proprietary & confidential © 2004 netegrity, inc. all rights reserved. matthew gardiner product...

Proprietary & Confidential© 2004 Netegrity, Inc. All rights reserved.

Matthew GardinerProduct Marketing Manager

Provisioning

2Proprietary & Confidential © 2004 Netegrity, Inc. All rights reserved.

Agenda

Business Goals & Impacts

Introduction to IAM & Provisioning

IdentityMinder eProvision

Case Studies

Roadmap Overview


The Problem – IGetting New People Productive Quickly

IT AdministratorNew

Employee

Start Date

End Date

Project

Location

Department

DivisionCompany

Resources

Directory

Phone

Email

Database

Security


The Problem - IIKeeping People Connected

Transferred to a New Site New mobile phone service Remote network access Terminate local network access

Promoted New business cards New laptop Return old laptop

Added to Task Force Access to database New groupware account File sharing capabilities

Project Terminated Access terminated Groupware account

terminated

On to New Challenges All assets returned All access to

systems denied

Hired


The Problem – IIIDe-Provisioning People

Recover IT equipment, re-deploy licenses & IT assets

Get people “out of the system” at the touch of a button

Maintain accurate IT audit of former personnel

Increase security

Provide accountability

Aides compliance– Sarbanes-Oxley, Italian Law 196, Basel II, etc…– Focus on IT Control & Privacy

Directory

Phone

Email

Database

Security


Why is this hard?

Identity Information Is Scattered Throughout

the Enterprise

Many UsersCustomersEmployees

Partners

Many ApplicationsLogistics, Financial,

Service

Many IdentitiesNT, RDBMS,LDAP, UNIX


Why is this hard…Silos?

UserStore

UserStore

Security Layer

UserStore

Security Layer

UserStore

Security Layer

Security Layer

Linux

Application Layer

Unix

Application Layer

Windows

Application Layer

HPUX

Application Layer

Heterogeneous Environments

Employee Customer Partner WebService


Significant Impacts

Password reset & ID problems represent 15% - 35% of helpdesk call volume (Gartner)– Typical cost per call $10 - $31

Many man-hours of management/administrator time spent approving/administering resource requests

Waiting time for new user IDs & application entitlements too long Long lag time between user termination & disablement of IDs

– Change within “user-owner” organization is not communicated out– Often user is never de-provisioned from all systems

o IDC say upwards of 60% accounts are “orphaned”

Many access requests received outside of the documented process– Random phone calls, emails, & hallway conversations– Represents potential IT control problem

Difficulty documenting adherence to corporate security policies & compliance with government regulations

Costly to create & maintain homegrown identity management systems


Key Drivers of Provisioning

Cost & Productivity– Highly automated administration processes– User self-service

Security & Compliance– Adds controls over granting & revocation of privileges– Processes are repeatable & auditable– Extensive audit support and management reporting adds IT control– Enforced segregation of duties also enhances IT control

User Experience– Seamless & personalized access to systems– Direct control over own profile, entitlements, and password(s)

reduces wasted time

Key Benefits

Cost & Productivity

Security & Compliance

User Experience


IAM OverviewWhat Is Identity & Access Management?

Identity Management

Create Enable

Disable Change

Access Management provides the foundation of security infrastructure:

Enforcement

Identity Management automates the lifecycle of the user’s relationship with the enterprise:

Administration

Web Apps

Web Services

AccessManagement

Legacy Apps


IdentityMinder® eProvision TransactionMinder® SiteMinder® IdentityMinder® Web

Netegrity’s Modular Solution Offerings

Modular Approach

Netegrity Identity and Access Management

TransactionMinder SiteMinderIdentityMinder

Web

IdentityMinder

eProvision

The Leading Solution

Manageability

Performance

Heterogeneity

Comprehensive

Availability

Centralized

Unique Solution

Policy-Based

Standards Support

Leverages Identity

Built on SiteMinder

Self-Service

Delegation

Optimized for Extranet Users

Role-Based

Workflow

Optimized for Intranet Users

Dynamic Workflow

Connector Architecture

Connector Tool

Password Services


Two IdentityMinder’s?

