Microsoft Identity and Access Management Series

Published: May 11, 2004   |   Updated: June 26, 2006

 

Download this Solution Accelerator

Click here to download the Microsoft Identity and Access Management Series from the Microsoft Download Center.

About This Solution Accelerator

Identity and Access Management combines processes, technologies, and policies to manage digital identities and specify how they are used to access resources.

The series shows how to achieve solid business results using Microsoft technologies in heterogeneous IT environments while concentrating on the key issues of total cost of ownership (TCO), security, and the growing need for information access beyond organizational boundaries. The series provides solutions that balance the need for short-term business results with a long-term security and management strategy.

 

The following figure illustrates the content and logical divisions within the Identity and Access Management Series v 1.4.

Cc162924.image1(en-us,TechNet.10).jpg

Figure 1. The Identity and Access Management Series Papers

 

Included in the Download

Overview.doc
The overview describes the series, how it is structured and provides information about the following:

  • How to access the Tools and Templates
  • Style conventions in the papers
  • Consulting services and system integrators
  • Independent hardware and software vendors

Fundamental Concepts.doc
This paper describes key concepts, terminology, and technologies for identity and access management. It includes common business, technology, and security challenges and approaches for overcoming these challenges.

Platform and Infrastructure.doc
This paper describes the common platform requirements and technology infrastructure for identity and access management solutions.

Identity Aggregation and Synchronization.doc
This paper describes the approaches and technologies available for integrating identity stores across a heterogeneous environment. It also provides implementation guidance for identity aggregation and synchronization between Microsoft Active Directory forests, Sun ONE Directory Server 5.1 (formerly iPlanet Directory Server), and Lotus Notes with Microsoft Identity Integration Server 2003, Enterprise Edition (MIIS 2003) with Service Pack 1 (SP1).

Password Management.doc
This paper describes the approaches and technologies available for managing passwords and enforcing strong password policy. The paper includes step-by-step implementation guidance for:

  • Managing intranet passwords
  • Managing extranet passwords
  • Enforcing strong password policy

Provisioning and Workflow.doc
This paper discusses how to automatically provision identities into multiple directories and identity stores in a heterogeneous environment. It also discusses managing security and e-mail group memberships, and describes a workflow process that can extend automated processes. You can use the information in this paper to enable the automated administration of user identities and reduce costs while you increase the availability and security of information resources. This paper also provides detailed configuration tasks that you can use to achieve these results by using MIIS 2003 with SP1.

Intranet Access Management.doc
This paper describes the approaches available for intranet single sign on (SSO), access management, and platform and application integration. It also provides implementation guidance for:

  • Integrating UNIX workstations with Active Directory.
  • Integrating SAP R/3 Application Server authentication using the Kerberos version 5 authentication protocol.

Extranet Access Management.doc
This paper describes the approaches available for extranet SSO, access management, and providing business-to-consumer (B2C), business-to-business (B2B), and business-to-employee (B2E) services. It also provides implementation guidance for:

  • B2E extranet Web access and SSO using X.509 certificates.
  • B2C extranet Web access and SSO using Microsoft Passport.

Developing Identity-Aware ASP.NET Applications.doc
This paper discusses how to develop ASP.NET multi-tier extranet and intranet Web applications in Microsoft Visual C# and Microsoft Visual Basic .NET that are integrated with Microsoft Windows Server 2003 directory and security services. It also provides detailed implementation guidance and ASP.NET code samples (in C# and VB.NET) for:

  • Intranet Web applications that use Windows-integrated authentication and Windows Authorization Manager.
  • Extranet Web applications for B2B, B2C, and B2E scenarios using Windows authentication (including Forms-based authentication, X.509 certificates, and Microsoft Passport) and Windows Authorization Manager.

Identity and Access Management Tools and Templates.msi
Several code samples and configuration files accompany each paper in the Identity and Access Management Tools and Templates.msi file that is part of this download.

 

In More Detail

Overview of the Microsoft Identity and Access Management Series

The overview describes the series, how it is structured and provides information about the following:

  • How to access the Tools and Templates.
  • Style conventions in the papers.
  • Consulting services and system integrators.
  • Independent hardware and software vendors.

Part I – The Foundation for Identity and Access Management**

Fundamental Concepts

This paper includes key concepts, terminology, and technologies, as well as identity and access management challenges and approaches for overcoming them. This paper is prerequisite reading for the other papers in the series.

