Posted by: Bcournoyer
Identity and Access Management, Windows Server
Another product that will be given a fair amount of attention at Tech-Ed this year is Microsoft’s Identity Lifecycle Manager “2”, which the company has just recently renamed Forefront Identity Manager 2010. As you might expect from the name, it isn’t expected to be officially released until Q1 of next year (though it was briefly dubbed Identity Manager 2009 at one point).
I spoke recently with Laura E. Hunter, an author and identity management guru based in Pennsylvania, who has spent a lot of time recently at Microsoft headquarters. She said that the current RC is feature complete, and the company is currently working on tweaks and bug fixes to get it ready for RTM.
She stressed that ILM “2” is still an incremental build, much like Identity Lifecycle Manager 2007 was. However, in addition to all the functionality of its predecessors (including Exchange Server support), the new version will include some interesting new capabilities. Most notable of these new features is a SharePoint-based Web portal designed to create a unified front end for managing not only users and groups, but policies as well.
I also asked her about some of the self-service capabilities being touted by Microsoft, which should simplify group management (users can request to be added to groups themselves) and of course, password reset. For the latter, a cool new layer has been added recently. Basically, if a user needs a new password for whatever reason, they’ll still have to answer some verification questions (the old “What’s your mother’s maiden name?”), but will not have the ability to create their own new password. Instead, the system will create a new one for them and text it to their cell phones, adding a little more security to the process. That is unless your computer happens to be hijacked on the same day that your cell phone is stolen — but that’s hopefully not too likely.
She also said that ILM “2” should fill in a few of the holes that some IT pros have complained about regarding lack of certain functionality in previous versions. Another source I spoke to concurred, saying the workflow alone makes it worth checking out. He added that this is the first time Microsoft has really addressed identity-level change control.