ECDC s Identity Management System
Download
Report
Transcript ECDC s Identity Management System
Information system of European Centre
for Disease Prevention and Control
Identity Management System
Leonora Brooke, architect, ADMIN, ICT, Project Office
European Centre for Disease Prevention and Control
Istanbul, 25 September, 2009
Identity Management System
ECDC IT external information systems overview
ECDCDMZ
TESSy
One way
TRUST
Accounts
EPIS
+
=
User
Contact
TTT
Account
Experts Directory
ECDCNET
Management
Board
CRM
Advisory Forum
Contacts
Identity Management System
Internal and external users in external facing applications
TESSy
External User
Internal User
EPIS
External User
Internal User
TTT
External User
Internal User
Experts Directory
External User
Internal User
Management
Board
External User
Internal User
Advisory Forum
External User
Internal User
Identity Management System
What is IDM the solution of:
Well defined nomination processes
Unified contact management and user provisioning
Data integrity
Improved security
Auditing-facilities
Reports
Efficiency of administration
Identity Management System
External user creation flow
1. creation of an External User (containing Contact Details & Business Profile, Authorization profile) is requested
Application Nominator
ECDCDMZ
IDM
CRM
Identity Management System
External user creation flow
1. creation of an External User (containing Contact Details & Business Profile, Authorization profile) is requested
Application Nominator
GATEKEEPER
ECDCDMZ
App. 1 Authorizer
2. Authorizer is notified
App. 2 Authorizer
IDM
.
.
.
Request is validated
App. N Authorizer
CRM
Identity Management System
External user creation flow
1. creation of an External User (containing Contact Details & Business Profile, Authorization profile) is requested
Application Nominator
GATEKEEPER
ECDCDMZ
App. 1 Authorizer
2. Authorizer is notified
App. 2 Authorizer
IDM
.
.
.
Request is validated
App. N Authorizer
3. A CRM contact request
is sent to CRM
GATEKEEPER
Request is accepted
CRM Authorizer
Contact is created
CRM
Identity Management System
1. creation of an External User (containing Contact Details & Business Profile, Authorization profile) is requested
Application Nominator
GATEKEEPER
ECDCDMZ
App. 1 Authorizer
2. Authorizer is notified
App. 2 Authorizer
IDM
4. Account is created in AD
Authorization Profile saved in AD
.
.
.
4. Business Profile saved in CMR
AD ID (logon name) saved in the Contact Details
Request is validated
App. N Authorizer
3. A CRM contact request
is sent to CRM
GATEKEEPER
Request is accepted
CRM Authorizer
Contact is created
CRM
Identity Management System
Implementation tool chosen Microsoft Identity Lifecycle Manager
”2”
built on the metadirectory, a management environment used for user
management, credential management, group management, policy
management, expanded extensibility and connectivity
built on a .NET and WS-* based foundation for developers to build more
customized and extensible solutions
build on the technology of the synchronization engine that was included
in Microsoft® Identity Lifecycle Manager 2007 (ILM 2007) to synchronize
data among many different external databases and systems through
management agents (adapters)
Microsoft Identity Lifecycle Manager ”2” (ILM 2) = Forefront Identity
Manager 2010
Identity Management System
Challenges:
Link with the CRM system
Dealing with different nomination procedures
Using and implementing AD related policies
Treat external and internal users differently
Harmonizing existing data in the 2 Active Directories, CRM
and data outside these systems
Building development and test environments replicating the
live environment
Working with Release Candidate software
Impact on existing systems and business processes
Identity Management System