Microsoft Identity Manager 2016 Handbook by Steadman, David -- Read -- Imperial Library of Trantor

Log In

Or create an account ->

Imperial Library

Home
About
News
Upload
Forum

Help

Login/SignUp

Index

Microsoft Identity Manager 2016 Handbook Credits About the Authors About the Reviewers www.PacktPub.com eBooks, discount offers, and more Why subscribe? Instant updates on new Packt books Preface The story in this book What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the color images of this book Errata Piracy Questions 1. Overview of Microsoft Identity Manager 2016 The Financial Company The challenges Provisioning of users The identity life cycle procedures Highly privileged accounts (HPA) Password management Traceability The environment Moving forward The history of Microsoft Identity 2016 Components at a glance MIM Synchronization Service MIM Portal and Service MIM Certificate Management Role-Based Access Control (RBAC) with BHOLD MIM Reporting Privilege Access Management Licensing Summary 2. Installation Capacity planning eparating roles Databases MIM features Hardware Installation order Prerequisites Databases Collation and languages SQL aliases SQL SCSM Web servers MIM Portal MIM password reset MIM Certificate Management MIM Service accounts and groups The Kerberos configuration SETSPN Delegation Installation The MIM Synchronization service The System Center Service Manager console SharePoint Foundation The MIM service and the MIM portal The MIM Password Reset portal MIM certificate management SCSM management SCSM Data Warehouse Post-installation configuration Granting the MIM service access to MIM Sync Securing the MIM Service mailbox Disabling indexing in SharePoint Redirecting to IdentityManagement Enforcing Kerberos Editing binding in IIS for MIM Password sites Registering the SCSM manager in data warehouse MIM post-install scripts for data warehouse Summary 3. MIM Sync Configuration MIM Synchronization interface Creating Management Agents Active Directory Least-privileged approach Directory replication Password reset Creating AD MA HR (SQL Server) Creating an SQL MA Creating a rules extension The Metaverse rules extension Indexing Metaverse attributes Creating run profiles Single or multi step Schema management MIM Sync versus MIM Service schema Object deletion in MV Initial load versus scheduled runs Maintenance mode for production Disabling maintenance mode Summary 4. MIM Service Configuration MIM Service request processing The management policy Service partitions Included authentication, authorization, and action activities Authentication activities Authorization activities Action activities The MIM Service Management Agent The MIM Service MA Creating the FIM Service MA The MIM MA filtering accounts Understanding the portal and UI Portal configuration The navigation bar resource Search scopes Filter permissions Resource Control Display Configurations Custom activities development Summary 5. User Management Additional sync engine information Portal MPRs for user management Configuring sets for user management Inbound synchronization rules Outbound synchronization rules Outbound Synchronization Policy Outbound System Scoping Filter Detected Rule Entry Provisioning Non-declarative provisioning Managing users in a phone system Managing users in Active Directory The userAccountControl attribute Provisioning users to Active Directory Synchronization rule Creating the set Setting up the workflow Creating the MPR Inbound synchronization from AD Temporal sets Self-service using MIM Portal Managers can see direct reports Allowing users to manage their own attributes Managing Exchange Exchange 2007 Exchange 2010 and later Synchronization rules for Exchange Mailbox users Mail-enabled users More considerations Summary 6. Group Management Group scope and types Active Directory Group scope and type in MIM Type Scope Member selection Manual groups Manager-based groups Criteria-based groups Modifying MPRs for group management Managing groups in AD Security and distribution groups Synchronization rule Installing client add-ins Add-ins and extensions Creating and managing distribution groups Summary 7. Role-Based Access Control with BHOLD Role-based access control BHOLD role model objects Organizational units Users Roles Permissions Applications Other advanced features Installation BHOLD Core and other components MIM/FIM Integration install Patching Access Management Connector Creating the ODBC connection file Creating the generic SQL connector for the BHOLD orgunit Creating run profiles Creating a BHOLD connector and sync rules MIM/FIM Integration Attestation Reporting Summary 8. Reducing Threats with PAM Why deploy PAM? PAM components How does it work? System requirements Considerations Our scenario Preparing TFC Preparing PRIV Preparing the PAM server Installing PAM Installing PAM PowerShell cmdlets DNS, trust, and permissions Privileged groups, users, and roles User experience PAM in the MIM service The sample PAM portal Multi-factor authentication Summary 9. Password Management SSPR background QA versus OTP Installing self-service password reset Enabling password management in AD Allowing MIM Service to set passwords Configuring MIM Service Password Reset Users Set Password Reset AuthN workflow Configuring the QA gate The OTP gate The Phone gate Require re-registration SSPR MPRs The SSPR user experience SSPR lockout Password synchronization Password Change Notification Service Summary 10. Overview of Certificate Management What is certificate management? Certificate management components Certificate management agents The certificate management permission model Creating service accounts Service Connection Point The Active Directory extended permissions The certificate templates permission The profile template permission The management policy permission The software management policy The smart card management policy Summary 11. Installation and the Client Side of Certificate Management Installation and configuration Extending the schema The configuration wizard Creating certificate templates for MIM CM service accounts The MIM CM User Agent certificate template The MIM CM Enrollment Agent certificate template The MIM CM Key Recovery Agent certificate template Enabling the templates Require SSL on the CM portal Kerberos… oh, what a world! Running the wizard Backup certificates Rerunning the wizard The accounts The database Configuring the MIM CM Update service Database permissions Configuring the CA Installing the MIM CM CA files Configuring the Policy Module Certificate management clients Installing the MIM CM client Modern App deployment and configuration Configuration and deployment Summary 12. Certificate Management Scenarios Modern app and TPM virtual smart card Creating a certificate template Creating the profile Testing the scenario Using support for Non-MIM CM Creating the software certificate Creating the profile Testing the scenario Multiforest configuration Step 1 – CM DNS setup Step 2 – CM domain trust and configuration Step 3 – CM forest configuration Step 4 – CM enrollment configuration ADFS configuration Step 1 – the CM installation and prerequisites Step 2 – the configuration wizard Step 3 – continued configuration Step 4 – the final test Models at a glance The centralized management model The self-service model The manager-initiated model Summary 13. Reporting Verifying the SCSM setup Synchronizing data from MIM to SCSM Default reports The SCSM ETL process Looking at reports Allowing users to read reports Modifying reports Hybrid reporting in Azure Summary 14. Troubleshooting The basics Operation statistics A simple data problem Rule extension debugging and logging Rule extension logging MIM service request failures Debugging a custom activity Increasing application logging Password change notification service Summary 15. Operations and Best Practices Expectations versus reality Automating run profiles Best practices concepts Backup and restore Backing up the synchronization encryption key Restoring the MIM synchronization DB Restoring the MIM service DB and portal Additional backup considerations Operational health Database maintenance SQL best practices MIM synchronization best practices MIM portal best practices Other best practices Summary Index

← Prev
Back
Next →

← Prev
Back
Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion