Upload
gideon-jester
View
214
Download
2
Embed Size (px)
Citation preview
Making SharePoint CompliantIdentity Management for SharePoint
Adelaide SharePoint User GroupFebruary 2012 Meeting
Bob Bradley, MCC, MCTS, Manager – The FIM Team
Presenter Profile UNIFY Solutions Overview The Dilemma Compliance for SharePoint User Profiles Basic Principles of IdM (for users) Integrating HR across the Enterprise Identity Broker for SharePoint Demonstration (10 minutes) Summary Questions
© UNIFY Solutions
Contents
3
Presenter Profile – Bob Bradley
Bob is one of UNIFY's senior Solutions Architects and leads the Microsoft Platform Practice. Prior to joining UNIFY in 2004, Bob worked as a systems integrator with Microsoft platforms for the previous17 years and, in particular, with Identity and Access Management since early 2001. He offers a wealth of Microsoft Forefront Identity Manager, SQL Server, SharePoint, Password Management and Business Intelligence expertise. Bob has been a key contributor to the UNIFY development teams, specifically with respect to the development of .Net connectors and custom management agents for FIM, and for requirements for UNIFY Event Broker. Bob is a sought after lead consultant who has delivered key Microsoft identity management references throughout the region.Bob has spent many years building BI solutions for and integrating with the SharePoint platform, dating to earlier versions prior to the first .Net platform with SharePoint 2003. In particular, since the 2003 platform, his focus and passion has been on automating integration of both User Profiles and SharePoint Lists authoritative sources such as HR systems and Active Directory, in order that the feature sets such as Audience Targeting, My Site org structures, and manager approval workflows, that all work so well in all the Fabrikam demos, work just as well in the real world.
© UNIFY Solutions
UNIFY Solutions (UNIFY) was established in 2004 with the sole focus of providing world-class Identity and Access Management solutions and expertise across APAC
Specialised in Microsoft based Identity and Access Management
Extensive experience in developing and successfully implementing Microsoft Identity and Access Management solutions across a range of industries and geographies
© UNIFY Solutions
UNIFY Solutions Overview
• Strong partnership with Microsoft globally Member of the Microsoft Security Partner Advisory Council
(S-PAC) 2 Seats Microsoft Consulting Services Training, Consulting, Joint Projects
Locations• Brisbane, Sydney, Melbourne, Canberra, Adelaide,
Singapore© UNIFY Solutions
UNIFY Solutions Overview
Business Units Business Strategic Consulting Group Product Group
Identity Broker series of Application Connectors for IdMEvent Broker for event-driven Microsoft FIM operations
APAC Training Academy Consulting Group
The FIM Team
© UNIFY Solutions
UNIFY Solutions Overview
© UNIFY Solutions
Project Identities Number Sample of Connected Systems
Department of Education and Training (Queensland)
Students
Staff
Groups
650,000
75,000
25,000
School management systems (1300 instances)
SharePoint
AD (13 forest / domains)
TAM
SUN directory
8 x Enterprise LOB apps Department of Environment, Water, Heritage and the Arts (Federal)
Staff /
Contractors
Groups
8,000
1,000
SAP HR
SharePoint
AD (3 forests)
Exchange National Australia Bank Staff
Groups
55,000
50,000
Domino / Notes
ADACT Education Students
Staff
Parents
Schools
Classes
Groups
37,000
5,000
100,000
87
8,000
10,000
Maze
AD
ADLDS
Centrelink / MCS Staff
Groups
30,000
10,000
SAMS
Active Directory
Example Project Experience
8
The Dilemma
Have you invested countless hours and $$$ into MOSS to achieve promised benefits such as workflow automation and audience targeting, only to find that the data these features rely on isn’t worth a brass razoo?
Have you attempted to solve this problem with the BDC, but been less than satisfied with the results, and ended up with users and stakeholders losing confidence in the data sources that drive their decision making?
Have you committed to achieving real savings to the company bottom line in process improvement, only to find that data integrity and ownership confusion has torpedoed your project, and with it your chances of funding for all the other improvements it seems only you can see are within reach of the business?
© UNIFY Solutions
9
Compliance for SharePoint User Profiles
Reliable SharePoint user profiles are paramount in delivering Accurate and timely workflow routing Accurate and timely audience targeting Accurate and timely online presence information and people searches (white pages) Effective decision making (e.g. approvals in workflow)
By adopting an Identity Management (IdM) approach, greater data reliability comes as a result of the business taking ownership of its employee data and associated lifecycle
The level of data integrity you have now, compared to that required to implement organisational policy, is your organisation’s level of data compliance
© UNIFY Solutions
10
Basic Principles of IdM (for users)
Identify authoritative sources of user identity (applications, directories, services, etc.)
Define user synchronisation, access and policy requirements Identify a common unique identifier Identify common attributes and attribute precedence rules for synchronisation Define common organisational level business policy (e.g. on-boarding, off-
boarding) Combine workflow and synchronisation into a consolidated IdM solution
© UNIFY Solutions
Integrating HR across the Enterprise
Why should integrating HR across the Enterprise be important?
