SIA 314 Making Entitlements in AD Understandable to

SIA 314 Making Entitlements in AD Understandable to the Business Rob de Jong Senior Program Manager Microsoft Corporation

Roles have members • • Roles have content • • Users that are automatically linked through Orgunit memberships or attribute values Manually linked through Self Service Requests Directly linked by the Administrator Active Directory groups, modeled as Permissions Access rights in other applications, modeled as Permissions Other Roles can be inherited throughout the Orgunit structure When a User gets a Role, the contents of the Role are linked to the User This triggers provisioning instructions through FIM 2010 into the target applications

• Roles group Access Rights – AD Groups, other apps • Roles are created… • Automatically, based on HR data • Manually • Roles are linked to Users… • Automatically, based on HR data • Manually, through… • • Self Service Request and Approval Direct link in BHOLD Portal • Roles trigger provisioning to targets – AD, other apps

• New Employee data coming from HR flows into BHOLD • • through FIM 2010 BHOLD automatically links the new employee to Roles based on HR information – Department, Job Title, … BHOLD calculates group memberships based on roles Group memberships are provisioned into AD through FIM 2010 Changes in Employee data automatically trigger recalculation of group memberships in BHOLD

demo Automatic Provisioning with Roles

RBA C BHOLD Employees, Employees and. Accounts OU’s, HR OU’s& Groups MA Group Memberships MA Groups and Accounts CS Source HR BHOLD Components and data flow FIM Components and data flow HR MA CS CS MV AD MA Active Directory MV Extn Group Memberships FIM Sync Svc

Organization Employees Group Memberships • Organization • Employees • Group Memberships

Membership Roles AD Accounts, Groups and Group Memberships Active Directory HR System Excel or. CSV files Role Minin g BHOLD Model Generator Excel or. CSV files Employee, Manager and Orgunit Info Attribute Roles Personal Roles Optional Roles

New Membership role created for the Org. Unit Permissions linked to the role, based on the % of users in the Orgunit that share these permission Users linked to the role, based on their Org. Unit membership

at·test (-tst)v. at·test·ed, at·test·ing, at·tests • v. tr. 1. To affirm to be correct, true, or genuine: The date of the painting was attested by the appraiser.

A new Campaign is created User, Groups and Employee data flows into BHOLD Employee data BHOLD Corrections are sent to BHOLD flows into MV Which Employee is in which department? Who is managing? Source HR BHOLD Components and responsible data flow FIM Components and data flow BHOLD Attestation Service Users, OU’s MA MA Emails are Steward fills sent to please out. Can theyou form Stewards go to the Accounts, Prov. Email Server CS MA CS MV Object set MV Extn FIM Sync Svc BHOLD Attestation Website CS MA Corrections are de. User Group provisioned in memberships AD flows into MV Attestation Website and fill out the form? Active Directory Which Users are in which AD Groups?

demo Self Service

BHOLD Groups are linked to Accounts BHOLD MA CS Available Request is Roles and becomes a Approved Employees Workflow Manager opens BHOLD Manager makes Role Owner Self sends Service FIM 2010 Self Service a Request approves Portal out Approval request messages What can this Role is “Can this Manager assigned to “Yes, he FIM Portal User get this Request? User can!” Role? ” CS MV MV Extn FIM Sync Svc AD MA Groups are linked to Accounts in AD Active Directory

https: //msdn. microsoft. com/useng/subscriptions/securedownloads/#File. Id=49036

#TE(sessioncode) Hands-On Labs Talk to our Experts at the TLC DOWNLOAD Windows Server 2012 Release Candidate DOWNLOAD Microsoft System Center 2012 Evaluation microsoft. com/windowsserver microsoft. com/systemcenter

Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //europe. msteched. com www. microsoft. com/learning Tech. Net Resources for IT Professionals Resources for Developers http: //microsoft. com/technet http: //microsoft. com/msdn

Evaluations Submit your evals online http: //europe. msteched. com/sessions