Presentation Title

Download Report

Transcript Presentation Title

AD, AuthZ and FIM
(Oh my!)
Laura E. Hunter
Identity Architect
www.oxfordcomputergroup.com
Expertise in Identity & Access Management
Active Directory
• Authentication, Authorization and Auditing
– LDAP-based
– Low barrier to entry
• No separate licensing – you own a
Windows server license, you can deploy
AD
– High levels of penetration in corporate and
EDU environments
www.oxfordcomputergroup.com
AD for Role Management?
• Which of the following is my phone number?
–
–
–
–
+1 (215) 380-4476
215.380.4476
(215) 380-4476
215-380-4476
• Now…which of those will AD allow me to
enter?
– Good at replication and publication
– Bad at enforcing business rules
www.oxfordcomputergroup.com
So What Else Is There?
• Identity Lifecycle Manager
– Specifically ILM “2”, a.k.a. FIM 2010
• (It’ll ship someday, I swear)
– Enforces business rules before writing data to a
connected directory
• “All of Joe Smith’s direct reports will be in a security group
called ‘JSDR’”
– SQL store provides a single location for “role
mining” and historical queries
• Additional cost/CAL considerations!
www.oxfordcomputergroup.com
Is There a Middle Ground?
• Sure. It’s a “build vs. buy” decision
• Anything that can write to LDAP can write to
AD
– Constrained proxy apps (usually web-based) or
scripts
• …but the native tools still won’t enforce logic!
www.oxfordcomputergroup.com
Thank You!
www.oxfordcomputergroup.com
Expertise in Identity & Access Management