Microsoft Publicly Betas ID Lifecycle Management

At its Tech-Ed for Professionals summit, being held in Florida this week, Microsoft unveiled the first public beta version of Identity Lifecycle Manager 2.

This product will handle the entire identity life cycle, from provisioning new users to deployment to termination.

It provides a much-needed solution in the Microsoft (NASDAQ:MSFT) space in enterprises, but whether or not it’s acceptable by enterprises remains to be seen, because it will enable end users to manage their own identities, which raises security issues.

ILM 2, the codename for the successor to ILM 2007, will “deliver integrated identity management systems across heterogeneous systems and multiple audiences,” Douglas Leland, general manager, Microsoft’s identity and access business group, told

It will have a “powerful set of self-service capabilities for the end user and a suite of rich administrative tools and enhanced automation for IT professionals,” Leland added.

ILM2 will also have automated portals based on .NET frameworks and application programming interfaces (APIs) . The APIs will be based on Web Services standards

Being user-centric is “significant for Microsoft,” Leland said. The goal is to put users in control of the management of their identities and access privileges using Microsoft Windows and Office, “providing a consistent and familiar interface in a privacy-friendly way,” he added.

There will be no problem with supporting Windows XP, “because we support down-level as well” but “obviously you will get significant benefits as you move to Vista,” Leland said.

The user-centric approach puts Microsoft in the lead because “the state of the art is not providing meaningful tools for end users to manage their own profiles and entitlements,” Leland said.

That’s a point Bilhar Mann, CA’s senior vice president of security management, takes issue with.

“They say that, in listening to customers, they’ve identified a major flaw with other identity management products, in that users don’t have self service capabilities,” Mann told

“That’s not correct; we delegate the managing of identity and passwords to end users, and this feature’s in our shipping product now.”

Microsoft’s user-centric approach worries Kevin Kampmann, a senior analyst at The Burton Group. “The concept is interesting, but there are still issues around interoperability and putting mechanisms in place that make it viable,” he told

“Does the user want to do this?” he added. “And there’s a whole issue of trust on the enterprise side that needs to be dealt with.”

CA has got that angle covered: Earlier this week, it unveiled Security Compliance Manager and a slew of other products with identity management features.

Security Compliance Manager lets managers certify and attest to the access rights a user has. “A user can ask for access rights, but can’t get them without certification or approval by a manager,” Mann said. “It’s just like when an executive asks for a corporate credit card, there’s no way he’ll get it without a manager’s approval.”

CA’s identity management products also control access based on a user’s role in the corporation. For example, finance department staff won’t be able to get access to engineering applications and vice versa. “There’s control at the outset and there’s also a control chain,” Mann said.

ILM2 will let enterprises manage multiple credential types — passwords, identity certificates, smart cards and one time password devices, which will “provide significant cost savings and advantages in terms of security because you get an end to end view,” Leland said.

ILM2 also provides a policy management infrastructure. This will use Microsoft Active Directory as its repository and is based on the Windows Workflow Foundation.

It provides a user interface for creating workflows and policies. This lets users “select, drag, drop and create sophisticated workflows and policies through portals,” and allows policies to manage both Windows and non-Windows environments, Leland said.

The public beta of ILM2 shows that Microsoft is “getting serious about identity management in terms of the ability to provide a consistent management framework for identity information,” Burton Group’s Kampmann said.

Next page: Leveraging Microsoft solutions

Leveraging Microsoft solutions

While there are “a number of large identity vendors in this space” like Oracle (NASDAQ:ORCL), IBM (NASDAQ:IBM), CA (NASDAQ:CA) and Sun (NASDAQ:JAVA), “the opportunity for Microsoft is to put together a consistent suite of services around its own domain that the enterprise can leverage for managing Microsoft solutions,” he explained.

That’s been needed “for some time” and ILM2 not only consolidates Microsoft’s own space but gives it the chance to extend to other areas and coordinate its activity with partners, according to Kampmann.

Enterprise identity management players such as Sun, IBM, Oracle, Novell (NASDAQ:NOVL) and CA, which just announced some identity management products, have good products but the Microsoft space “does have nuances that require special attention” and Microsoft’s partners “recognize that taking care of Microsoft does give you specific benefits, Kampmann said.

One of those partners is Omada, a Microsoft solution provider for advanced role-based access control and compliance.

At Tech-Ed for Professionals, Omada unveiled the enhanced Omada Compliance Reporting Center Module beta 3, which builds on top of ILM2. One of eight modules in the Omada Identity Manager Solution, this makes security audits easier, faster and less expensive while improving the quality of compliance reporting, according to Omada.

The Omada Identity Manager integrates with ILM, Microsoft Active Directory and ERP systems from SAP (NASDAQ:SAP).

Omada “provides a management solution that leverages Microsoft technologies and understands how to tie them back into the business process,” Kampmann said.

Users will be able to host ILM2 on premise or access it in the cloud as a service, and Leland said it will be available in both the physical and virtual environments.

The back story

ILM2 is Microsoft’s umpteenth kick at the identity and access management can.

Back in July 2003, it unveiled Microsoft Identity Integration Server (MIIS) 2003, which was a revamped version of its Meta Directory Product, and unveiled its Identity and Access Management Solution Accelerator.

The latter was a set of guidelines created jointly with PricewaterhouseCoopers to help enterprises build and test identity management infrastructures.

Microsoft also entered partnerships with security infrastructure specialists and independent software vendors Oblix, now owned by Oracle, and OpenNetworks Technologies, acquired by BMC Software.

At the RSA Conference 2007, Microsoft outlined a roadmap for identity lifecycle management that would combine metadirectory, user provisioning and certificate management capabilities into one solution — ILM 2007 — that would be built on the capabilities in MIIS 2003 and Microsoft Certificate Lifecycle Manager.

The public beta of ILM2, beta 3, is late, having originally been scheduled to ship in February 2008 at the RSA Conference 2008, held in San Francisco.

A release candidate of ILM2 will be issued in the fourth quarter, and ILM2 will be released to manufacturing, which means burned on CDs and packaged, in the first quarter of 2009, according to Leland.

News Around the Web