Active Directory Federation Services (ADFS) Part 1: Web SSO and Identity Federation using Windows Server 2003 R2
ADFS enable Web SSO and access management scenarios previously unavailable without the purchase of a 3rd party product. This session begins with a review of the problems and business costs of Identity Management as it relates to extending your network to external users for eBusiness. Next we consider how Identity Federation can solve these problems while substantially reducing risk and cost. The session concludes with an overview of ADFS functionality and the fundamental customer use cases it supports. See a demo of how Identity Federation enables Web SSO across organizational boundaries for file-based collaboration using Windows SharePoint Services. Learn how ADFS Web SSO can be extended to both IIS and non-Windows web servers. This session, or equivalent knowledge, is a pre-requisite for ADFS Part 2.
Active Directory Federation Services (ADFS) Part 2: ADFS Architecture and WS-Federation-based Interoperability
This session probes the architectural and interoperability details of Active Directory Federation Services (ADFS). It begins by exploring how the web services specifications (particularly WS-Federation) lay the foundation for interoperability. Then we dive into the internal workings of the major components of ADFS. Learn what kinds of claims and security tokens the Federation Service issues, and how the Web Agent translates them into an authorization context for applications. Then we put the pieces together to see how identity federation enables cross-organizational web SSSO and access management by tracing the flow of claims through the system. See a demo of ADFS claims administration in conjunction with a representative end-to-end line of business application. To conclude, we'll discuss how ADFS interoperability with other vendor identity management products is achieved by implementation of the WS-Federation: Passive Requestor Interoperability Profile. ADFS Part 1, or equivalent knowledge, is a pre-requisite for this session.
Authentication for UNIX and Linux Systems with Windows Active Directory
Organizations want to reduce the complexity of managing their infrastructure; a big part of that is simplifying authentication and authorization infrastructure. This session will cover the ways you can tie UNIX and Linux systems into Windows Active Directory and provide enough context that you can decide which approach is right for you. The session will go into some depth on how to build Microsoft's recommended "best practice" solution and will identify third-party products which implement that best practice. The session will include a demonstration of configuring a Linux system to authenticate against, and retrieve authorization data from, Windows Active Directory. Material will be drawn from the just-released new revision of the Solution Guide for Windows Security and Directory Services for UNIX.
Building Self-Service Applications and Extending the Reach of Microsoft Identity Integration Server (MIIS)
Self-service applications are valuable tools for any IT organization to save on helpdesk costs. When building a self-service application, it is important to make sure that the application can span all heterogeneous systems used in the IT organization. MIIS provides the functionality to aggregate identity information from heterogeneous identity stores and enforce the correctness. This makes MIIS a great back-end platform for building self-service applications with workflow. Learn how to build self-service applications today on MIIS 2003 and how future versions of MIIS will make it even easier to build to leverage the aggregate identity information in MIIS and configure workflow. Then learn how to extend the reach of MIIS 2003 by using the Management Agent SDK to build a custom Management Agent.
Deploying Active Directory (AD) in Extranet and Enterprise Directory Roles
Active Directory, including Active Directory Application Mode (ADAM), is enhanced in Windows Server 2003 to address directory-enabled application scenarios. AD and ADAM together represent a breakthrough in directory services technology that provides flexibility and helps organizations avoid increased infrastructure costs. Attend this session to see how the different features of AD and ADAM like application partitions, multiple instances, Windows integrated authentication, user proxy objects and ADAM Synchronizer help with server consolidation, ease of deployment and increased security. You will also see the benefits of deploying AD and ADAM in extranet and enterprise directory roles and get details on some of our customer deployments. You will leave this session with a good understanding of the ADAM usage scenarios and when to use AD vs ADAM in the different application directory roles.
Developing Solutions on Microsoft's Identity and Access Platform
This session for developers discusses programming model available for developers who are writing apps that need to make authorization decisions. This session covers the identity and access technologies, the different application models and goes into details on building applications using the traditional ACL based and LDAP based authorization models. You'll also see how AzMan can help provide roles based access control, in these scenarios. You will see a sample application that walks you through the different scenarios, showcasing how easily you can build your application using the above models appropriately. At the end of this session, you will understand how the different technologies complement each other and how to develop end-to-end solutions leveraging the Microsoft Identity and Access Platform.
