Managing Identities in a Hybrid World Identity Management
Managing Identities in a Hybrid World Identity Management for Office 365 Bob Bradley, MVP, MCC, MCTS, The MIM Team Adelaide Windows User Group September 2016 Meeting
Contents q q q q q Presenter Profile UNIFY Solutions Overview The Dilemma Office 365 User Governance Basic Principles of Id. M (for users) Integrating HR across the Enterprise Identity Broker for Office 365 Demonstration (30 minutes) Summary Questions © UNIFY Solutions
Presenter Profile – Bob Bradley Microsoft recognises the best and brightest from technology communities around the world with the Microsoft Most Valuable Professional (MVP) Award. The exceptional community leaders actively share their high-quality, real-world technical expertise with the community and with Microsoft. Bob is an Enterprise Mobility MVP for sharing his Identity and Access (IAM) management expertise. Bob is also a recipient of the Microsoft Community Contributor (MCC) Award in recognition of his contribution and commitment to Microsoft technical communities. Bob is a foundation member of The MIM Team. He is one of the leading MIM design & deployment practitioners and mentors who support the identity management programs of Microsoft and its strategic customers. Bob has extensive expertise and experience in Microsoft IAM products and has successfully delivered many complex IAM design & deployment projects in the banking, education, public sector and commercial industry sectors. © UNIFY Solutions 3
UNIFY Solutions Overview q q q UNIFY Solutions (UNIFY) was established in 2004 with the sole focus of providing world-class Identity and Access Management solutions and expertise across APAC Specialised in Microsoft based Identity and Access Management Extensive experience in developing and successfully implementing Microsoft Identity and Access Management solutions across a range of industries and geographies © UNIFY Solutions
UNIFY Solutions Overview • Strong partnership with Microsoft globally t t t Member of the Microsoft Security Partner Advisory Council (S-PAC) 2 Seats Microsoft Consulting Services Training, Consulting, Joint Projects Locations • Brisbane, Sydney, Melbourne, Canberra, Adelaide, Wellington © UNIFY Solutions
UNIFY Solutions Overview Business Units q Business Strategic Consulting Group q Product Group Identity Broker series of Application Connectors for Id. M Event Broker for event-driven Microsoft MIM operations q APAC Training Academy q Consulting Group The MIM Team © UNIFY Solutions
Example Project Experience Project Department of Education and Training (Queensland) Identities Number Students 650, 000 Staff 75, 000 Groups 25, 000 Sample of Connected Systems School management systems (1300 instances) Share. Point AD (13 forest / domains) TAM SUN directory Staff / 8, 000 8 x Enterprise LOB apps SAP HR Contractors Share. Point Groups 1, 000 AD (3 forests) National Australia Bank Staff 55, 000 Exchange Domino / Notes ACT Education Groups Students 50, 000 37, 000 AD Maze Staff 5, 000 AD Parents 100, 000 ADLDS Schools 87 Classes 8, 000 Groups Staff 10, 000 30, 000 SAMS Groups 10, 000 Active Directory Department of Environment, Water, Heritage and the Arts (Federal) Centrelink / MCS © UNIFY Solutions
The Dilemma q q q You have implemented Office 365 for all of your employees and migrated all mailboxes to Exchange Online Everyone has an E 3 license, but has a different flavour based on whether they need Skype, and consultants don’t get Exchange Now you want to implement Intune and Yammer, as well as support those who want extra licenses for Visio, and Power BI Pro You have already exhausted your initial license pool allocation, and have since extended it twice but remain on the brink of running out of licenses This hasn’t quite met expectations in terms of cost savings from the traditional on-premises model you managed for years before, so where did it go wrong? © UNIFY Solutions 8
Office 365 User Governance q q What if you could ensure only those who are current employees or contractors have an E 3, and that anything else has to be approved by their manager? AADConnect will sync every AD account it finds on-premises, so you need to do the following to maximise compliance and operational efficiency: q Accounts are enabled and disabled in line with their tenure (i. e. HR record for permanents) Manager relationships/org structures are accurate for approval routing Meta data (cost centre, job desc, location, etc. ) is accurate for default role membership Unused resources (e. g. O 365 licenses) are automatically returned to the pool User governance is no longer an option, it is an imperative! © UNIFY Solutions 9
Basic Principles of Id. M (for users) q q q Identify authoritative sources of user identity (applications, directories, services, etc. ) Define user synchronisation, access and policy requirements Identify a common unique identifier Identify common attributes and attribute precedence rules for synchronisation Define common organisational level business policy (e. g. on-boarding, offboarding) Combine workflow and synchronisation into a consolidated Id. M solution © UNIFY Solutions 10
Integrating HR across the Enterprise Why should integrating HR across the Enterprise be important? © UNIFY Solutions
Integrating HR across the Enterprise Operational • Maintenance of multiple sources of identity data • Manual user provisioning by helpdesk delaying on/off boarding and change in positions • Labour-intensive paper-based approval systems • Users dependent on helpdesk response times Business • • Improve productivity and reduce costs Role specific requirements and access Inconsistent and informal processes Consistent and accurate data Real-Time Compliance • • • No record of who has access to which IT resources Inability to de-provision user access on termination Identify and manage business & IT controls Meet audit requirements Prevention of un-authorised access © UNIFY Solutions
