Enterprise IT Identity & Access Management

A Buyer's & Integrator's Guide - WebLog Version 1.0

Enterprise IT Identity & Access Management

  • Major IAM Vendors

    Vendor selection is critical in IT business. I still remember an old story when I joint big blue family last Century: a wise advice was spread among IT decision makers globally: “You will never be fired if you buy from IBM”. It had worked for a...
  • Sample Code (VBScript) - Query CAPICOM

    This script queries capicom com object to get cert expiration date. Capicom.dll must be installed and registered in order to run this script. If you need additional cert info, you can just add more CAPICOM Cert object properties to my sample code. ...
  • Sample Code (C#) - Provision User Accounts and Groups with MIIS

    Here is my sample code to provision AD use accounts and groups using MIIS MV Extension: // Use Visual Studio to build using System; using Microsoft.MetadirectoryServices; namespace Mms_Metaverse { public class MVExtensionObject : IMVSynchronization...
  • IAM Job Opening at Microsoft

    http://members.microsoft.com/careers/search/details.aspx?JobID=C582216A-818C-4677-9587-B6F8E99D7D3F&start=31&interval=10&SortCol=&SortOrder Job Title: IT Management Job Category: IT Operations ...
  • Generic IAM Architecture

    This is a basic end to end B2E IAM architecture diagram. Yellow areas form an IAM system and dependancies are in green. Identity & Access Management Architecture - B2E Generic
  • IAM Strategy

    IAM is a combination of processes, technologies, and policies enabled by software to manage digital identities in their lifecycle and specify how they are used to access resources. IAM is a superset of AAA (Authentication, Authorization, Auditing)*. Here...
  • Introduction to IAM Buyer's Guide

    “Our vision for security is to create a world where there is greater trust — where people and organizations can use a range of devices to be more reliably and securely connected to the information, services and people that matter most to them.” - Bill...
  • Review - ADFS v1 & Preview - ADFS v2

    Active Directory Federation Service (ADFS) is a component of Active Directory released as part of Windows Server 2003 R2. ADFS v1 can be used in various B2B/B2E/B2C Web Single Sign On and Identity Federation scenarios. Pros: - Enable Federated SSO...
  • How to Reduce TCO of Identity & Access Management

    Identity & Access Management is an expensive investment in IT. Here are some tips to reduce Total Cost of Ownership: Follow the rule of economy of scale - If more people use the same solution, the unit cost of the solution will decrease. Therefore...
  • Sample Code (Command) - Windows Vista Domain Join with smart card

    After you require smart card interactive logon in your environment, the traditional domain join will not work because you don't have a password. Windows Vista resolves this problem by allowing domain join with smart card. However, this new feature will...
  • Courion Enterprise Provisioning Suite 7.20 - InfoWorld Test Report

    Courion Enterprise Provisioning Suite 7.20 includes ProfileCourier, a user-profile store; PasswordCourier, a metapassword repository; and ComplianceCourier, a policy-control module aimed at tying the other modules together for managed security. Courion...
  • Sample Code (C++) - Scan Certificate Expiration Date Remotely

    It is hard to find a tool to check certificate expiration date on a remote machine without logon locally. Here is my code to accomplish this job: // to build: cl scancert.cpp -link crypt32.lib //----------------------------------------------------...
  • Authentication Protocols and Standards

    Some of most popular authentication protocols and standards are: · KERBEROS v5: Kerberos is an open standard for distributed systems authentication ( RFC 1510 ). It relies on shared secret (or password) authentication by users to an authentication...
  • Sample Code (VBScript) - Retrieve MIIS WMI Password History

    This is a sample WMI script to retrieve password change history for a specific account through MIIS. You just need to run it on MIIS server with MA name, domain name and account name as parameters. Option Explicit On Error Resume Next Dim Service...
  • Microsoft Identity Integration Server 2003 Enterprise Edition - InfoWorld Test Report

    Of all the contenders here, MIIS (Microsoft Identity Integration Server) 2003 stands out in two ways. First, it's by far the cheapest, at least at first glance (more on that later). Second, it's unique in leveraging several features of Windows, as well...
  • Review - Microsoft CLM Certificate Lifecycle Manager Beta 2

    I reviewed CLM Beta 1 half year ago and rated it low. Now, CLM Beta 2 is ready for prime time and I'm going to deploy it in production environment. I've seen a lot of improvements in Beta 2 so many cons in Beta 1 are removed. Base CSP Smart Card support...
  • Sample Code (VBScript) - Compare Two AD Groups and Get Membership Difference

    If you want two AD groups with the same membership but are afraid of mis-sync, I have a sample script to find the delta: On Error Resume Next Dim strGroup1, strGroup2, iArgs, oArgs iArgs = Wscript.arguments.count Set oArgs = Wscript.arguments ...
  • Microsoft Centric IAM Architecture

    This is a Microsoft centric end to end B2E IAM architecture diagram. Most products are provided by Microsoft. Yellow areas form an IAM system and dependancies are in green. Identity & Access Management Architecture - B2E Microsoft Centric
  • Authorization Strategy

    Authorization (or establishment or entitlement) defines a user's (or process') rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource. Here are some authorization...
  • IBM Tivoli Identity Manager 4.6 - InfoWorld Test Report

    To reach into the various moving parts of our enterprise, ITIM (IBM Tivoli Identity Manager) 4.6 used custom agents that we installed on every managed resource, including our AD domain controllers, database servers, and so forth. The agents hold a reasonably...
  • Authentication Strategy

    Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system. User Authentication Strategy: · Prepare and...
  • Review - Microsoft IAM Group Management Solution

    One of group management solutions is part of Microsoft Identity and Access Management Series and you can download from: http://www.microsoft.com/downloads/details.aspx?FamilyId=794571E9-0926-4C59-BFA9-B4BFE54D8DD8&displaylang=en or http://www.microsoft...
  • Physical Access Control Technology

    A typical physical access control system is made up of following components: - ID Credential - Door Reader - Door Lock - Control Panel - Access Control Server - Software - Database The access control process begins when a user...
  • Review - Real User PassFace

    Real User's Passface™ system is a cognometric method of personal authentication - based on the measurement of an innate cognitive function (of the human brain), specifically: its ability to recognize familiar faces. As with passwords and PINs (knowledge...
  • RSA 2007 Conference Take Aways

    There was no much exciting news at RSA2007. I think I need to write a few things down here or otherwise I will no longer remember them: - Information Centric Security: The information is the king. However, the king can not live in a castle all the...