The world of identity management (IdM) is very broad with many angles for misinterpretation. For those who know me, I frequently refer to identity management NOT as a product but a framework. For the past 3 years, the world of identity has been my home which has allowed me to work on some very challenging projects and do some very cool things with a variety of clients across all industries. As with many like me that enjoy the intoxication for managing the digital identity, my journey started with learning Microsoft Identity Integration Server 2003 (MIIS 2003). To this day, I get asked and I still see many questions on the forums looking for guidance on where to start researching….although there is much more documentation and resources out now, it is still kind of all scattered which can definitely frustrate the new comers. I'm going to attempt to list the key documents that provide the best details for starting off an identity and access management career. BTW – If you find this article of interest and find other documents which should be included that I may have missed, please email me and let me know.
The first step is to get a generalization of what identity management is. There are many web casts out now which may ignite the curiosity, however many are in the mists of identity chaos without even realizing it. A very good 15 page document which provides a quick and neutral introduction to IdM is, Spencer Lee's "An introduction to Identity Management."
Additionally, there are many key sites that speak on MIIS and Identity Management. Just googling "MIIS 2003," you're bound to come up on MIISExperts.org which can be considered the "Holy Grail" of MIIS sites. This site probably provides the most information next to MSDN.
The FAQs on MIISExperts.org answers the question of how do I learn IdM by doing 3 things:
- Take the time to get trained.
- Read the FAQs
- Join the newsgroups and start lurking, or jump right in and start posting questions.
In the old days, all we had was the MMSUG newsgroup and a few technical documents; today the online resources unlock a treasure of information and it's just a matter of investing the time in learning the technology and understanding how and where to apply it. For many, the best way is attending the official course provided the by the boys from OCG. These courses are worth every penny because not only do you learn from experts in the field of IdM; they are the authors of the official curriculum and active implementers in the field. There are more course offered, however the
For on-line resources, obviously you can look to the product's homepage; however most of the key documentation probably of value to you would be in the Microsoft Identity Integration Server Technical Library. Here you'll find guidance in properly planning, designing, deploying and maintaining an MIIS implementation.
- Planning and Architecture (Use this documentation set as you plan your MIIS 2003 deployment to help you design the most secure and optimal MIIS solution for your needs, initiate your project, design the system data flow, plan synchronization rules, and address configuration settings.)
- Deployment (Includes information about recommended deployment scenarios for MIIS 2003 including how to upgrade from the previous versions and also solution guides that provide deployment information for uncommon scenarios)
- Operations (This documentation set includes "How To" guides and other documents that provide discussions and recommended solutions for specific challenges that you encounter when using MIIS 2003.)
- Technical Reference (This documentation set provides in-depth information about MIIS 2003 components, architecture, identity management process, synchronization rules, run profiles, and details about event-based and state-based identity management architectures.)
- Development (Administrators and developers can create rules extensions that use the Microsoft .NET Framework. To understand the information in this Developer Reference, you must be well familiar with MIIS 2003. )
Once the foundation is set, you'll probably be extremely anxious to get this thing running to cure all your pains from the sickness of identity chaos. Well, the best way is to use the walk-troughs. This collection of documents is really good because it allows you to install and configure each function of MIIS from general identity synchronization to password management topic. After completing the scenario walkthroughs, you can proceed with the more advanced Microsoft Identity and Access Management Series 1.4. This collection provides a very true configuration for and enterprise implementation of MIIS. Additionally the sample code can be used as a reference to build your own solutions.
MIIS 2003 Scenario Walkthroughs (Download from source)
Microsoft Identity and Access Management Series 1.4
Note: For a more technical collection of documents for techniques, you should review the following functional and design documentation. This set details the essential concepts of event- and state-based architectures and the core components, architecture, identity management process, synchronization rules, and run profiles featured in MIIS 2003
Microsoft Identity Integration Server 2003 Functional and Operational Reference
A summary of the design concepts typical in any MIIS implementation is addressed in these documents.
- MIIS 2003 Design Concepts for Reference Attributes
This document explains how reference attributes are processed by MIIS 2003 for direct attribute mapping scenarios and provides a conceptual explanation of a custom solution for advanced mapped reference attributes. It also includes design recommendations for both direct and advanced mapped attributes. - MIIS 2003 Design Concepts for Correlating Digital Identities
This document discusses considerations for mapping attributes across different identities and configuring joins based on your business requirements. It introduces the concept of Correlation ID and explains how you can deploy a Correlation ID to establish strong object relationships in your identity integration solution. - MIIS 2003 Design Concepts for Implementing IFunctions
This document introduces the concept of object-level identity functions (IFunctions) in an identity integration scenario, discusses possible implementation options, and also provides implementation recommendations. - MIIS 2003 Design Concepts for Implementing Reverse Joins
This document discusses some of the common reverse join implementation approaches for synchronizing identity objects in MIIS 2003. It provides two solutions for implementing reverse joins- reverse joins based on Transient management agents and reverse joins based on Auxiliary management agents. - MIIS 2003 Design Concepts for Advanced Solution Components
In this document, you will learn about "process-level attributes" and "conditional metaverse objects" to improve the convergence efficiency of the identity integration process, and how you can use "operational management agents" to isolate metaverse objects requiring special attention. The "auxiliary management agents" section discusses how you can implement a custom reprocessing solution.
Once you've become proficient in MIIS, of course there's a learning path for this profession. It's always been my belief that although Identity Management is typically used to support application authentication and authorization, it's heavily influences and complements the security of any infrastructure. Microsoft recently published the learning paths for each practice as seen in the attached link. Additionally, this link contains all the on-demand web casts published for Identity and Access Management.
- Learning Paths for Security (Identity and Access Management)
- Identity and Access Management Learning Resources
Now that you're a pro at identity management, join the newsgroups and start contributing to the communities!
- [Forum] Yahoo MIIS Users Group
- [Forum] TechNet Forums – MIIS
- [News Group] Discussions in microsoft.public.metadirectory
Because the identity management is still evolving, there is still a lot of information to learn. This technology is like a living creature that grows as fast as innovations permits it. The upcoming versions ILM 2007 and ILM"2" are the future. Jump on board and train of evolution and hang on, because you're going to be in for a ride!
Evolving further into Identity Lifecycle Management (Automated Identity and Access Management)
Identity Lifecycle Management Information Protection Federated Identity Strong Authentication Directory Services
