume extranets. COREid has been specifically engineered to work with and extend the Microsoft infrastructure to meet today s demanding identity management requirements. Key components include: COREid Workflow provides a sophisticated system for applying business rules and processes to identity administration and provisioning. COREid Workflow allows approvals and notifications to be routed to the proper individuals within an organization for identity events such as adding and deactivating users, or changing attribute values in a user s profile. Within COREid Workflow, identity-based delegation and attribute security ensure that only users with appropriate rights can participate in workflow approvals. The combination of COREid, AD/ADAM, and MIIS delivers a centralized system for applying business rules to internal and external users across all applications. COREid Provisioning (available in Q2 2004) for MIIS is unique in its support for active provisioning directly into MIIS. Unlike other products that support provisioning indirectly through Active Directory. COREid works directly with the MIIS Metaverse to configure accounts on target systems without requiring the AD schema to be extended to accommodate the resource specific permissions or settings.. COREid Provisioning for MIIS incorporates a unique template approach that facilitates the definition of workflow processes that apply outside the AD environment. This allows target system permissions or settings to be provisioned without storing redundant information in each users profile. The combination of COREid Provisioning and MIIS provides a best of breed system for centralized administration and synchronization of identity data. 4

COREid Administration Console is a web based tool for managing identity data contained in Active Directory and MIIS. This console is based on XSLT stylesheets for easy customization and can be modified to expose specific functionality to specific subsets of the user population. COREid User Self-Service provides self-registration and end-user self service capabilities through a web based interface. Using these pre-packaged tools, enterprises can easily extend the Microsoft AD/ ADAM and MIIS infrastructure to externally facing portals supporting large user populations. COREid self-service functions enable administrative scalability by pushing profile administration closer to the groups that manage it. COREid Access System provides a comprehensive access management and single sign on capability for heterogeneous environments. The COREid Access System supports single sign on for web applications as well as the market leading application servers including ASP.NET. COREid Access integrates with the Microsoft SharePoint Portal using the Windows Impersonation feature available with IIS6. Using Windows Impersonation, users logged in to their Windows desktops can sign on to web applications transparently. COREid Auditing Oblix COREid provides a unique auditing framework that captures information for each identity change event for storage in a central database in real time. COREid Auditing provides a reporting tool for generating reports based on changes to user data in Active Directory as well as authentication/ authorization success and failure events. COREid IdentityXML is an XML interface that supports all of the COREid administrative functions. Using COREid IdentityXML identity administration, bulk changes and group membership checks can be performed programmatically against your identity data in Microsoft AD/ ADAM and MIIS. SHAREid is the first stand alone multi-protocol identity federation server designed and packaged for distribution to your trusted partners and organizations. SHAREid provides a standards-based approach to secure integration with your trusted partners. SHAREid provides a unique and flexible solution for integrating your identity system with other internal and external portals, data repositories, and access control environments. Typical Projects For Oblix and Microsoft Identity Management The depth and breadth of a combined Microsoft-Oblix solution supports a broad range of identity management initiatives, including: External or Internal Portals - COREid administration and access control features with SharePoint Portal and Active Directory bring a comprehensive solution for managing access permissions for internally or externally facing portals. The same system that can be used to manage employees is flexible enough to accommodate the differing security requirements for customers and business partners. Oblix COREid provides self-service, single sign on, workflow, and delegated administration to help portals scale to enterprise levels. 5

Global Address Book Applications - MIIS ability to synchronize identity information between different e- mail directories, combined with COREid s self-service and fine-grained attribute access model, gives employees or customers the ability to take control of managing aspects of their own portal applications. Account Provisioning MIIS and COREid Workflow provide a complete metadirectory-based provisioning solution. These products combine best of breed synchronization, aggregation, and transformation at the data layer with the UI, business logic, and workflow from COREid. The result is quick propagation of identity data about newly hired employees to all relevant systems, as well as automated reversal when employees leave. Security and Privacy Compliance Use COREid Management for determining who can view and modify identity information contained in Active Directory/ ADAM. Audit and track changes to the identity data. Generate reports using the bundled reports server. Conclusion For both centralized and federated identity management, Oblix and Microsoft have created a seamless set of integrated solutions addressing the data layer all the way to the application layer. Leading corporations have deployed these products to manage tens of thousands of employees/partners and hundreds of thousands to millions of customers. These companies enjoy the ease and power of a combined security solution that spans the desktop to the data center to the extranet. In addition, Oblix identity products also integrate with Microsoft products outside of the Microsoft Identity Management platform. For example, Oblix COREid also protects and manages users accessing applications in IIS, Content Management Server and Internet Security and Acceleration (ISA) Server. To learn more about how Oblix and Microsoft deliver world-class identity solutions, please contact Oblix at: Oblix Inc. 18922 Forge Drive Cupertino, CA 95014 +1.408.861.6800 info@oblix.com www.oblix.com 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information