Many of you have no doubt heard of and some of you will have worked with Microsoft Identity Integration Server 2003, otherwise known as MIIS 2003.
In 2007 MIIS 2003 became incorporated into a new product offering, Identity Lifecycle Manager 2007, which combined the Identity Integration capabilities of the product with Certificate Lifecycle Management, giving organisations the ability to provision and manage the lifecycle of digital certificates and smart cards. To quote the ILM 2007 product web page the product offers the following:
(1) Identity synchronization. ILM 2007 synchronizes user accounts and attributes in all of those systems, including synchronization of passwords. Directory synchronization saves time and money that is currently spent on keeping data consistent and enforcing data ownership rules.
(2) User provisioning. ILM 2007 automatically creates user accounts, mailboxes, and other identity information in target systems in real-time so new employees are productive immediately, and also ensures that corporate resource access is instantly revoked for employees who leave the organization.
(3) Certificate management. ILM 2007 includes a workflow and policy-based solution that enables organizations to manage the lifecycle of digital certificates and smart cards. ILM 2007 significantly lowers the costs associated with digital certificates and smart cards by enabling organizations to more efficiently deploy, manage, and maintain a certificate-based infrastructure. It also streamlines the provisioning, configuration, and management of digital certificates and smart cards, while increasing security through strong, multifactor authentication technology
MCS in Ireland have deployed ILM 2007 to a number of customers, using it to provide solutions for Identity Management , Smartcard deployment, GAL synchronisation and even managing the migration and consolidation of several disparate Active Directory infrastructures into a new consolidated AD infrastructure for 18000+ users.
It's a fantastic product, and in future blogs I'll give an insight as to how we used ILM 2007 to deliver these solutions. But for now I want to highlight possibly the coolest piece of software that I've seen in a long time, Identity Lifecycle Manager "2".
ILM 2 is the next step in Microsoft's roadmap for Identity and Access Management. It is scheduled for release in the first half of 2009 and is currently a Beta 2 release. For anyone interested in Identity and Access Management I would strongly recommend that you subscribe to the beta at:
Here you can get access to the beta software, documentation and register for a DVD with a full working VPC image of beta 2
For ILM 2, Microsoft will invest in four key areas:
One of the most important things Microsoft is delivering from a developer standpoint and business standpoint is automated, codeless, user provisioning. Automated provisioning allows you to easily define the provisioning workflow associated with bringing a new user or partner to the enterprise and provisioning them with access to different applications in an automated manner. Rather than stitching together a very coding-intensive and relatively brittle solution, ILM 2 offers a fluid and automated solution.
Automated provisioning workflow enables integration of user, device, and service management. Create a scenario for your users, associate resources around them, and do this in a very seamless manner. Over time, automated and integrated processes will be available for new users when they come to the enterprise, which makes them more productive from day one. De-provisioning for users leaving the enterprise also becomes less complicated, which makes it easier to handle future compliance audits.
One of the big things delivered by ILM 2 is the ability to manage all of the credentials in an integrated manner, both from the administrative and end user standpoint. IT pros will have one place where they can look at user policies, define policies, and define smart card templates and processes for resetting pins. The end user’s experience will be very intuitive—with ILM 2, identity management will be embedded in familiar applications and integrated with familiar tools, which reduces the cost of deploying identity management for the organization and enables easier and faster adoption.
With ILM 2, we’ll be able to support a variety of different ways that end users authenticate themselves, whether through Smart cards, challenge-and-response questions for help-desk assisted password reset, and speech-enabled phone password reset.
ILM 2 enables end users to manage their own distribution lists and enhance the self-service experience. Because it’s so easy and intuitive to work from within the Office and SharePoint environments, users won’t need to run to IT or work in an application they aren’t familiar with—it can all be easily achieved within a familiar environment.
Also, ILM 2 enables dynamic calculation of access. When users’ roles change, their access and permissions will change with them.
ILM 2 provides a logical method of setting policies. Express the business policies, and have them enforced through the other pillars.
Because we can leverage tools like Windows Workflow Foundation, the workflow you generate and create can be stored in libraries for reuse. We’re always looking for ways to drive down the total ownership costs, and we’ve done precisely that with ILM 2.