Platform and Infrastructure

This paper defines common platform requirements and a technology infrastructure for all of the identity and access management solutions in the series.

Part II – Identity Life-Cycle Management**

Identity Aggregation and Synchronization

This paper describes the approaches and technologies available for integrating identity stores across a heterogeneous environment. It also provides detailed implementation guidance for identity aggregation and synchronization between Microsoft® Active Directory® directory service forests, Sun ONE Directory Server 5.1 (formerly iPlanet Directory Server), and Lotus Notes using Microsoft Identity Integration Server 2003, Enterprise Edition (MIIS 2003) with Service Pack 1 (SP1).

 

Password Management

This paper describes several password management approaches and includes guidance on password policies and enabling password reset, password change, and password synchronization to multiple authentication stores by using MIIS 2003 with SP1. It also provides detailed implementation guidance plus ASP.NET code samples (in Microsoft Visual C#® and Microsoft Visual Basic® .NET) for:

  • Intranet Password Management: This scenario uses an intranet Active Directory forest as the password master (for policy), propagating password changes to Lotus Notes and Sun ONE Directory Server 5.1 using MIIS 2003 with SP1.
  • Extranet Password Management: This scenario uses sample ASP.NET code for password change, self-service password reset, reporting, and a scheduled script for password expiry notification.

Provisioning and Workflow

This paper discusses how to provision identities automatically into multiple directories and identity stores in a heterogeneous environment, manage membership in security and e-mail groups, and implement workflow processes that extend the automated processes. This paper provides detailed implementation guidance plus ASP.NET code samples (in Microsoft Visual C#® and Microsoft Visual Basic® .NET) for:

  • HR-driven Provisioning: This scenario describes how HR can be used to drive fully automated provisioning to a heterogeneous environment. The scenario will use SAP as the HR system and provisions accounts in the intranet Active Directory, extranet Active Directory, Lotus Notes, and Sun ONE Directory Server 5.1 (formerly iPlanet Directory Server) using MIIS 2003 SP1.
  • Group Management: This scenario describes how to have security groups and distribution lists automatically managed based on identity attributes such as manager, location, etc. The scenario will use Group Populator (included with MIIS 2003 SP1), a SQL table for group definitions, and provides a basic ASP.NET Web UI to make it easy for an administrator to establish computed groups based on manager, location, and other attributes.
  • Contractor Account Provisioning: This scenario describes how to implement a provisioning workflow application using ASP.NET and MIIS 2003 SP1 that facilitates the creation and provisioning of contractor accounts within the heterogeneous Contoso environment.

Part III – Access Management and Single Sign On

Intranet Access Management

This paper describes the approaches available for intranet single sign on (SSO), access management, and platform and application integration. It also provides detailed implementation guidance for:

  • Integrating UNIX workstations with Active Directory.
  • Integrating SAP R/3 Application Server authentication using the Kerberos version 5 authentication protocol.

Extranet Access Management

This paper describes the approaches available for extranet SSO, access management, and providing business-to-consumer (B2C), business-to-business (B2B), and business-to-employee (B2E) services. It also provides detailed implementation guidance for:

  • B2E extranet Web access and SSO using X.509 certificates.
  • B2C extranet Web access and SSO using Microsoft Passport.

Developing Identity-Aware ASP.NET Applications

This paper describes approaches for building Active Directory-integrated multi-tier Microsoft ASP.NET applications (for authentication, authorization, and security logging) plus detailed implementation guidance and ASP.NET code samples (in Microsoft Visual C#® and Microsoft Visual Basic® .NET) for:

  • Intranet Web applications that use Windows-integrated authentication and Windows Authorization Manager.
  • Extranet Web applications for B2B, B2C, and B2E scenarios using Windows authentication (including Forms-based authentication, X.509 certificates, and Microsoft Passport) and Windows Authorization Manager.

 

Related Resources

Community and Feedback

  • What to know what’s coming up next. Check out our  Security Guidance Blog
  • E-mail your feedback to the following address: SecWish@microsoft.com
  • If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).

About Solution Accelerators

Solution Accelerators are authoritative resources that help IT pros plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.

Register to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as

  • Communication & Collaboration
  • Security, Data Protection, & Recovery
  • Deployment
  • Operations & Management

Download This Accelerator

Click here to download the Microsoft Identity and Access Management Series from the Microsoft Download Center.