Enterprise IT Identity & Access Management

A Buyer's & Integrator's Guide - WebLog Version 1.0

Enterprise IT Identity & Access Management

  • Major IAM Vendors

    Vendor selection is critical in IT business. I still remember an old story when I joint big blue family last Century: a wise advice was spread among IT decision makers globally: “You will never be fired if you buy from IBM”. It had worked for a...
  • Review - ADFS v1 & Preview - ADFS v2

    Active Directory Federation Service (ADFS) is a component of Active Directory released as part of Windows Server 2003 R2. ADFS v1 can be used in various B2B/B2E/B2C Web Single Sign On and Identity Federation scenarios. Pros: - Enable Federated SSO...
  • Sample Code (C++) - Scan Certificate Expiration Date Remotely

    It is hard to find a tool to check certificate expiration date on a remote machine without logon locally. Here is my code to accomplish this job: // to build: cl scancert.cpp -link crypt32.lib //----------------------------------------------------...
  • Sample Code (T-SQL) - Protecting Identity Data with SQL 2005 Data Encryption

    There are multiple ways to protect (encrypt) data with SQL 2005: either using certificate or password. Here is my code sample to use a password to encrypt identity data (assuming the identity table name as tblIdentity_SmartCard table, the identity...
  • Sample Code (C#) - Provision User Accounts and Groups with MIIS

    Here is my sample code to provision AD use accounts and groups using MIIS MV Extension: // Use Visual Studio to build using System; using Microsoft.MetadirectoryServices; namespace Mms_Metaverse { public class MVExtensionObject : IMVSynchronization...
  • Sample Code (VBScript) - Compare Two AD Groups and Get Membership Difference

    If you want two AD groups with the same membership but are afraid of mis-sync, I have a sample script to find the delta: On Error Resume Next Dim strGroup1, strGroup2, iArgs, oArgs iArgs = Wscript.arguments.count Set oArgs = Wscript.arguments ...
  • User Authentication Mechanism (Method)

    User authentication mechanism can use one of above factors or combine multiple factors to form strong authentication. The following are major user authentication mechanisms (methods): · Badge and identity card: Identification badges are usually used...
  • Physical Access Control Technology

    A typical physical access control system is made up of following components: - ID Credential - Door Reader - Door Lock - Control Panel - Access Control Server - Software - Database The access control process begins when a user...
  • Microsoft Identity Integration Server 2003 Enterprise Edition - InfoWorld Test Report

    Of all the contenders here, MIIS (Microsoft Identity Integration Server) 2003 stands out in two ways. First, it's by far the cheapest, at least at first glance (more on that later). Second, it's unique in leveraging several features of Windows, as well...
  • Sample Code (VBScript) - Query CAPICOM

    This script queries capicom com object to get cert expiration date. Capicom.dll must be installed and registered in order to run this script. If you need additional cert info, you can just add more CAPICOM Cert object properties to my sample code. ...
  • Microsoft Customer Solutions

    If no product is available (or satisfies your needs) in the marketplace, you may have to build something yourself. Currenlt, I am unable to post my own custom IT IAM solutions (such as group management, remote access management, smart card management...
  • Review - Microsoft IAM Group Management Solution

    One of group management solutions is part of Microsoft Identity and Access Management Series and you can download from: http://www.microsoft.com/downloads/details.aspx?FamilyId=794571E9-0926-4C59-BFA9-B4BFE54D8DD8&displaylang=en or http://www.microsoft...
  • Sample Code (VBScript) - Retrieve MIIS WMI Password History

    This is a sample WMI script to retrieve password change history for a specific account through MIIS. You just need to run it on MIIS server with MA name, domain name and account name as parameters. Option Explicit On Error Resume Next Dim Service...
  • Review - MIIS SP2 Password Management Beta 1

    A major new feature in MIIS SP2 is Q/A (question/answer) based password reset self service. The password management application has 4 UI compoments on top of MIIS SP2: User Registration, Password Self Reset, Password Helpdesk Reset, and Admin. Pros...
  • Microsoft Centric IAM Architecture

    This is a Microsoft centric end to end B2E IAM architecture diagram. Most products are provided by Microsoft. Yellow areas form an IAM system and dependancies are in green. Identity & Access Management Architecture - B2E Microsoft Centric
  • Review - BMC Identity Management for .NET

    BMC IdM for .NET offers a suite of solutions in .NET environment including workflow, directory management, audit, self service, password management, Web single sign-on, and federation. Pros: - Automated HR driven provisioning - Role based access...
  • Microsoft Internal Solutions

    Micorsoft IT has implemented several internal IAM solutions and here is a list of links. Enabling Cross-Forest Identity Management with Microsoft Identity Integration Server 2003: http://www.microsoft.com/technet/itsolutions/msit/deploy/cfimwiis...
  • Authentication Protocols and Standards

    Some of most popular authentication protocols and standards are: · KERBEROS v5: Kerberos is an open standard for distributed systems authentication ( RFC 1510 ). It relies on shared secret (or password) authentication by users to an authentication...
  • How to Help Regulatory Compliance with Identity & Access Management

    You can use IAM solutions to help demonstrating regulatory compliance such as SOX Section 404 and 302, HIPPA, GLB, Basel II Capital Accord, FDA 21-CFR-11, HSPD-12, EU Privacy Directive, PIPEDA, and LSF. SOX: There are many SOX compliance tools and...
  • How to Increase Productivity with Identity & Access Management

    With right IAM solutions, your business can increase employee's productivity (or avoid the loss) significantly. Before you look into IAM solutions, you should identify major factors impacting employee's productivity in your business. Some common factors...
  • How to Improve Security with Identity & Access Management

    Every time I told a friend I got an IT security job, I was always asked a similar question "Do you catch hackers or virus?". Of course, the popularity of the Internet definitely puts external threats and attacks on enterprise IT security's radar. However...
  • Auditing Strategy

    Auditing (also referred as Audit or Accounting or Accountability) ensures that the activities associated with user access are logged for monitoring, regulatory and investigative purposes. Auditing Strategies for IAM to be compliance: Identify...
  • Authorization Strategy

    Authorization (or establishment or entitlement) defines a user's (or process') rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource. Here are some authorization...
  • Authentication Strategy

    Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system. User Authentication Strategy: · Prepare and...
  • How to Reduce TCO of Identity & Access Management

    Identity & Access Management is an expensive investment in IT. Here are some tips to reduce Total Cost of Ownership: Follow the rule of economy of scale - If more people use the same solution, the unit cost of the solution will decrease. Therefore...