Identity Lifecycle Manager // IT Management Solutions

Identity Lifecycle Manager

The task of provisioning of new user accounts invariably falls upon system administrators. Administrators create logins across a variety of systems, such as Active Directory (AD), Exchange, and SQL Server, when a new employee starts at the company. The equally important process of de-provisioning accounts when employees leave for pastures new often highlights the disconnect between the HR and IT departments—a system administrator might hear from the grapevine that Bob in accounts left the company three months ago but still has system access.

Identity Lifecycle Manager (ILM) 2 empowers end users to perform tasks traditionally undertaken by IT, such as resetting passwords and creating or deleting groups and users. It provides a SharePoint-based workflow where users can carry out simple tasks based on management policy rules defined in ILM. A record of who did what, and when, is maintained for auditing purposes.

How does ILM work?

ILM 2 is a complex product consisting of four main components: ILM Synchronization Service (previously called Microsoft Identity and Integration Server), which is supported by SQL Server 2008; ILM Portal, which is a SharePoint-based web portal for user and administrator access; ILM Client Components for Outlook and Windows integration; and ILM Service, a web service that interacts between the Synchronization Service and ILM Portal.

Synchronization Service is central to ILM and its function is to synchronize objects between directory services, such as AD and Novell, into a central database called the metaverse. Objects are synchronized into ILM's metaverse via connector spaces, and objects can either be synchronized back to the source directory service, or to a different directory, once processed by ILM. For instance, ILM could be used to keep passwords for user objects in sync between AD and Novell directory services, helping to simplify the logon process for users (though having one password to access all systems is convenient, this may not be acceptable in high-security environments). ILM comes with connector spaces for AD, SAP, Novell, Lotus Notes, Microsoft Exchange Server, SQL Server, and Oracle databases, to name just a few.

The most important new feature in ILM 2 is the ILM Portal, which provides access to all the product's main features, such as self-service identity and group management tools, via a web interface for both system administrators and end users. You can provision users and groups using the ILM Portal, create workflows, and modify policies. All changes are submitted to the ILM Service, which then passes requests to the ILM Synchronization Service, where the metaverse is updated.

ILM's client components integrate with Microsoft Outlook to provide group management tools, including the ability to process offline group membership or approval requests. The ILM client also integrates with Windows logon, providing an authentication gateway should users want to reset a forgotten password. Administrators can change employee data using ILM's portal. This information is then passed on by the ILM service to the synchronization service, which updates connected directories. The synchronization service is responsible for detecting new and changed records, and making the appropriate directory updates.

Installing ILM and Client Components

The system requirements for each of ILM's server components are slightly different. To install all the components on one server requires Windows Server 2008 64-bit (standard or enterprise edition), SQL Server 2008 64-bit (standard or enterprise edition), Internet Information Services 7 (IIS).NET Framework 3.0 and 3.5 SP1, and Windows SharePoint Services 3.0 SP1. The server must have at least 2GB of available disk space and 2GB of memory. The client-side components are supported on Windows XP Professional SP3 and Windows Vista Enterprise SP1, both 32-bit and 64-bit editions, and Outlook 2007. .NET Framework 3.5 SP1 is also required on clients.

ILM in Action - Self-Service Password Resets

A prominent new feature of ILM 2 is the ability for users to reset forgotten passwords at the Windows logon prompt. Administrators can configure one or more authentication gateways where users answer a series of pre-defined questions before being given the opportunity to reset their password, or proceed to the next gateway. Inserting a smartcard can also be set as a condition for passing a gateway. When users log on for the first time, they're asked to register with the self-service password reset system by answering questions set by an administrator.

You can categorize users so that those who have access to highly sensitive information on the network have to pass more authentication gateways before being allowed to reset their password. The ability to reset passwords at the logon prompt can be disabled, and you can enable that ability in a web interface.

Identity Management for Users

ILM Portal can be customized for different categories of users to access features, such as managing distribution list (DL) membership, telephone extensions, or office numbers, which Figure 1 illustrates. The ability to manage security groups and DLs via ILM Portal provides a natural extension to the SharePoint system, with which many users will already be familiar.

You might also like

Someone in management of their database will

by hazehunt

Unless you know what data mining is, without doing a search.. or cross-platform.. you have no room to speak if dont know exactly how spidering works. databases... you obviously just dont know.
there is a video site that has my user profile, and videos, from my youtube site. it spidered, then copied and created a new profile using the data entries and actual videos contained in my youtube record. In other words, it stole the data, automatically.
systems, and list brokers, seek to have your database whether its from a grocery store or from your local bank

The IT degree is

by Shoe_shine_rae_Jxa

General, a little bit of database, EXCEL, Word, html/webpage design, VB net programming, and management, etc. I have an RN license, but a cherry picker working out in a field for 12 hours a day under the blasing sun fighting flies has an easier time of it then the average nurse.
To finance my unemployment I worked in dialysis for 4 years. Mandatory overtime sometimes for 50-60 hours a week knee deep in HIV, HepC/A/B blood. My personal drawback--I'm 59 years old. I got out of nursing because my life is worth more than $30 dollars an hour to me or in my case $25.(which half of what I made was confiscated by uncle sam

My GOD!! Sake says, "What is wrong with NEOCON?"

by SakeBomb2

It can't be possible that the entire leadership of the NEOCON party is crooked, liars, criminals, could it? We got FRIST, DELAY, ROVE, SCOOTER, That NAM jet fighter pilot senator (forgot his name). So many NEOCONS being indicted for one thing or another. Did I miss anybody? It is really getting tough to keep track of all these NEOCONS. Help me? I need a database management system. Any recommendations?

Yep that is exactly what happened to me

by elainebowers

Netflix was super fast the first month; then, it started in with taking a few days for them to receive the returned dvd, and then a wait before theys shipped the dvd. I became frustrated enough in about month 4 to switch over to Blockbuster.
Blockbuster's queue management is harder because they don't have all the movies in their database until only about 2-3 weeks prior to the dvd being released. With netflix, you could add a movie to your queue that is currently being shown in theatres. That was a super nice feature. With Blockbuster, I have to keep an offline list of movies.
But Blockbuster also lets you rent two free movies or games from the store every month

Nikkei BP Publishing Center ID integrated management solutions to practice in the Active Directory ID Automatic Administration Guide Microsoft Identity Lifecycle Manager 2007 (Microsoft IT Professional Series) (2008) ISBN: 4891005718 [Japanese Import]
Book (Nikkei BP Publishing Center)

Shielding names of police, prosecutors in online tax records divides lawmakers  —
Paul Stam, R-Wake, said counties would spend millions of dollars managing databases where some names were out in the open and others weren't. "This idea that you can have two different sets of records electronically – one at the courthouse and the ..

IDC Research Sun Underscores Compliance with Identity Manager 7.0: Automating Identity Lifecycle Management and Identity Auditing Processes
Book (IDC Research)
Microsoft Forefront Security For Exchange Server - Media - Volume - Cd - Win - English
Software ()
  • Microsoft Search Server 2008 with Product Key
  • Forefront Security for Exchange Server with Service Pack 1 (x64) with Product Key
  • Forefront Security for SharePoint with Service Pack 2 (x64) with Product Key
  • Microsoft Identity Lifecycle Manager 2007 w/ Feature Pack 1 with Product Key
McGraw-Hill Osborne Media Oracle Fusion Middleware 11g Architecture and Management (Oracle Press)
eBooks (McGraw-Hill Osborne Media)

Related Posts

Copyright © . All Rights Reserved