© UNIFY Solutions
Integrating HR across the Enterprise
• Improve productivity and reduce costs• Role specific requirements and access• Inconsistent and informal processes• Consistent and accurate data
Business
• Maintenance of multiple sources of identity data• Manual user provisioning by helpdesk delaying on/off
boarding and change in positions• Labour-intensive paper-based approval systems• Users dependent on helpdesk response times
Operational
• No record of who has access to which IT resources• Inability to de-provision user access on termination• Identify and manage business & IT controls• Meet audit requirements• Prevention of un-authorised access
Real-Time Compliance
© UNIFY Solutions
13
Integrating HR across the Enterprise
Integrate HR with Active Directory, other Enterprise Directories and Applications HR-driven Identity Management not only protects critical data and information, it also
helps to maximise return on investment by creating efficient and productive workflow systems.
HR-driven Identity Management can help you add value to your business by improving data security; establishing secure access controls for selected users; streamlining processes and administration, and reducing costs through automation.
As these improvements are important to your organisation, you can now tick the following boxes (substitute chris21 any of the other 3 HR platforms below):
© UNIFY Solutions
Integrating HR across the Enterprise
Operational
Business
Compliance
• Automate Management of Identity Lifecycle• On Boarding• Off Boarding• Day to Day Changes
• Consistent Data• High Integrity
• Organisational Information• Role Based Access• Managers and Reports To
• Automated Real-Time Compliancy• Enforce Business Process and Policy
• Improve Business Productivity• Streamline Processes and Reduce Costs
Your HR system has the Answers
© UNIFY Solutions
HR
Identity Broker for HR Applications
Identity Manage
ment
Synchronise
RoleCompliancy
Reporting
Identity Management and Synchronisation
Platform
Network
BusinessApps
White Pages
Identity Broker
Peter Tiernan
Brisbane
Identity Management
Consultant
Peter Tiernan
Brisbane
Identity Management
Consultant
Peter Tiernan
Brisbane
Identity Management
Consultant
Peter Tiernan
Brisbane
Identity Management
Consultant
Peter Tiernan
Brisbane
Identity Management
Consultant
© UNIFY Solutions
HR
Integrating HR across the Enterprise
Identity Manage
ment
Synchronise
RoleCompliancy
Reporting
Identity Management and Synchronisation
Platform
Network
BusinessApps
White Pages
Peter Tiernan
Brisbane
Identity Management
Manager
Peter Tiernan
Brisbane
Identity Management
Consultant
Peter Tiernan
Brisbane
Identity Management
Consultant
Peter Tiernan
Brisbane
Identity Management
Consultant
Peter Tiernan
Brisbane
Identity Management
Consultant
Identity Broker
© UNIFY Solutions
HR
Integrating HR across the Enterprise
Identity Manage
ment
Synchronise
RoleCompliancy
Reporting
Identity Management and Synchronisation
Platform
Network
BusinessApps
White Pages
Peter Tiernan
Brisbane
Identity Management
Manager
Peter Tiernan
Brisbane
Identity Management
Manager
Peter Tiernan
Brisbane
Identity Management
Manager
Peter Tiernan
Brisbane
Identity Management
Manager
Peter Tiernan
Brisbane
Identity Management
Consultant
Identity Broker
© UNIFY Solutions
HR
18
Identity Broker for SharePoint
SharePoint is Microsoft's best selling product. Organisations, large and small, are using it as their Portal of choice, and are
likely to face a number of challenges in integrating SharePoint with their enterprise systems.
Typical challenges include supporting multiple directories for user definitions; support for a multi forest/domain Active Directory environment, particularly where there are
users who move between forests/domains; implementing real-time compliance based upon changes to authoritative sources including user
definitions and information; and allowing SharePoint to be a dynamic enterprise wide user self-service White Pages.
Through the Identity BrokerTM for SharePoint®, information from other applications and services can be populated within SharePoint thereby increasing the value and integrity of SharePoint as a portal.
© UNIFY Solutions
19
Demonstration
Combine the above elements into a single IdM solution to deliver a compliant SharePoint platform for your organisation.
© UNIFY Solutions
20
Summary
Consider applying the principles of Identity Management to your SharePoint investment, and reap the rewards that you always expected but have so far found elusive!UNIFY have developed a repeatable HR + SharePoint + AD synchronisation solution for each of the following HR platforms: chris21 Empower Talent2 Alesco Aurion If your HR application isn’t one of these, talk to us. In addition to the above, the current suite applications supported by Identity Broker appears on the next slide, and is growing fast.
© UNIFY Solutions
chris21
Aurion HR SAP HCM SharePoint HP TRIM Cisco Call Manager Tivoli Access Manager eMinerva Expert Talent2 HR
Cerner Bighand Kronos Synergetic Maze SIF
Rapid Development Crimtrac
Identity Broker
© UNIFY Solutions
www.microsoft.com/identitywww.unifysolutions.netwww.thefimteam.comwww.fimeventbroker.com
Thank You
Questions