Sun Java™ System Identity Manager

Innovative Identity Management

Customer Presentation
Sun Microsystems
Business Imperatives
Identity management solutions must address multiple,
conflicting business goals

Portals Corporate
Governance
Extranets Internal
Threats

Web Improve Become

External
Services Access & More Threats
Service Secure
Dynamic Legal
User Base Mandates
Reduce
Costs

Operations Integration
Help
Desk Development

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 2

 Sun Identity Management
Fosters productivity, strong business Lowers risk and ensures compliance
relationships and increases revenue with policies and mandates
● Single Sign-on improves ● Automatic detection of potential
service and ease of use risks such as dormant accounts
● Automated provisioning ● Role- and rules-based access
ensures rapid access to Improve Become
required resources Improve control to protect enterprise
Access & More resources
● Self-service account Access &Sun Identity
Service Secure ● Centralized visibility and control
management and password ServiceManagement across divisions and departments
reset
● Enterprise-wide identity auditing
● Federation to enable trusted and reporting
partnerships and new
revenue opportunities Reduce
Costs

Improves operational efficiencies & bottom line results

• Reduces administrative costs through automation, delegation and self-service
• Reduces total cost of ownership and speeds deployment times
• Reduces development and integration costs through open, integratable architecture
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 3
Sun Identity Management
Directory Server
Enterprise Edition Identity Manager
● Comprehensive software portfolio
that includes
● Directory Services

● Access Control, Single Sign-on,

Federation
● Provisioning and Meta-

Directory Services
● Open and integratable to reduce
integration cost and complexity

Access Manager

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 4

Sun Identity Management Products

Web-Based Administration

Access Identity Directory

Manager Manager Server EE

Access Control User Provisioning Directory Services

Single Sign-On Password Management Security/Failover

Federation Synchronization Services AD Sync Services

Audit & Reporting

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 5

 Network Identity Architecture Template

Source: Burton Group Telebriefing, Enterprise Identity Mgmt, The Strategic Infrastructure Imperative

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 6

Sun Java System
Identity Manager ● Automated user provisioning to
improve operational efficiency and
enhance security
A comprehensive solution for ● Secure, automated password
managing identity profiles and management to improve service
levels and lower costs
permissions throughout the ● User self-service and delegated
entire identity lifecycle administration to lower support costs
● Automated data synchronization to
lower workloads associated with
handling change
● Enhanced ● Non-invasive, flexible architecture to
security Change speed deployment and ROI
● Lowered costs Add
● Comprehensive auditing and
reporting to improve security
● Improved compliance
productivity

Delete

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 7

 Business Drivers for Identity
Management
The rising importance of Information Security
Security audits: Operations must be able to demonstrate the
ability to control, audit and report on what users have access to
Legislative compliance: HIPAA, Gramm-Leach-Bliley Act, Sarbanes
Oxley, 21 CFR Part 11, European Data Protection Directive, etc.
The increasing amount of change in enterprise
environments
Acquisitions, divestitures, reorganizations, workforce reductions
The growing need to control costs “Do more with Less”
Recurring charges for non-digital resources that were not de-
provisioned
Spiraling help desk costs for password resets
Provisioning Challenges
Fragmented, Manual and Insecure

Partners Employees Customers Former

Employees

• Where are my risks?

• Who should have access?
• Who does have access?
Facilities/
Human Resources
System
Call Center Help Desk
What assets have been
• Purchasing
provided?
• How much does this cost?

Exchange and Oracle Financials Siebel CRM Chargeable Assets Other Assets
Active Directory • Mobile phone/service • Office space
• Conference call account • Phone
• Credit card • Laptop
Provisioning with Identity Manager
Streamlined, Automated and Secure

Partners Employees Customers Former

Employees

HR
System Reduced risk
Complete view of user’s
identity
Approving
Efficient,
Manager automated

operations

Exchange and Oracle Financials Siebel CRM Chargeable Assets Other Assets
Active Directory • Mobile phone/service • Office space
• Conference call account • Phone
• Credit card • Laptop
Identity Manager Capabilities
Automated user provisioning
Synchronization services
Auditing and reporting
Delegated administration
Password management
Cross platform support
Noninvasive, flexible architecture
Features and Benefits
Smart Forms
AutoDiscovery
Virtual Identity manager
Agentless Adapters
ActiveSync
Rules Engine
Dynamic Workflow
Centralized password policy management
Help desk integration
Pass-through authentication
Technical Architecture Diagram
Agent-less

Gateway
External
Unix Systems Agent
End User Workflow
Self-Service
HTTPS SSH Custom Apps
Any Web WSBPEL
Custom
Browser
RDBMS
JDBC
J2EE Groupware
JMAC/ABAP/JDBC Servlet
Application
HR Authoritative
Source Adapters JNDI
Directories
3270