Integrating HR across the Enterprise q q Integrate HR with Active Directory, other Enterprise Directories and Applications HR-driven Identity Management not only protects critical data and information, it also helps to maximise return on investment by creating efficient and productive workflow systems. HR-driven Identity Management can help you add value to your business by improving data security; establishing secure access controls for selected users; streamlining processes and administration, and reducing costs through automation. As these improvements are important to your organisation, you can now tick the following boxes (substitute chris 21 any of the other 3 HR platforms below): © UNIFY Solutions 13
Integrating HR across the Enterprise Your HR system has the Answers Operational HR Compliance Business • Automate Management of Identity Lifecycle • On Boarding • Off Boarding • Day to Day Changes • Consistent Data • High Integrity • Organisational Information • Role Based Access • Managers and Reports To • Automated Real-Time Compliancy • Enforce Business Process and Policy • Improve Business Productivity • Streamline Processes and Reduce Costs © UNIFY Solutions
Identity Broker for HR Applications Peter Tiernan Brisbane Peter Tiernan Network Brisbane Identity Management Consultant Identity Management Peter Tiernan Consultant Brisbane Identity Management Identity Broker HR Email Reporting Identity Management Consultant Synchronise Peter Tiernan Brisbane Compliancy Role Identity Management and Synchronisation Platform © UNIFY Solutions White Pages Identity Management Consultant Peter Tiernan Brisbane Business Apps Identity Management Consultant
Integrating HR across the Enterprise Peter Tiernan Brisbane Peter Tiernan Network Brisbane Identity Management Consultant Identity Management Peter Tiernan Manager Brisbane Identity Management Identity Broker HR Email Reporting Identity Management Consultant Synchronise Peter Tiernan Brisbane Compliancy Role Identity Management and Synchronisation Platform © UNIFY Solutions White Pages Identity Management Consultant Peter Tiernan Brisbane Business Apps Identity Management Consultant
Integrating HR across the Enterprise Peter Tiernan Brisbane Peter Tiernan Network Brisbane Identity Management Manager Identity Management Peter Tiernan Manager Brisbane Identity Management Identity Broker HR Email Reporting Identity Management Manager Synchronise Peter Tiernan Brisbane Compliancy Role Identity Management and Synchronisation Platform © UNIFY Solutions White Pages Identity Management Manager Peter Tiernan Brisbane Business Apps Identity Management Consultant
Identity Broker for Office 365 q q q Azure is Microsoft's fastest growing platform. Office 365 is Microsoft's fastest growing cloud product. Typical challenges for organisations large and small include q supporting multiple directories for user authentication and meta data; support for a multi forest/domain Active Directory environment, particularly where there are users who move between forests/domains; implementing real-time compliance based upon changes to authoritative sources including user definitions and information; and maintaining a consistent global GAL across business regions. Through the Identity Broker™ for Office 365®, information from other applications and services can be populated within AD/AAD thereby increasing the value and integrity of the O 365 platform. © UNIFY Solutions 18
Demonstration Combine the above elements into a single Id. M solution to deliver a compliant AD/Azure/O 365 platform for your organisation. © UNIFY Solutions 19
Summary Consider applying the principles of Identity Management to your Office 365/Azure investment to keep your costs within budget! UNIFY have developed a repeatable HR + AD + AAD synchronisation solution for a number of popular HR platforms, including those popular locally such as: q chris 21 q Empower q Talent 2 Alesco q Aurion If your HR application isn’t one of these, talk to us. In addition to the above, the current suite applications supported by Identity Broker appears on the next slide, and is growing fast (e. g. SAP Success Factors, Work. Day). © UNIFY Solutions 20
Identity Broker Examples of Out-of-the-Identity Broker-Box are: • Forefront® Identity Manager (FIM) 2010 • Frontier Software chris 21™ • Aurion® HRMS • SAP® ERP Human Capital Management™ • SAP Success Factors • Empower HR • Talent 2 Alesco® • Dell™ TPAM • HP TRIM • Cisco® Unified Communications Manager • ADERANT Expert® • Microsoft® Share. Point® profiles and lists • Microsoft Dynamics® • RM Maze • SALT/Thales Safe. Sign Management Server • Microsoft® Azure Active Directory® • Google® Apps • Workday® Human Capital Management • Eclipse Edu. Point (formerly e. Minerva) • SIFau • Net. IQ (Novell®) Id. M • IBM® Tivoli® Access Manager • SAP® Net. Weaver® Identity Manager • Marval® MSM® • Service. Now • View. DS Meta-Directory Server • Kronos® Workforce Timekeeper™ • CSC®/i. Soft i. Patient Manager • CSC®/i. Soft Emergency Department Information System • Open. Text® Integrated Document Management • Oracle® Taleo Recruiting Cloud Service • Microsoft® Office® 365 © UNIFY Solutions
Questions www. microsoft. com/identity www. unifysolutions. net/tools-solutions/ www. themimteam. com www. fimeventbroker. com Bob Bradley bob. bradley@unifysolutions. net Thank You
- Slides: 22
