More Related Content
Similar to IDM Magnolia Integration Overview
Similar to IDM Magnolia Integration Overview (20)
IDM Magnolia Integration Overview
- 2. Magnolia Conference 2009 © deron GmbH September 200
Introduction
IDM User Study 2009
IDM – an Overview
IDM Magnolia Integration
Integration Module
Integration Module
- 3. Magnolia Conference 2009 © deron GmbH September 200
Introduction
IDM User Study 2009
IDM – an Overview
IDM Magnolia Integration
Integration Module
Integration Module
- 4. Magnolia Conference 2009 © deron GmbH September 200
Company
Spin Off from Fraunhofer Gesellschaft
Foundation in 2001
25 employees
Locations
Headoffice Stuttgart
Köln / Burscheid
Hamburg
Zürich
- 5. Magnolia Conference 2009 © deron GmbH September 200
Ralf Hirning
15 years IT consulting and project management
10 years CMS projects
Magnolia projects
Magnolia training
Now: Identity Management consulting
- 6. Magnolia Conference 2009 © deron GmbH September 200
Introduction
IDM User Study 2009
IDM – an Overview
IDM Magnolia Integration
Integration Module
Integration Module
- 8. Magnolia Conference 2009 © deron GmbH September 200
Identity Management Usage
Identity Manag ement E ins atz
23%
yes
34%
no Ja
In E inführung
7% introducing
In P lanung
Nein
© deron 36% planned
- 9. Magnolia Conference 2009 © deron GmbH September 200
Definition of Processes ...
D e fin itio n d e r IT -G e s c h ä fts p ro z e s s e
Interner Mitarbeiter [m it IdM] Interner Mitarbeiter [ohne IdM]
E x terner Mitarbeiter [m it IdM] E x terner Mitarbeiter [ohne IdM]
100%
90%
80%
70%
Häufig keit (in P roz ent)
60%
50%
40%
30%
20%
10%
0%
A nleg en A k tivieren D eak tivieren L ös c hen
create activate deactivate
IT -G e sc h ä ftsp ro z e sse
delete
© deron
- 10. Magnolia Conference 2009 © deron GmbH September 200
but ...
D e fin itio n d e r Ä n d e r u n g s p ro z e s s e
Interner Mita rbeiter [m it IdM] Interner Mita rbeiter [ohne IdM]
E x terner Mitarbeiter [m it IdM] E x terner Mitarbeiter [ohne IdM]
100%
90%
80%
70%
Häufig keit (in P roz ent)
60%
50%
40%
30%
20%
10%
0%
change
Na m ens änderung
change
P as s wortänderung
changewec hs el change tion
A bteilung s Mitarbeiterfunk project c haftresponsibility for
P rojek tm itg lieds V era ntwortung
tec hnis c he-/
© deron
name password organization e d e s Ä n d e rn s
IT -G e sc h ä fts p ro z e ss
function member technicalc ounts
funk tions ac
accounts
- 11. Magnolia Conference 2009 © deron GmbH September 200
Introduction
IDM User Study 2009
IDM – an Overview
IDM Magnolia Integration
Integration Module
Integration Module
- 12. Magnolia Conference 2009 © deron GmbH September 200
IDM functional layers
Approval process
Entry new
User information for new accounts
Business-Layer:
Personal information
Business role model
IT business process
HR Orga
IDM-Layer:
Central identity store
IDM
Middleware
Infrastructure:
Provisioning Microsoft
Active Directory
Help Desk SAP VPN
further
applications
Authorization management
...
synchronization ADS Help Desk SAP VPN
...
...
