Microsoft Forefront Identity Manager (FIM)

Management of access rights and personal data of employees is one of the most labor-intensive tasks in which solution most divisions of the company is engaged: personnel department, services of economic and information security, heads of divisions, employees of IT and others. Implementation of software products on management of corporate identification data allows to automate these processes and also promotes formation of more clear and effective model of interaction of service IT with users.

Microsoft Forefront Identity Manager 2010 (FIM) is the application providing management of the identification information of employees. It allows to automate and transfer process of management of accounts and access rights of users to information resources of the company to qualitatively new level, strictly providing the most secure access both to "cloud" services, and to internal corporate resources, practically from any place of connection to the Internet and using different types of devices.

FIM simplifies processes of management of identification and access for users thanks to a self-service portal of users and the whole tool kit for administrators, automate standard tasks of management of accounts, passwords, groups and mailing lists and also digital certificates of users. Means of a self-service portal help users to make independently change requests of access rights and transaction with personal data.

Implementation of FIM is especially effective if:

• The company gives a part of business functions on outsourcing: there is a routine of the personnel in separate organization structures
• The company actively develops: the number of users steadily increases (there are already more than 500 employees working in information systems)
• In the company there are no tools for change tracking of access rights: there are significant risks of unauthorized access to important corporate information

Having implemented FIM, you receive:

• Tools for effective ensuring process, such, as:
  • Command center identification data of users
  • The uniform instrument of control and audit of powers of employees in information systems
  • Model and repository of access rights of employees
  • Module of providing basic functions of solutions of the class ServiceDesk
  • The platform for ensuring processes of approval and processing of the user requests (including access rights of employees)
  • The data warehouse about the freelance staff of the company

• Advantages in information security field:
  • Access rights of each employee are automatically determined and controlled according to required business logic
  • All changes of powers of employees are automatically traced and fixed

How does FIM work?

FIM provides itself the flexible platform which is giving opportunities for integration into any user solutions and having the potential for scaling at the enterprises of big and medium business. At basic level there is a set of the built-in connectors to LDAP directories (including AD), to the mail systems (Exchange and Lotus Notes), to SAP/R3 and other solutions of the leading vendors. At deployment of service SharePoint, FIM provides user-friendly interfaces of administration and ensuring different business processes using the FIM portal.

Thus, this software solution allows to increase considerably process performance of management of accounts and access rights of employees, to lower operating costs of the companies on ensuring similar processes and to increase performance of IT service. As well as any automation of standard processes, implementation of FIM directly affects the general company competitiveness.

Forefront Identity Manager 2010 R2

This system can be used in Windows Wednesdays and heterogeneous networks. Besides, it is one of seven products creating a line of the corporate solutions Microsoft Forefront for information security support commercially.

The intermediate release of R2 of a packet of Identity Manager 2010 has two key differences from the previous version. In particular, the version of R2 includes the improved self-service mechanism at reset of passwords for end users. Besides, the version of R2 offers IT specialists expanded control in determination of role access rights to network resources.

Role access control in release of Forefront Identity Manager 2010 R2 is created based on the technologies received by Microsoft company as a result of Bhold Software company takeover in September, 2011. After the adaptation period corporate Bhold technologies are included in structure of a packet of Identity Manager 2010 R2 and give to customers an opportunity to set and control access on the basis of the roles appointed to users. It is interesting that during the company takeover of Bhold of analytics from the Gartner agency specified that this technology lacks technologies of Microsoft for check of the identity of users and control of access rights.

Representatives of Microsoft mention technologies of Bhold company in general as a packet of "Microsoft Bhold Suite". This set of technologies includes role access control, certification of users, analytics, reports, integration into the FIM platform and purpose of access rights through a packet of FIM. The Microsoft Bhold Suite set was released as a separate product in May of this year so now buyers of new release of Identity Management 2010 R2 in the built-in form, or users of the previous release of FIM 2010 with the current contract Software Assurance can receive it.

According to representatives of Microsoft, the packet of Identity Management 2010 R2 offers much the improved functions for reset of passwords in the self-service mode. Now this mechanism works in the majority of popular web browsers, however the exact list of compatible browsers is not provided – only Internet Explorer is mentioned. Besides, reset of passwords works in the self-service mode in an extranet networks now that provides the improved support for mobile users.

From other innovations in a packet of Identity Manager 2010 R2 It should be noted use of the databank System Center Service Manager Data Warehouse for storage of the reporting. Reports generation can be executed using service SQL Server Reporting Services now.