Making SharePoint CompliantIdentity Management for SharePoint

Adelaide SharePoint User GroupFebruary 2012 Meeting

Bob Bradley, MCC, MCTS, Manager – The FIM Team

Presenter Profile UNIFY Solutions Overview The Dilemma Compliance for SharePoint User Profiles Basic Principles of IdM (for users) Integrating HR across the Enterprise Identity Broker for SharePoint Demonstration (10 minutes) Summary Questions

© UNIFY Solutions

Contents

3

Presenter Profile – Bob Bradley

Bob is one of UNIFY's senior Solutions Architects and leads the Microsoft Platform Practice. Prior to joining UNIFY in 2004, Bob worked as a systems integrator with Microsoft platforms for the previous17 years and, in particular, with Identity and Access Management since early 2001. He offers a wealth of Microsoft Forefront Identity Manager, SQL Server, SharePoint, Password Management and Business Intelligence expertise. Bob has been a key contributor to the UNIFY development teams, specifically with respect to the development of .Net connectors and custom management agents for FIM, and for requirements for UNIFY Event Broker. Bob is a sought after lead consultant who has delivered key Microsoft identity management references throughout the region.Bob has spent many years building BI solutions for and integrating with the SharePoint platform, dating to earlier versions prior to the first .Net platform with SharePoint 2003. In particular, since the 2003 platform, his focus and passion has been on automating integration of both User Profiles and SharePoint Lists authoritative sources such as HR systems and Active Directory, in order that the feature sets such as Audience Targeting, My Site org structures, and manager approval workflows, that all work so well in all the Fabrikam demos, work just as well in the real world.

© UNIFY Solutions

UNIFY Solutions (UNIFY) was established in 2004 with the sole focus of providing world-class Identity and Access Management solutions and expertise across APAC

Specialised in Microsoft based Identity and Access Management

Extensive experience in developing and successfully implementing Microsoft Identity and Access Management solutions across a range of industries and geographies

© UNIFY Solutions

UNIFY Solutions Overview

• Strong partnership with Microsoft globally Member of the Microsoft Security Partner Advisory Council

(S-PAC) 2 Seats Microsoft Consulting Services Training, Consulting, Joint Projects

Locations• Brisbane, Sydney, Melbourne, Canberra, Adelaide,

Singapore© UNIFY Solutions

UNIFY Solutions Overview

Business Units Business Strategic Consulting Group Product Group

Identity Broker series of Application Connectors for IdMEvent Broker for event-driven Microsoft FIM operations

APAC Training Academy Consulting Group

The FIM Team

© UNIFY Solutions

UNIFY Solutions Overview

© UNIFY Solutions

Project Identities Number Sample of Connected Systems

Department of Education and Training (Queensland)

Students

Staff

Groups

650,000

75,000

25,000

School management systems (1300 instances)

SharePoint

AD (13 forest / domains)

TAM

SUN directory

8 x Enterprise LOB apps Department of Environment, Water, Heritage and the Arts (Federal)

Staff /

Contractors

Groups

8,000

1,000

SAP HR

SharePoint

AD (3 forests)

Exchange National Australia Bank Staff

Groups

55,000

50,000

Domino / Notes

ADACT Education Students

Staff

Parents

Schools

Classes

Groups

37,000

5,000

100,000

87

8,000

10,000

Maze

AD

ADLDS

Centrelink / MCS Staff

Groups

30,000

10,000

SAMS

Active Directory

Example Project Experience

8

The Dilemma

Have you invested countless hours and $$$ into MOSS to achieve promised benefits such as workflow automation and audience targeting, only to find that the data these features rely on isn’t worth a brass razoo?

Have you attempted to solve this problem with the BDC, but been less than satisfied with the results, and ended up with users and stakeholders losing confidence in the data sources that drive their decision making?

Have you committed to achieving real savings to the company bottom line in process improvement, only to find that data integrity and ownership confusion has torpedoed your project, and with it your chances of funding for all the other improvements it seems only you can see are within reach of the business?

© UNIFY Solutions

9

Compliance for SharePoint User Profiles

Reliable SharePoint user profiles are paramount in delivering Accurate and timely workflow routing Accurate and timely audience targeting Accurate and timely online presence information and people searches (white pages) Effective decision making (e.g. approvals in workflow)

By adopting an Identity Management (IdM) approach, greater data reliability comes as a result of the business taking ownership of its employee data and associated lifecycle

The level of data integrity you have now, compared to that required to implement organisational policy, is your organisation’s level of data compliance

© UNIFY Solutions

10

Basic Principles of IdM (for users)

Identify authoritative sources of user identity (applications, directories, services, etc.)

Define user synchronisation, access and policy requirements Identify a common unique identifier Identify common attributes and attribute precedence rules for synchronisation Define common organisational level business policy (e.g. on-boarding, off-

boarding) Combine workflow and synchronisation into a consolidated IdM solution

© UNIFY Solutions

Integrating HR across the Enterprise

Why should integrating HR across the Enterprise be important?

