万本电子书0元读

万本电子书0元读

顶部广告

Microsoft Identity Manager 2016 Handbook电子书

售       价:¥

60人正在读 | 0人评论 9.8

作       者:David Steadman,Jeff Ingalls

出  版  社:Packt Publishing

出版时间:2016-07-01

字       数:313.1万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
A complete handbook on Microsoft Identity Manager 2016 – from design considerations to operational best practices About This Book Get to grips with the basics of identity management and get acquainted with the MIM components and functionalities Discover the newly-introduced product features and how they can help your organization A step-by-step guide to enhance your foundational skills in using Microsoft Identity Manager from those who have taught and supported large and small enterprise customers Who This Book Is For If you are an architect or a developer who wants to deploy, manage, and operate Microsoft Identity Manager 2016, then this book is for you. This book will also help the technical decision makers who want to improve their knowledge of Microsoft Identity Manager 2016. A basic understanding of Microsoft-based infrastructure using Active Directory is expected. Identity management beginners and experts alike will be able to apply the examples and scenarios to solve real-world customer problems. What You Will Learn Install MIM components Find out about the MIM synchronization, its configuration settings, and advantages Get to grips with the MIM service capabilities and develop custom activities Use the MIM Portal to provision and manage an account Mitigate access escalation and lateral movement risks using privileged access management Configure client certificate management and its detailed permission model Troubleshoot MIM components by enabling logging and reviewing logs Back up and restore the MIM 2015 configuration Discover more about periodic purging and the coding best practices In Detail Microsoft Identity Manager 2016 is Microsoft’s solution to identity management. When fully installed, the product utilizes SQL, SharePoint, IIS, web services, the .NET Framework, and SCSM to name a few, allowing it to be customized to meet nearly every business requirement. The book is divided into 15 chapters and begins with an overview of the product, what it does, and what it does not do. To better understand the concepts in MIM, we introduce a fictitious company and their problems and goals, then build an identity solutions to fit those goals. Over the course of this book, we cover topics such as MIM installation and configuration, user and group management options, self-service solutions, role-based access control, reducing security threats, and finally operational troubleshooting and best practices. By the end of this book, you will have gained the necessary skills to deploy, manage and operate Microsoft Identity Manager 2016 to meet your business requirements and solve real-world customer problems. Style and approach The concepts in the book are explained and illustrated with the help of screenshots as much as possible. We strive for readability and provide you with step-by-step instructions on the installation, configuration, and operation of the product. Throughout the book, you will be provided on-the-field knowledge that you won’t get from whitepapers and help files.
目录展开

Microsoft Identity Manager 2016 Handbook

Table of Contents

Microsoft Identity Manager 2016 Handbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Instant updates on new Packt books

Preface

The story in this book

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

1. Overview of Microsoft Identity Manager 2016

The Financial Company

The challenges

Provisioning of users

The identity life cycle procedures

Highly privileged accounts (HPA)

Password management

Traceability

The environment

Moving forward

The history of Microsoft Identity 2016

Components at a glance

MIM Synchronization Service

MIM Portal and Service

MIM Certificate Management

Role-Based Access Control (RBAC) with BHOLD

MIM Reporting

Privilege Access Management

Licensing

Summary

2. Installation

Capacity planning

eparating roles

Databases

MIM features

Hardware

Installation order

Prerequisites

Databases

Collation and languages

SQL aliases

SQL

SCSM

Web servers

MIM Portal

MIM password reset

MIM Certificate Management

MIM Service accounts and groups

The Kerberos configuration

SETSPN

Delegation

Installation

The MIM Synchronization service

The System Center Service Manager console

SharePoint Foundation

The MIM service and the MIM portal

The MIM Password Reset portal

MIM certificate management

SCSM management

SCSM Data Warehouse

Post-installation configuration

Granting the MIM service access to MIM Sync

Securing the MIM Service mailbox

Disabling indexing in SharePoint

Redirecting to IdentityManagement

Enforcing Kerberos

Editing binding in IIS for MIM Password sites

Registering the SCSM manager in data warehouse

MIM post-install scripts for data warehouse

Summary

3. MIM Sync Configuration

MIM Synchronization interface

Creating Management Agents

Active Directory

Least-privileged approach

Directory replication

Password reset

Creating AD MA

HR (SQL Server)

