Identity crisis

Audience

Everyone

I am having a look at Microsoft’s Identity Lifecycle Manager 2007 as a solution to our disparate user identity problem. Some of the bigger companies out there have solved this problem, and in many of the smaller companies it just does not exist, but we have many system that hold meta data about our employees. From HR systems to Active Directory and custom web based address books. Because of Aggreko’s unprecedented growth these systems have outgrown our capacity to maintain the consistency of the data, with small groups responsible for each repository and everyone not knowing where ALL the repository’s are or who controls them.

The idea of ILM server is to provide a single “metaverse” where all of the data is stored that has agents and adapters for all of the systems that you have. These agents and adapters are responsible for pulling and pushing the data between the stores in a consistent manor, so if HR in France updates a users job title it gets pulled into the “metaverse” and then pushed out to all of other system connected to ILM.

How Identity Lifecycle Manager 2007 Works

 

Out of the box ILM 2007 supports the following agents and connectors:

Network Operating Systems and Directory Services

Microsoft Active Directory Windows Server 2003 R2, 2003, and 2000
Microsoft Active Directory Application Mode Windows Server 2003 R2 and 2003
Microsoft Windows NT 4.0
IBM Tivoli Directory Server
Novell eDirectory 8.6.2, 8.7, and 8.7.x
Sun Directory Server (Netscape/iPlanet/SunONE) 4.x and 5.x

Mainframe

IBM Resource Access Control Facility
Computer Associates eTrust ACF2
Computer Associates eTrust Top Secret

Email and Messaging

Microsoft Exchange 2007, 2003, 2000, and 5.5
Lotus Notes 6.x, 5.0, and 4.6

Applications

SAP 5.0 and 4.7
Telephone switches
XML-based systems
DSML-based systems

Databases

Microsoft SQL Server 2005, 2000, and 7
IBM DB2
Oracle 10g, 9i, and 8i

File-Based

Attribute value Pairs
CSV
Delimited
Fixed Width
Directory Services Markup Language (DSML) 2.0
LDAP Interchange Format (LDIF)

All Other

Extensible Management Agent for connectivity to all other systems

But ILM supports way more than just data consistency. It will even provision Active Directory accounts and mail accounts automatically if an employee is added by HR enabling this process to be automated. You could have HR create a user in their system and set the relevant “profile” that the relates to the user and have their AD and mail setup along with permissions for SharePoint sites, folder shares and any other custom system you care to name smile_regular I like this system already… even if it only does half of what it says on the box it could be a very effective tool in the arsenal of any companies automation strategies.

A good point to note is wither the Data protection Act covers information about a person stored by the company they work for! I am not sure wither the same rules apply, but it is of benefit to any company if users details are accurate across all of their systems.

The benefits according to Microsoft’s

propaganda marketing:

  • Improve Operational Efficiency
    Now businesses can aggregate identities across the enterprise into a single view, simplify user access to multiple applications, reduce IT costs, and increase productivity.
  • Boost Compliance
    Companies can ensure that every user has proper access to resources, create auditable processes for access rights, and deploy single sign-on capabilities that comply with company policy.
  • Heighten Security
    Businesses can reduce the risk of security leaks by ensuring that only authorized users can gain access to company resources and that people know who they are dealing with electronically.
  • Enable Business Success
    By securely sharing identities across organizational boundaries, businesses can collaborate more efficiently with partners and customers.

We will see! I am currently installing a dev box and I will evaluate it according to the specific needs of our business…

 

Technorati Tags:  

Create a conversation around this article

Share on Facebook
Share on Twitter
Share on Linkdin

Read more

Martin Hinshelwood
For a long time now I have been searching for that perfect domain that epitomised the vision, the why, of what I am trying to achieve with my customers and the industry at large. Now I have found it in http://nkdagility.com
Martin Hinshelwood
At the MVP Summit I was appalled by the number of people who asked questions about new features for supporting hierarchical tasks! I shared a disgusted look with Peter Provost and we had a quick (and I mean really quick) conversation that resulted in this post. it really comes down …
Martin Hinshelwood
In my journey of delivering an immersive Product Development Mentor Program over the last eight weeks, a compelling narrative unfolded that beautifully illustrates the essence and true strength of Scrum. This story, rooted in the practical application of Scrum through Minecraft, unveils the depth of adaptability and resilience that Scrum …
Martin Hinshelwood
The Boards in Azure DevOps are a powerful tool that your teams can leverage to enable transparent visualization of the current state of value delivery.  However, the inclusion of Blocked columns can stealthily erode the very foundations of efficiency these boards are meant to uphold. By obfuscating the state of …