- 13. Magnolia Conference 2009 © deron GmbH September 200
Business Processes & IDM Components
Components of
Bausteine des
Identity & Access Management
Meta-Store für Accounts
Provisioning
Workflow-Management
User Self Servie
Benutzer Self Service
Role Based Access Control
Single Sign On
Federation
Audit
Public Key Infrastructure
- 14. Magnolia Conference 2009 © deron GmbH September 200
IDM: The classical approach
pros: HR
data synchronization > Regelbasierte
rule based processing
Verarbeitung der
simple initial user setup of HR data
Informationen aus HR
fast implementation
cons: IDM
> Regelbasierte
a complete base installation rule based
Weiterverarbeitung
provisioning
der Daten
is necessary
no workflow integration
overall benefits are low
ADS
- 15. Magnolia Conference 2009 © deron GmbH September 200
IDM: workflows and authorization management
pros:
workflow integration
extended user
administration
cons:
No auditing and reporting
tools
No role management
- 16. Magnolia Conference 2009 © deron GmbH September 200
IDM: business roles & compliance
User-Self-Service
> Personendaten > Access-Right Request
> Orga-Zugehörigkeit
pros: > ...
HR ORGA
User
> Passwort-Self-Service
> ....
audit and reporting in place
RBAC
extended user > mehrstufiges
Genehmigungsverfahren
administration Webfrontend für die
IDM-Administration
> Eskalationsszenario
(Vertreterregelungen,
etc...)
cons: Administration IDM
Manager A
Additional expenses Audit
Long term strategy
Manager B
Reporting
necessary > Regelbasierte
Weiterverarbeitung der Daten Manager C
> Anlage eines
Home-Directorys > Anlegen des Benutzers
und Zuordnung innerhalb
der Struktur
> Automatisierte Zuordnung
der Gruppenzugehörigkeit
ADS
X X
- 17. Magnolia Conference 2009 © deron GmbH September 200
Real Challenge: multiple different Life-Cycles
Mitarbeiter
Life-Cycle Anlegen
Anlegen
Anlegen
Löschen
Aktivieren /
Mail- Projekt-Life-Cycle
Reaktivieren Verteilerlisten
Life-Cycle Ändern
Löschen
Ändern
Deaktivieren Ändern
Prüfen
Anlegen
Sammeluser Life-Cycle
Löschen Ändern
Prüfen
- 18. Magnolia Conference 2009 © deron GmbH September 200
Real Challenge: multiple different change types
Mitarbeiter
Life-Cycle Anlegen
Löschen
Aktivieren /
Reaktivieren
Deaktivieren Ändern
name
function
organization
project member
deprovisioning
...
- 19. Magnolia Conference 2009 © deron GmbH September 200
Real Challenge: organizational change
t
OU ‘old’ OU ‘new’
Old Permissions
New Permissions
OU = organizational unit
- 20. Magnolia Conference 2009 © deron GmbH September 200
Introduction
IDM User Study 2009
IDM – an Overview
IDM Magnolia Integration
Integration Module
Integration Module
- 23. Magnolia Conference 2009 © deron GmbH September 200
Direct Integration
IDM
Create
Query Modify
Delete
Remote Module
Magnolia
JCR
- 24. Magnolia Conference 2009 © deron GmbH September 200
Introduction
IDM User Study 2009
IDM – an Overview
IDM Magnolia Integration
Integration Module
Integration Module
- 25. Magnolia Conference 2009 © deron GmbH September 200
Remote Module - Filter
Create filter to handle remote requests
Define a URL pattern for the filter to handle
/.remote/…
- 26. Magnolia Conference 2009 © deron GmbH September 200
Remote Module – XML Query
?xml version="1.0" encoding="UTF-8"?>
mgnl-command>
<query repository="users"
language="xpath"
statement="//*"
event-id="0815"/>
/mgnl-command>
- 28. Magnolia Conference 2009 © deron GmbH September 200
Remote Module – Config tag handler
Create tag handler for
delete
move
rename
…
- 29. Magnolia Conference 2009 © deron GmbH September 200
Ralf Hirning
deron GmbH
Schelmenwasenstr. 32
70567 Stuttgart
Germany
