Retailer Deploys Virtual Identity ServerTM Enhancing the Value of the Microsoft Technology Stack for the Management of Corporate Identities
About The Customer
This retail focused customer has successfully deployed the Optimal IdM flagship virtual directory product Virtual Identity ServerTM (VIS) within their corporate environment, simplifying their identity management infrastructure. VIS provides a real‐time enterprise view of the data residing in multiple back‐end systems. This, in turn, provides them with a single point of management and control; while leveraging the investment in the existing Microsoft environment. VIS extends the Microsoft infrastructure components: Microsoft Identity Integration Server (MIIS), Identity Lifecycle Manager (ILM), Active Directory (AD) , Active Directory Lightweight Directory Services (ADLDS), and Active Directory Application Mode (ADAM) by decreasing the complexity associated with deploying third party LDAP‐enabled applications while also providing a single point of control and auditing.
MIIS / ILM provides the automated mechanism of provisioning and de‐provisioning of employees and contractors into the corporate systems. Employee and contractor data is pulled from the HR system (SAP) and is used to create identities and access into multiple systems such as: Active Directory, Exchange and Live Communication Server. Additional identity information is synchronized into ADAM to store custom application schema. The Virtual Identity Server dynamically joins the data existing in each of these systems and presents a single, real‐time enterprise virtual view of the data that the third party applications consume, without any code changes or extra configurations.
Challenges & Solutions
Manual Provisioning and De‐Provisioning – The customer needed an automated way to provision and de‐provision accounts and give access to systems for employees and contractors.
Solution: MIIS / ILM was deployed to provide the automated processes, which eliminated manual processes and reduced costs.
Schema Changes – Like many organizations, the customer needed to store and maintain third party schema changes but did not want to extend the Active Directory schema for each and every application and data needs.
Solution: An ADAM instance was deployed that stores any custom third party application data. VIS joins the data in real‐time from the ADAM instance with the data in the Active Directory instance for the application to consume. The result is a reduction in the number of LDAP objects being replicated. Data is joined at its source wherever it is authoritative.
Multiple Application Deployments – In order to use all corporate identity, applications needed to be deployed multiple times, forcing end‐users to use multiple user interfaces to manage identity data.
Solution: VIS provides single, merged real‐time view of the identity information contained in the ADAM and AD directories. VIS reduced the number of application deployments required by 50 percent (50%), eliminating cost and complexity.
Password synchronizations – With multiple LDAP identities, password synchronization was needed to allow users to utilize the same password.
Solution: VIS completely eliminated the need for password synchronization. When an authentication request is made to VIS, the password is validated against the user object in Active Directory. This, in turn, further simplifies the deployment and architecture.
Results
The diagram below details the architectural design at this customer. MIIS / ILM provides the automation mechanism to provision and de‐provision users’ access into systems. In addition, MIIS / ILM synchronizes data to and from SAP into Active Directory, ADAM and SQL Server. The Virtual Identity Server bridges the gap between enterprise applications that need identity formation and the various siloed directories that store user identity data. VIS provides a single enterprise view of the identity data, and is the enterprise hub of identity data for applications to consume.
