Microsoft Identity Lifecycle Manager 2007 FP1 Product Overview
Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1) enables IT organizations to reduce the cost of managing the identity and access life cycle by providing a single view of a user's identity across the heterogeneous enterprise and through the automation of common tasks. ILM 2007 FP1 builds on the metadirectory and user provisioning capabilities in Microsoft Identity Integration Server (MIIS) 2003 and adds new capabilities for managing strong credentials such as smartcards, providing an integrated approach that pulls together metadirectory, certificate and password management, and user provisioning across Windows® and other enterprise systems.
ILM 2007 FP1 simplifies the process of matching and managing identity records from disparate data repositories, and prevents anomalies, such as active records for employees who have left the organization. ILM 2007 FP1 provides IT with a policy framework to control and track the identity and access data that helps manage compliance. It also includes self-help tools for end users, enabling IT to improve efficiency by securely delegating many tasks to end users. Another key feature of ILM 2007 FP1 is that it includes a Windows-based certificate management solution that integrates with the Windows Server 2003 operating system and Active Directory® to provide a turnkey solution for managing the end-to-end life cycle of smart cards and digital certificates for the Windows Server 2003 Certificate Authority.
On This Page
 | Key Benefits |
| Connectivity Capabilities |
| How Identity Lifecycle Manager 2007 FP1 Works |
| System Requirements |
Key Benefits
ILM 2007 FP1 is designed to simplify and automate some of the most costly aspects of Identity Lifecycle Management. ILM 2007 FP1 enables organization to:
| • | Synchronize Identity Information. Organizations that have many different directories and other data repositories such as a Human Resources (HR) data repository, mainframe systems, or databases, can use ILM 2007 FP1 to synchronize user accounts and attributes in all of those systems, including synchronization of passwords. Directory synchronization saves time and money that is currently spent on keeping data consistent and enforcing data ownership rules. |
| • | Provision and Deprovision Users. In many organizations, information about new employees is entered in a HR database first. Then, the IT department creates user accounts, mailboxes, and other identity information in different database systems. ILM 2007 FP1 automatically creates these user accounts, mailboxes, and other identity information in target systems in real-time so new employees are productive immediately, and also ensures that corporate resource access is instantly revoked for employees who leave the organization. |
| • | Manage Certificates and Smart Cards. ILM 2007 FP1 includes a workflow and policy based solution that enables organizations to easily manage the life cycle of digital certificates and smart cards. ILM 2007 FP1 leverages Active Directory Directory Services and Active Directory Certificate Services to provision digital certificates and smart cards, with automated workflow to manage the entire life cycle of certificate-based credentials. ILM 2007 FP1 significantly lowers the costs associated with digital certificates and smart cards by enabling organizations to more efficiently deploy, manage, and maintain a certificate-based infrastructure. It also streamlines the provisioning, configuration, and management of digital certificates and smart cards, while increasing security through strong, multifactor authentication technology. |
| Key Benefits of ILM 2007 FP1 | |
| Feature | Benefit |
Synchronize Identity Information | Organizations benefit from improved IT productivity and reduced administrative costs as identity data is kept up to date across an enterprise without manual updates. |
Provision User Accounts | End users can be more productive by accessing needed systems faster while corporate security is improved as employees' access to systems is automatically terminated when they leave. Administrators benefit from having these processes automated which improves their own productivity and helps to lower administrative costs. |
Manage Certificates and Smart Cards | ILM 2007 FP1 reduces the costs associated with digital certificates and smart cards by enabling organizations to more efficiently deploy, manage, and maintain a certificate-based infrastructure. IT benefits through streamlined provisioning, deprovisioning, configuration, and auditing of digital certificates and smart cards, along with increased security through the use of strong, multi-factor authentication technology. |
Connectivity Capabilities
ILM 2007 FP1 creates and distributes an integrated view of identity information from multiple data sources. Broad connectivity capabilities give you the power to connect to the plethora of disparate identity information sources in your company-all without the need to install software of any kind on the target systems.
| Connectivity Capabilities of ILM 2007 FP1 | |
| Type of System | Management Agents |
Network Operating Systems and Directory Services |
Microsoft Active Directory Windows Server 2003 R2, 2003, and 2000
|
Mainframe |
IBM Resource Access Control Facility
|
Email and Messaging |
Microsoft Exchange 2007, 2003, 2000, and 5.5
|
Applications |
SAP 5.0 and 4.7
|
Databases |
Microsoft SQL Server 2005, 2000, and 7
|
File-Based |
Attribute value Pairs
|
All Other | Extensible Management Agent for connectivity to all other systems |
How Identity Lifecycle Manager 2007 FP1 Works
ILM 2007 FP1 has two central components, one that includes metadirectory and user provisioning capabilities and another for certificate and smart card management.
Identity Synchronization and User Provisioning
The identity synchronization and user provisioning component of ILM 2007 FP1 manages identity information across multiple stores by aggregating this information in a central repository called the metaverse. Management agents serve as connectors that translate data from these connected stores to the metaverse. For example, the e-mail system can be linked to its HR database through the metaverse. When an employee joining the organization is added to the HR database, ILM 2007 FP1 can automatically provision that employee to the e-mail system. Each employee's attributes, from the e-mail system and the HR database, are imported into the connector space through management agents.
The e-mail system can then use individual attributes, from the employee entry that originated in the HR database, such as the employee telephone number. If an employee's telephone number changes in the HR database, the new number will automatically be propagated to the e-mail system.
Certificate and Smart Card Management
ILM 2007 FP1 also provides sophisticated credential management features to Windows Server 2003 Certificate Authorities (CA) by acting as an administrative proxy. Once installed within an organization, all digital certificate and smartcard management functions pass through ILM 2007 FP1.
The certificate management solution in ILM 2007 FP1 consists of three components:
1. | Server component: Provides a Web interface and is the focal point of administrative functions. | ||||||
2. | Certificate Authority plug-in: Communicates with the server, controls the behavior of the CA(s), and provide rich logging and auditing in a central location. | ||||||
3. | Client-side components:
|
System Requirements
To use Microsoft Identity Lifecycle Manager, you need Windows Server 2003, Enterprise Edition and SQL Server 2005 or 2000, Standard or Enterprise Edition. Visit the FAQ page for a complete list of system requirements.