Microsoft Identity and Access Management Series

Fundamental Concepts

Chapter 1: Introduction to the Fundamental Concepts Paper

Published: May 11, 2004 | Updated: June 26, 2006

Executive Summary

This paper focuses on the business and IT challenges related to identity and access management and the approaches and technologies available for overcoming these challenges. It describes key concepts, terminology, typical initiatives, and the Microsoft products and technologies related to identity and access management.

This paper is the first paper in the Microsoft Identity and Access Management Series.

The Business Challenge

Identity and access management has become more complex as digital identities take on an increasingly important role in specifying how users interact with computer networks. Organizations need to manage users efficiently and accurately while granting them access to network resources. However, organizations rarely store and use identity information in only one place. Multiple departments, countries and regions, business divisions, and software choices along with mergers and acquisitions result in the proliferation of directory services and application-specific identity stores — increasing costs and causing complicated security issues.

Developing a consistent and effective identity and access management strategy requires a sound understanding of the approaches and technologies you can use to address multiple digital identities. Organizations and IT departments need to implement both short term and strategic approaches to controlling identity.

The Business Benefits

Improving access to network resources and managing the identity life-cycle can provide significant dividends for organizations. Typical benefits include:

•	Lower total cost of ownership (TCO) through efficiency and consolidation.
•	Security improvements that reduce the risk of internal and external attacks.
•	Greater access to information by partners, employees, and customers — driving increased productivity, satisfaction, and revenue.
•	Higher levels of regulatory compliance through the implementation of comprehensive security, audit, and access policies.
•	Greater business agility during events such as mergers and acquisitions.

Who Should Read This Paper

The intended audience for this paper includes architects, IT professionals, IT managers, and consultants involved in identity and access management efforts. The secondary audience is technical decision makers who want to make the business case for identity and access management investments.

Reader Prerequisites

This paper provides fundamental concepts for the Microsoft Identity and Access Management Series; the only prerequisite is to have a basic knowledge of the directory and security services used in heterogeneous computing environments.

Feedback

Please direct questions and comments about this guide to secwish@microsoft.com.

Top of page

Paper Overview

This paper consists of seven chapters that explain fundamental digital identity and access management concepts and capabilities of the Microsoft platform. The chapters cover the following topics:

Chapter 1: Introduction

The introduction provides an executive summary, business challenges and benefits, the recommended audience for the paper, and an overview of each chapter in the paper.

Chapter 2: Terminology and Initiatives

This chapter reviews the key terms and strategic issues behind identity and access management. It discusses options for integrating digital identities, and the technical and organizational approaches to address these options.

Chapter 3: Microsoft Identity and Access Management Technologies

This chapter introduces the directory and security services of Microsoft® Windows Server™ 2003, Microsoft Windows XP, Microsoft Identity Integration Server 2003 Enterprise Edition with Service Pack 1 (MIIS 2003 SP1), Microsoft Passport, and other products related to identity and access management.

The remaining chapters discuss identity and access management scenarios and technologies in more detail and are intended for readers with a technical background.

Chapter 4: Directory Services

This chapter discusses how the Microsoft Active Directory® directory service and Active Directory Application Mode (ADAM) provide LDAP, X.500, and multi-master replication services to form the foundation of an effective identity and access management infrastructure.

Chapter 5: Identity Life-Cycle Management

This chapter reviews the approaches for managing users, credentials, and entitlements. It discusses techniques and technologies for enabling user self service, delegated administration, identity integration, and provisioning.

Chapter 6: Access Management

This chapter expands on several concepts and describes the technologies that support them, including:

•	Authentication, single sign on, and credential mapping.
•	Authorization using role-based access control and access control lists.
•	Trust and federation.
•	Security auditing.

Chapter 7: Applications

Organizations frequently need to develop applications in-house or purchase applications to operate line-of-business processes. These applications should integrate well with the chosen directory and security services of an organization. This chapter discusses how applications can integrate with the Microsoft identity and access management platform, and reviews the techniques available for developers creating custom applications.