Creating an SQL MA

Creating a rules extension

The Metaverse rules extension

Indexing Metaverse attributes

Creating run profiles

Single or multi step

Schema management

MIM Sync versus MIM Service schema

Object deletion in MV

Initial load versus scheduled runs

Maintenance mode for production

Disabling maintenance mode

Summary

4. MIM Service Configuration

MIM Service request processing

The management policy

Service partitions

Included authentication, authorization, and action activities

Authentication activities

Authorization activities

Action activities

The MIM Service Management Agent

The MIM Service MA

Creating the FIM Service MA

The MIM MA filtering accounts

Understanding the portal and UI

Portal configuration

The navigation bar resource

Search scopes

Filter permissions

Resource Control Display Configurations

Custom activities development

Summary

5. User Management

Additional sync engine information

Portal MPRs for user management

Configuring sets for user management

Inbound synchronization rules

Outbound synchronization rules

Outbound Synchronization Policy

Outbound System Scoping Filter

Detected Rule Entry

Provisioning

Non-declarative provisioning

Managing users in a phone system

Managing users in Active Directory

The userAccountControl attribute

Provisioning users to Active Directory

Synchronization rule

Creating the set

Setting up the workflow

Creating the MPR

Inbound synchronization from AD

Temporal sets

Self-service using MIM Portal

Managers can see direct reports

Allowing users to manage their own attributes

Managing Exchange

Exchange 2007

Exchange 2010 and later

Synchronization rules for Exchange

Mailbox users

Mail-enabled users

More considerations

Summary

6. Group Management

Group scope and types

Active Directory

Group scope and type in MIM

Type

Scope

Member selection

Manual groups

Manager-based groups

Criteria-based groups

Modifying MPRs for group management

Managing groups in AD

Security and distribution groups

Synchronization rule

Installing client add-ins

Add-ins and extensions

Creating and managing distribution groups

Summary

7. Role-Based Access Control with BHOLD

Role-based access control

BHOLD role model objects

Organizational units

Users

Roles

Permissions

Applications

Other advanced features

Installation

BHOLD Core and other components

MIM/FIM Integration install

Patching

Access Management Connector

Creating the ODBC connection file

Creating the generic SQL connector for the BHOLD orgunit

Creating run profiles

Creating a BHOLD connector and sync rules

MIM/FIM Integration

Attestation

Reporting

Summary

8. Reducing Threats with PAM

Why deploy PAM?

PAM components

How does it work?

System requirements

Considerations

Our scenario

Preparing TFC

Preparing PRIV

Preparing the PAM server

Installing PAM

Installing PAM PowerShell cmdlets

DNS, trust, and permissions

Privileged groups, users, and roles

User experience

PAM in the MIM service

The sample PAM portal

Multi-factor authentication

Summary

9. Password Management

SSPR background

QA versus OTP

Installing self-service password reset

Enabling password management in AD

Allowing MIM Service to set passwords

Configuring MIM Service

Password Reset Users Set

Password Reset AuthN workflow

Configuring the QA gate

The OTP gate

The Phone gate

Require re-registration

SSPR MPRs

The SSPR user experience

SSPR lockout

Password synchronization

Password Change Notification Service

Summary

10. Overview of Certificate Management

What is certificate management?

Certificate management components

Certificate management agents

The certificate management permission model

Creating service accounts

Service Connection Point

The Active Directory extended permissions

The certificate templates permission

The profile template permission

The management policy permission

The software management policy

The smart card management policy

Summary

11. Installation and the Client Side of Certificate Management

Installation and configuration

Extending the schema

The configuration wizard

Creating certificate templates for MIM CM service accounts

The MIM CM User Agent certificate template

The MIM CM Enrollment Agent certificate template

The MIM CM Key Recovery Agent certificate template

Enabling the templates

Require SSL on the CM portal

Kerberos… oh, what a world!

Running the wizard

Backup certificates

Rerunning the wizard

The accounts

The database

Configuring the MIM CM Update service

Database permissions

Configuring the CA

Installing the MIM CM CA files

Configuring the Policy Module

Certificate management clients

Installing the MIM CM client

Modern App deployment and configuration

Configuration and deployment

Summary

12. Certificate Management Scenarios

Modern app and TPM virtual smart card

Creating a certificate template

Creating the profile

Testing the scenario

Using support for Non-MIM CM

Creating the software certificate

Creating the profile

Testing the scenario

Multiforest configuration

Step 1 – CM DNS setup

Step 2 – CM domain trust and configuration

Step 3 – CM forest configuration

Step 4 – CM enrollment configuration

ADFS configuration

Step 1 – the CM installation and prerequisites

Step 2 – the configuration wizard

Step 3 – continued configuration

Step 4 – the final test

Models at a glance

The centralized management model

The self-service model

The manager-initiated model

Summary

13. Reporting

Verifying the SCSM setup

Synchronizing data from MIM to SCSM

Default reports

The SCSM ETL process

Looking at reports

Allowing users to read reports

Modifying reports

Hybrid reporting in Azure

Summary

14. Troubleshooting

The basics

Operation statistics

A simple data problem

Rule extension debugging and logging

Rule extension logging

MIM service request failures

Debugging a custom activity

Increasing application logging

Password change notification service

Summary

15. Operations and Best Practices

Expectations versus reality

Automating run profiles

Best practices concepts

Backup and restore

Backing up the synchronization encryption key

Restoring the MIM synchronization DB

Restoring the MIM service DB and portal

Additional backup considerations

Operational health

Database maintenance

SQL best practices

MIM synchronization best practices

MIM portal best practices

Other best practices

Summary

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部