ILM 2 : A powerful Identity Management solution

Microsoft has had been Identity Management via MIIS and ILM 2007.

MIIS – Microsoft Identity Integration Server 2003, has been provides various customers a capability to -

• • synchronize the identities across various data sources
  • Synchronize the password
  • user provisioning, de-provisioning, managing users etc.

However, MIIS lacked the workflows, reporting, powerful self-service capabilities that makes Identity Management solution a complete solution.

ILM 2007 provides MIIS capabilities as well as Certificate Lifecycle Management capabilities. Certificate Lifecycle Management allows organizations to -

• • Manage the life cycle of digital certificates and smart cards
  • Centralized administration of certificates and smart cards
  • Workflow and policies for activities -
    • Configurable policy-based workflows for common tasks
    • Enroll/renew/update
    • Recover/card replacement
    • Revoke
    • Retire/disable smart card
    • Issue temporary/duplicate smart card
    • Personalize smart card
  • Self-service capabilities to end-users to reset the PINs, request for above activities
  • auditing and reporting; and
  • Integration with Active Directory Certificate Services.

ILM 2 provides more capabilities than its predecessor. The capabilities of ILM 2 includes -

• • Extensible Windows Workflow Foundation based workflows -
    • allow IT professional to quick create, update and modify the Workflow based on business processes
    • Does not require any languages or coding / scripting.
    • The workflow are based on WF (Windows Workflow Foundation) which enables organizations to import and reuse the workflows
    • Provides WS* APIs to enable customization at product & solution level.

• • Enforces policies from a centralized Server. The interface is Windows SharePoint Services (WSS).
  • Management of 3rd Party CAs and OTPs.
  • Credential Management using workflows for e.g. automatically provision a user account, set their initial password, and kick off the process to issue smart cards and digital certificates to the user.
  • Powerful Self-Service Password Reset – Allows users to reset the password at Desktop logon. Additionally portal based password reset is also available.
  • Self-service Profile management – allows users to manage their profiles, raise request for additional accounts, access etc.
  • Codeless User Provisioning – Unlike MIIS, ILM 2 does not require writing any codes to perform Identity Management.
  • Group Management – Capability to manage the Security groups, DLs in the target systems
  • Tighter integration with Office -
    • Group Management via Office - Users can use Outlook to raise request for group memberships, DL subscription etc.
    • Offline approvals - The Managers can approve the request on mails instead of logging on to portal and approving the request.

These are few of the capabilities that makes ILM 2 a more powerful solution.

High Level Architecture of ILM 2 is as below -

In order to understand how ILM 2 works and have a quick peek look at various scenarios, I would attach the Video of my session in recent Virtual Tech Day, in my next post.