Skip to main content

Microsoft Architecture for Identity & Access Management (IAM) - Part 1 - Overview

September 05, 2012

For the past year and a half, Microsoft has created and gone to market with a suite of products that allow for Identity and Access Management (IAM) architecture to be successful for Microsoft infrastructure clients. Although the products that support the architecture have been available for a few years, only a few organizations have deployed the complete architecture. This type of architecture will support a large infrastructure and a growing number of users within an organization, but also a growing number of federated clients.

There are three Microsoft products, and a fourth product — Virtual Identity Server by Optimal IdM — to support the architecture. The Microsoft products include Forefront Identity Manager 2010 (FIM 2010), Active Directory Federation Services (ADFS2), Unified Access Gateway (UAG) and Virtual Identity Server (VIS). It’s worth noting that Microsoft recently released the R2 version of FIM 2010, which now includes their recently acquired Identity Governance solution, BHOLD.

Through a series of 6Labs blogs, we’ll examine how a collection of products can help organizations successfully use existing and new Microsoft technology to support a complete IAM infrastructure. (Please note this is not a technology recommendation, but rather the intention is to educate how Microsoft solves issues for IAM.) This will include Basic Identity Management (Provisioning, De-Provisioning, Role Management, etc.), web-based Access Control and Federation.

Microsoft Architecture

This illustration covers all of the fundamental IAM services and represents a Microsoft-based solution. 

Single Sign-On (SSO) and Access Control is represented by two pieces of technology: for Federation Services, Active Directory Federation Services 2.0 (ADFS2) provides standard SAML 2.0 compliance and WS* Federation compliance. Additionally, complex claims augmentations can be supported by Virtual Identity Server (VIS). This allows for an easier management of claims without complex scripting to support claims augmentation. Unified Access Gateway (UAG) allows for the organization to provide SSO to external users for web-based applications hosted by the client. UAG brings other services, but for the purpose of this discussion we will limit it to the SSO capabilities.

Identity Management is provided by FIM 2010, which includes User Management across disparate systems. In the illustration, two Active Directory Forests — without trusts established — can be managed. FIM 2010 provides an interface for User Management, externally and internally, if necessary. Finally, Access Request can be managed via the FIM Portal. These Access Requests can be for any data system supported by FIM directly or indirectly.

Further detail for each of these systems will be discussed in subsequent posts, so please check back soon.

Continue to Part 2

Related Blogs

October 22, 2012

Microsoft Architecture for Identity & Access Management (IAM) - Part 2 - Federation

Federation has become one of many standards applied to Single Sign-On (SSO) by organizations; this would include locally hosted claims-aware applicati...

See Details

January 13, 2016

I Want the Cloud, But Where Do I Start?

… It is a question many admins and technology professionals are starting to ask. Well, to be fair, as long as ‘The Cloud’ has been a buzzword, people...

See Details

December 23, 2013

Are You On Cloud Nine Yet?

CIOs and CTOs looking to reduce costs, drive innovation and maintain a strategic advantage over their competitors can’t afford to overlook the cloud. ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

January 26, 2018

Identity and Access Management Solutions

We help you minimize risk and maximize efficiency with our IAM solutions.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

June 04, 2014

Managing Third-Party Risk

Today, most organizations are outsourcing critical business operations to third parties. While internal business activities present a level of risk, t...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.