How to Manage Active Directory (AD) using Microsoft Identity Integration Server (MIIS)
Take your Active Directory environment to the next level with MIIS. Learn how MIIS allows you to manage AD data in a consistent, secure and reliable way. The automation and user provisioning capabilities of MIIS combined with powerful group management, workflow, and self-service solutions will help increase operational efficiency, enforce business policy, ensure a high degree of data quality and consistency, and reduce administrative overhead.
Identity Lifecycle Management Using Microsoft Identity Integration Server (MIIS) 2003 and Roadmap
Lifecycle mangement includes all process around hiring (provisioning) users, managing their identities, access rights and passwords on an on-going basis and eventually retiring (de-provisioning) the accounts again. Learn how MIIS can help you with automating all these tasks or help you save helpdesk costs by enabling end users to perform some of these tasks through self-service applications. We will also give an overview of future releases of MIIS, including the upcoming password self-service reset application.
Identity Management and Integration within Connected Systems
To improve daily operational efficiencies and reduce costs of deploying and maintaining new composite solutions, you can integrate enterprise-wide security systems, including IBM mainframe zSeries (RACF) and midrange iSeries (OS/400), Computer Associates TopSecret and ACF/2, and Microsoft Windows (Active Directory), using Microsoft Identity Integration Server (MIIS) 2003 and Microsoft Host Integration Server 2006. Learn how to deploy single sign-on for integrated line-of-business applications, while ensuring the integrity of your security policies across platforms, when accessing IBM host resources from Microsoft BizTalk Server 2006, Microsoft .NET Framework-enabled XML Web Services, Microsoft Office 2003 SharePoint Portal Server and InfoPath. Examine approaches to synchronizing user accounts and passwords across your enterprise using technologies from Microsoft and third-party software developers.
Managing Enterprise Passwords with Microsoft Identity Integration Server (MIIS): Solving the Post-it Problem
With MIIS 2003 SP1, password management has become a first class citizen of the lifecycle management. In this presentation, we discuss how MIIS can be used to secure accounts from provisioning to de-provisioning, how passwords can be managed in any identity store, how to synchronize passwords changed by the user from his Windows desktop to any identity store managed by MIIS and how users can manage passwords for systems that do not participate in password synchronization through a web portal. In addition, we will give a preview of a new end user password self-service reset tool that we will ship in a future release of MIIS.
Microsoft Identity Integration Server (MIIS) Best Practices and Scenarios Drill Down
When designing and deploying MIIS 2003, there are often many different ways to accomplish the same task. This session reviews best practices for a wide range of topics, including design strategy, coding structure and standards, documentation, server sizing guidelines, operational considerations, and dealing with common MIIS project roadblocks.
Microsoft's Identity and Access Architecture, a Key Pillar of Connected Systems
Identity and Access management is a key pillar of any Connected Systems solution. In this session we will review the common issues faced when architecting an Identity solution, the underlying architectural principles behind a good Identity solution. Also, through a series of real-life scenarios we will discuss common trade offs and best practices.
Microsoft's Identity Management Strategy and Roadmap
Identity and access management is rapidly becoming the top business issue as organizations look to increase security, reduce risk and decrease operational costs. Learn about Microsoft's approach to identity and access management for employees, partners, and customers in the intranet and extranet. Find out how products such as Active Directory (AD), Active Directory Application Mode (ADAM), and Microsoft Identity Integration Server (MIIS), play a key role in these solutions now and in the future.
MS IT: Enabling Cross-Forest Identity Management with Microsoft Identity Integration Server (MIIS) 2003
See how Microsoft implemented MIIS 2003 to simplify identity management by automating services, and to enable enterprise-wide usage of applications over multiple forests. Microsoft IT, partnering with the MIIS product team, developed a testing and deployment strategy that delivered MIIS 2003 to the corporation. Utilizing MIIS 2003 directory synchronization for cross-forest functionality, plus business logic and authoritative sources for data integrity, Microsoft is now able to deliver a consistent cross-forest user experience and increase user productivity.
Using Microsoft Identity Integration Server (MIIS) 2003 for Exchange Provisioning
There are several models for Exchange deployments, and the decision to choose one over another still leaves Exchange administrators with the problem of provisioning exchange resources to the users in the organization that need them. This session will explain how to use MIIS to automate the creation and configuration of mailboxes.
