AD Auth Z and FIM Oh my Laura

  • Slides: 6
Download presentation
AD, Auth. Z and FIM (Oh my!) Laura E. Hunter Identity Architect www. oxfordcomputergroup.

AD, Auth. Z and FIM (Oh my!) Laura E. Hunter Identity Architect www. oxfordcomputergroup. com Expertise in Identity & Access Management

Active Directory • Authentication, Authorization and Auditing – LDAP-based – Low barrier to entry

Active Directory • Authentication, Authorization and Auditing – LDAP-based – Low barrier to entry • No separate licensing – you own a Windows server license, you can deploy AD – High levels of penetration in corporate and EDU environments www. oxfordcomputergroup. com

AD for Role Management? • Which of the following is my phone number? –

AD for Role Management? • Which of the following is my phone number? – +1 (215) 380 -4476 – 215. 380. 4476 – (215) 380 -4476 – 215 -380 -4476 • Now…which of those will AD allow me to enter? – Good at replication and publication – Bad at enforcing business rules www. oxfordcomputergroup. com

So What Else Is There? • Identity Lifecycle Manager – Specifically ILM “ 2”,

So What Else Is There? • Identity Lifecycle Manager – Specifically ILM “ 2”, a. k. a. FIM 2010 • (It’ll ship someday, I swear) – Enforces business rules before writing data to a connected directory • “All of Joe Smith’s direct reports will be in a security group called ‘JSDR’” – SQL store provides a single location for “role mining” and historical queries • Additional cost/CAL considerations! www. oxfordcomputergroup. com

Is There a Middle Ground? • Sure. It’s a “build vs. buy” decision •

Is There a Middle Ground? • Sure. It’s a “build vs. buy” decision • Anything that can write to LDAP can write to AD – Constrained proxy apps (usually web-based) or scripts • …but the native tools still won’t enforce logic! www. oxfordcomputergroup. com

Thank You! www. oxfordcomputergroup. com Expertise in Identity & Access Management

Thank You! www. oxfordcomputergroup. com Expertise in Identity & Access Management