Microsoft Forefront Identity Manager 2010 R2

Overview:

Microsoft Forefront Identity Manager 2010 R2 delivers self-service identity management for users, automates lifecycle management across heterogeneous platforms for administrators, and provides a rich policy framework for enforcing corporate security policies.

Common identity is an important tool to ensure users have appropriate access to corporate information regardless of where it is located—in your datacenter or in the cloud. Microsoft Forefront Identity Manager (FIM) 2010 R2 helps you resolve these issues by providing self-service identity management for your users, automated lifecycle management across heterogeneous platforms for your administrators, and a rich policy framework for enforcing corporate security policies and detailed audit capabilities.

Benefits

Microsoft Forefront Identity Manager 2010 R2 allows you to simplify identity lifecycle management through automated workflows and business rules, and provides easy integration with heterogeneous platforms. You’ll empower people with end-user self-service capabilities embedded in Outlook or delivered via a familiar SharePoint experience, and be able to improve security and compliance with auditing across identities, role-based access control, and deep role discovery.

Enable users

You can empower users to self-remediate identity issues, including group membership, smart card, and password reset functions with an easy-to-use interface, resulting in increased productivity and end-user satisfaction.

Hybrid identity

Simplify identity lifecycle management through automated workflows, business rules and easy integration with heterogeneous platforms across the datacenter and cloud. Identity and group provisioning can be automated based on business policy and implemented via workflow-driven provisioning through a single interface, including the ability to extend FIM to support new scenarios through the Visual Studio and .NET development environments.

Protect data

Discover and map permissions across multiple systems to individual, assignable roles, leveraging role mining tools to discover the various permission sets for users across the enterprise to be later modeled and applied centrally. IT and auditors with a single view of individual users and resources can increase visibility into compliance and the security state of systems across their organization along with in-depth auditing and reporting.

Capabilities

Policy management

• SharePoint-based console for policy authoring, enforcement and auditing
• Extensible WS-* APIs and Windows Workflow Foundation workflows
• Heterogeneous identity synchronization and consistency

Credential management

• Heterogeneous certificate management with third party CA support
• Management of multiple credential types
• Self-service password reset integrated with Windows logon as well as web-based tool
• Integrated provisioning of identities, credentials, and resources

User management

• Automated, codeless user provisioning and de-provisioning
• Self-service user profile management
• Synchronization of user identity across Active Directory, Microsoft Azure Active Directory and external directories

Group management

• Rich Office-based self-service group management tools
• Offline approvals through Office
• Group and distribution list management including dynamic membership calculation in these groups and DLs based on user's attributes

Access management

• Preventative role-based access control
• Rule enforcement through segregation of duties
• Self-service access request and automated approval workflow

Compliance

• Rule-based analytics of access
• Access re-certification and attestation
• In-depth reporting and auditing using familiar tools like System Center Service Manager and SQL Server Reporting Services

Features:

Building a Common Identity

Common identity is an important tool in ensuring appropriate access to corporate information. Without an efficient method of establishing and maintaining a common identity across complex heterogeneous systems, significant challenges arise. These can include high help-desk costs for password resets and smart card deployment, loss of productivity as users struggle to access the resources they need, and serious risk to the business due to noncompliance with internal and external regulations.

Forefront Identity Manager (FIM) 2010 R2 helps you resolve these issues by providing self-service identity management for your users, automated lifecycle management across heterogeneous platforms for your administrators, and a rich policy framework for enforcing corporate security policies and detailed audit capabilities.

Empower people

Productivity suffers and your IT costs go up when users have to call the help desk to address common identity management problems such as resetting a password. FIM 2010 R2 provides a self-service portal and embeds capabilities in common Microsoft Office tools so users can readily access the services they need, when they need them. Enabling users to solve simple problems like these quickly and easily both improves user productivity and increases user satisfaction.

Self-service portal. With the FIM 2010 R2 portal, administrators can define policies that allow users to remediate identity issues themselves—updating their identities, managing groups, and resetting passwords across all of your organization’s systems.

Easy-to-use interface. The FIM 2010 R2 interface makes tasks like resetting a PIN or a password very simple. Common user management experiences are integrated into the Windows operating system, Microsoft Outlook, and Microsoft SharePoint collaboration software so users can easily create an email distribution list or add others to a group.

FIM 2010 R2 provides an easy-to-use portal where users can manage their own identities.

Simplify identity lifecycle management

Maintaining identities—provisioning, updating, and de-provisioning—can be extremely complex and expensive. This is especially true when you consider the high degree of system integration required to get other solutions to work together on disparate identity platforms. FIM 2010 R2 simplifies management of the identity lifecycle through automated workflows and business rules, and offers easy integration with heterogeneous platforms.

Consolidated, cross-platform identity support. FIM 2010 R2 can automate identity and group provisioning and management based on business policy and implemented through workflows. This automation across heterogeneous systems lowers IT costs and reduces opportunities for error.

Built-in smart card management. FIM 2010 R2 centrally manages the process for provisioning smart cards, which dramatically reduces the costs typically associated with deploying multi-factor authentication.

Easy extensibility. FIM 2010 R2 integrates with familiar developer tools so administrators can easily extend capabilities when business needs change. Extending FIM 2010 R2 to support new scenarios is simple using existing identity management tools, through the Microsoft Visual Studio and .NET development environments.

Improve security and compliance

When identity management is not automated, controlling access and enforcing corporate policy can not only be expensive and time-consuming, but can introduce error and organizational risk. FIM 2010 R2 improves security and compliance by providing auditing, role-based access control, and deep role discovery.

Role-based access administration. FIM 2010 R2 enables IT to discover and map permissions to individual, assignable roles across multiple systems. Its role-mining tool helps administrators discover the various permission sets for users throughout the enterprise so later they can be modeled and applied centrally.

Centrally enforced identity policy.FIM 2010 R2 automatically maintains consistency of identity information and application of user roles across enterprise identity systems. IT and auditors get a single view of individual users and resources, increasing visibility into the compliance and security state of systems across your organization.

In-depth auditing and reporting. Administrators can audit and report on all the activities and historical states of each event, stage of a workflow, when it took place, and any associated approvals, using such familiar technologies as Microsoft SQL Server and Microsoft System Center.

New in R2

FIM 2010 R2 integrates new functionality through the Microsoft BHOLD Suite to provide rolebased access control and allow administrators to review access rights continually across the organization. The FIM 2010 R2 release also adds an improved selfservice password reset experience, along with performance, diagnostic, and reporting improvements.

The Microsoft BHOLD Suite

The Microsoft BHOLD Suite augments Forefront Identity Manager with identity and access governance functionality to help you enforce policies that control access. These capabilities include in-depth role management, separation of duties, access certification, and authorization management.

Forefront Identity Manager (FIM) 2010 R2 addresses the complexities of identity management by offering:

• Self-service identity management for your users
• Automated identity lifecycle and role management across heterogeneous platforms for your administrators
• A rich policy framework for enforcing corporate security policies and detailed audit capabilities

Documentation:

Download the Microsoft Forefront Identity Manager Datasheet (PDF).