Organizations approach the problem 3 ways (figure out with whom you are talking)– “I care about administering my external (extranet) Web users”

o IdentityMinder Web Edition

– “I care about my administering my employees & contractors for internal resources”

o IdentityMinder eProvision

– “I care about administering all of my users in my enterprise using a single system”

o IdentityMinder Enterprise Edition

Netegrity’s IdentityMinder product family is integrated today– Merging in 2005

IdentityMinder provides an enterprise identity management solution – Provides user administration & resource provisioning– Can be deployed modularly


IdentityMinder® eProvision

IT Administrator

Self-Service

HR System

Manual Work OrdersE-MAIL

ERP & CRM Voice RDBMS Directory NOS

Initiate Workflow

DetermineResource Impacts

ExecuteResource Changes

Name: Fred

Department: Sales

Position: Engineer

Supervisor: Mary

Start Date: 1/21/03 Approvals &Notifications

Log Actions &Generate Reports

Provision Users to Resources


Case StudyInternational Paper

Problem– Administer roll-out of SAP-based portal to entire company

o Single platform for company data, email and SAP access– Reduce long-term admin costs for all corporate resources

o Systems, PCs, phones, badges– Support Sarbanes-Oxley compliant control structure

Organizational Information– Fortune 500 forest products company– 90,000 employees worldwide

Solution– IdentityMinder eProvision

o Active Directory, Notes, SAP Portal, RSA tokenso Password Services

– Future phases: All corporate resources including hardwareo PBX, Company cars, VPN, badges, PCs, etc.


Case StudyWeyerhaeuser

Problem– Insufficient control over IT assets

o Especially considering Sarbanes Oxley & California privacy laws– High cost of manual administration– Poorly integrated web & non-web identity and access control

processes

Organizational Information– 57,000 employees worldwide in 18 countries– Numerous supply chain and trading partners

Solution:– IdentityMinder Enterprise Edition

o Peoplesoft HR, SAP Accounts, Windows, Exchange, ODBCo Web access control; password management


Case StudySchering-Plough

Problem:– Had internally-built provisioning system, wanted to replace– Compliance with new regulations– Ran pilot with competitive product for 18 months; they could not meet

requirements

Organizational Information:– 30,000 managed users, 350,000 user accounts

Solution:– IdentityMinder eProvision

o NT, Active Directory, Exchange 5.5, Novell NDSo ODBC databases, application provisioning

– Phase II – Unix (AIX, HPUX, Sun Solaris), Oracle 7, 8 and 9– Phase III – IBM OS 3 with Top Secret, AS/400 and Documentum.


Start

Yield

Stop

Key Functionality

Connecting Business-to-IT– Business people drive changes– Rules vs. roles

Dynamic workflow

IT automation

Reverse synchronization

Self-service

Delegated administration– Assigning tasks– Out of office– Teams and projects

Auditing and reporting

Password management

Customizable user interface

Architecture and scalability– System architecture– Distributed security

Configuration and maintenance tools


Provisioning Connectors

Provisioning Connectors – Communicate with business and IT systems,

automating business requests into resource-specific commands

Long list of OOTB connectors– PeopleSoft HR, Windows, Exchange, Solaris,

RDBMS, Seibel, SAP, LDAP, Assets

ePM Xpress– Easy to use Wizard-based approach for

ODBC, LDAP and other custom systems

Connector Management– Robust administrative tools for installing and

managing connectors


Deep Provisioning Experience

Major global provisioning customers around the globe

IdentityMinder eProvision– First introduced in 2000– Nearly 1.2M users licensed

worldwide


IdentityMinder Road Map

Q2’04 Q3’04 Q4’04 Q1’05 Q2’05

IdentityMinder 6.5 Integrated Web and

Provisioning

IdentityMinder WE 6.0 Improved GUI RDBMS support

eProvision 4.0 SP2

Workflow groups Clustering

IdentityMinder WE 5.6 SP3 Cert with eProv 4.0 SP1 Integ J2EE Id Mgmt

IdentityMinder WE 6.0 SP1 Cert with eProv 4.0 SP2

Password Management Platforms (TBD)

eProvision 4.0 SP1

J2EE Architecture Dynamic Workflow


IdentityMinder eProvision 4.0 SP1

Currently available J2EE architecture

– Support for Windows and Solaris

New Dynamic Workflow Server– Graphical configuration interface– Optimal task generation and scheduling

Enhanced Policy Builder– Develop policy expressions for reverse-sync as well as activity

policies

Unified Designer– Manage the entire provisioning deployment with one designer

interface

Comprehensive APIs


IdentityMinder 6.5

Target Q2 2005– Next major step of merging & integration

Merger of Web Edition & eProvision into one code base– Continue to leverage J2EE deployments

– Single administrative GUI

– Integration of rules & roles

– Single access control model

Ease of use– Enhanced user-interface for user/group, role/rule/resource

management

– Simplified install & deployment

– Single audit/reporting view

proprietary & confidential © 2004 netegrity, inc. all rights reserved. matthew gardiner product...

Documents