TROUBLE TICKET Mainframe

ADSI
Help CREATION
Any App Server
Desk SOAP/
XMLRPC NT/ADS
JDBC/LDAP
SMTP LDAP/
RDBMS or JDBC Partner Web App
HTTPS • Conference Call Account
LDAP Directory
• Credit Card

Approving Asset Database/Directory

• Laptop Serial Number
Manager
• Office Number
• Mobile Service Plan
Any Web Lighthouse
• Mobile Phone Model
Browser Virtual ID Store
Identity Manager Resources

More than 50 out-of-the-box

Configured with resource wizards
Most defined and tested in minutes
Types of resources
Mainframe security managers
Databases
Directory Services
Applications
Operating Systems
ERP Systems
Messaging platforms

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 14

Identity Manager Resource Adapter Types
Agentless connectivity
Easily intergrated in existing environments
Single maintenance point for upgrades
Eliminates most technical/political objections
Gateways where appropriate
Crossing OS/AIP boundaries
Follows platform interface requirementsProvides
compatiblity over time using recommended APIs
Custom Adapters
Unusual or proprietary resources
The RDK is a clean and effcient approach
Lots of custom skeletons to reuse
Identity Manager Workflow Features
Management of complex business processes
Capable of comples processes
Multi-step approvals
Robust notification framework
Silent Directory data transformations
Can include digital and non-digital assets
Task persistence
Task recovery
Adminstrator queues
Escalation
Automatic network / resource error compensation with
notification
Diverse execution models
Synchronous, concurrent or hybrid workflows
Independent thread forked processes
Deferred/scheduled processes to execute at present time
Identity Manager Virtual Identities

Lightweight
Real-time interaction with managed resources
Can modify operation of connected application NOW!
No complex replication infrastrucre
Ability to generate reports on native data in resources
Virtual Identity Composition
Identity Manager ID
Basic Information (name, email)
List of resources
Key information for each resource
Extendable
Identity Manager Synchronization
Multiple synchronization types to best fit a given
resource
ActiveSync
Smart Polling
Event Listener
Full IDM workflow is available
Execute complex business logic
Approvals and notifications
Converting to and from flat data or nodal structures
Secondary system lookups
Reconciliation and Discovery
Bulk activity – Where batch process is needed.
Identity Manager Auditing & Reporting

Every action in Identity Manager is logged

Stored in the IDM repository
Discrete entries for each activity
Allows for aggregate queries
Extendable, Ex: signed logging
Extended logging for compliance reporting

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 19

Identity Manager Auditing and Reporting (cont.)

Reporting types
User and Administrator
Summary Reports
Usage
Role
Resource
Report output options
Ad-hoc
Scheduled
Visual
Formatted for export
Risk analysis reports
Wizard to create new reports
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 20
Identity Manager Interface Options

Zero footprint web based applications

Administrator interface
End user self administration
SOAP/SPML
Provides standards based interface
HTTP connectivity
Java API for custom applications
Console
Scriptable
Bulk process
IVR (legacy InnerVoice Bright)
Business Process Editor (Java Swing)
Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 21
Identity Manager Objects and Containers

Users
Resources
Any external data managed by Identity Manager
Roles and resource groups
Contain multiple resources
Contain behavior
Apply rules and policy
Organization and Virtual Organizations
Virtual Organizations map to org structures in remote directories
Relationships between objects and containers

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 22

Identity Manager Delegated Administration

Capabilities
Discrete
Can be assigned to a user that perform only one function
N-level delegation
Can be assigned from one administrator to another providing true n-level
delegation
Administrators are created
Granular authority
Any user can be an administrator
User's administration privileges may be limited
To a specific capability
In a specific organization
Using the web interfacce
Using rules, forms or workflow

Sun Proprietary/Confidential: Authorized Partner & Internal Use Only 23

Technical Differentiators
Industry's first integrated Provisioning and
Meta-directory solution
Patent-pending, noninvasive technology that
enables rapid deployment and efficient ongoing
management:
Auto-discovery
Virtual Identity Manager
Agent-less Adapters
ActiveSync
Rules Engine
Dynamic Workflow
 Java System Identity Manager
Competitive Chart
Sun IBM Microsoft Novell
Integrated offering Yes No No Yes?
noninvasive, flexible architecture Yes No
Delegated Administration Yes No No
Workflow Capabilities Yes Limited Yes via Silverstream
Cross Platform Support Yes Limited No No
Single Connector strategy Yes No No No
Identity Manager Validation
“We've reduced the turnaround time on user
requests for account changes such as additions
and deletions by up to 50% and have been able
to expand the responsibilities of the user
registration group.” Rick Perry, Director of Enterprise
Operations and Security, BNSF

“We selected Sun because of it's flexibility and

scalability. They were able to address our self-
service password management needs of today as
well as provide a platform that can extend into
full user provisioning in the future.” Manager
Information Protection and Security
Customers