© UNIFY Solutions

Integrating HR across the Enterprise

• Improve productivity and reduce costs• Role specific requirements and access• Inconsistent and informal processes• Consistent and accurate data

Business

• Maintenance of multiple sources of identity data• Manual user provisioning by helpdesk delaying on/off

boarding and change in positions• Labour-intensive paper-based approval systems• Users dependent on helpdesk response times

Operational

• No record of who has access to which IT resources• Inability to de-provision user access on termination• Identify and manage business & IT controls• Meet audit requirements• Prevention of un-authorised access

Real-Time Compliance

© UNIFY Solutions

13

Integrating HR across the Enterprise

Integrate HR with Active Directory, other Enterprise Directories and Applications HR-driven Identity Management not only protects critical data and information, it also

helps to maximise return on investment by creating efficient and productive workflow systems.

HR-driven Identity Management can help you add value to your business by improving data security; establishing secure access controls for selected users; streamlining processes and administration, and reducing costs through automation.

As these improvements are important to your organisation, you can now tick the following boxes (substitute chris21 any of the other 3 HR platforms below):

© UNIFY Solutions

Integrating HR across the Enterprise

Operational

Business

Compliance

• Automate Management of Identity Lifecycle• On Boarding• Off Boarding• Day to Day Changes

• Consistent Data• High Integrity

• Organisational Information• Role Based Access• Managers and Reports To

• Automated Real-Time Compliancy• Enforce Business Process and Policy

• Improve Business Productivity• Streamline Processes and Reduce Costs

Your HR system has the Answers

© UNIFY Solutions

HR

Identity Broker for HR Applications

Identity Manage

ment

Synchronise

RoleCompliancy

Reporting

Identity Management and Synchronisation

Platform

Network

Email

BusinessApps

White Pages

Identity Broker

Peter Tiernan

Brisbane

Identity Management

Consultant

Peter Tiernan

Brisbane

Identity Management

Consultant

Peter Tiernan

Brisbane

Identity Management

Consultant

Peter Tiernan

Brisbane

Identity Management

Consultant

Peter Tiernan

Brisbane

Identity Management

Consultant

© UNIFY Solutions

HR

Integrating HR across the Enterprise

Identity Manage

ment

Synchronise

RoleCompliancy

Reporting

Identity Management and Synchronisation

Platform

Network

Email

BusinessApps

White Pages

Peter Tiernan

Brisbane

Identity Management

Manager

Peter Tiernan

Brisbane

Identity Management

Consultant

Peter Tiernan

Brisbane

Identity Management

Consultant

Peter Tiernan

Brisbane

Identity Management

Consultant

Peter Tiernan

Brisbane

Identity Management

Consultant

Identity Broker

© UNIFY Solutions

HR

Integrating HR across the Enterprise

Identity Manage

ment

Synchronise

RoleCompliancy

Reporting

Identity Management and Synchronisation

Platform

Network

Email

BusinessApps

White Pages

Peter Tiernan

Brisbane

Identity Management

Manager

Peter Tiernan

Brisbane

Identity Management

Manager

Peter Tiernan

Brisbane

Identity Management

Manager

Peter Tiernan

Brisbane

Identity Management

Manager

Peter Tiernan

Brisbane

Identity Management

Consultant

Identity Broker

© UNIFY Solutions

HR

18

Identity Broker for SharePoint

SharePoint is Microsoft's best selling product. Organisations, large and small, are using it as their Portal of choice, and are

likely to face a number of challenges in integrating SharePoint with their enterprise systems.

Typical challenges include supporting multiple directories for user definitions; support for a multi forest/domain Active Directory environment, particularly where there are

users who move between forests/domains; implementing real-time compliance based upon changes to authoritative sources including user

definitions and information; and allowing SharePoint to be a dynamic enterprise wide user self-service White Pages.

Through the Identity BrokerTM for SharePoint®, information from other applications and services can be populated within SharePoint thereby increasing the value and integrity of SharePoint as a portal.

© UNIFY Solutions

19

Demonstration

Combine the above elements into a single IdM solution to deliver a compliant SharePoint platform for your organisation.

© UNIFY Solutions

20

Summary

Consider applying the principles of Identity Management to your SharePoint investment, and reap the rewards that you always expected but have so far found elusive!UNIFY have developed a repeatable HR + SharePoint + AD synchronisation solution for each of the following HR platforms: chris21 Empower Talent2 Alesco Aurion If your HR application isn’t one of these, talk to us. In addition to the above, the current suite applications supported by Identity Broker appears on the next slide, and is growing fast.

© UNIFY Solutions

chris21

Aurion HR SAP HCM SharePoint HP TRIM Cisco Call Manager Tivoli Access Manager eMinerva Expert Talent2 HR

Cerner Bighand Kronos Synergetic Maze SIF

Rapid Development Crimtrac

Identity Broker

© UNIFY Solutions

www.microsoft.com/identitywww.unifysolutions.netwww.thefimteam.comwww.fimeventbroker.com

Thank You

Bob Bradleybob.bradley@unifysolutions.net

Questions