Protecting the Organization with Identity Panel (course A825)

Course A825, Protecting the Organization with Identity Panel teaches how to use the features of the Identity Panel core framework to improve the organization’s identity security posture.

Duration: 1 day

Who is this for?

This course is designed for:

  • Active Directory engineers responsible for security and integrity of identities, groups, and their permissions.
  • PowerShell developers who run develop and run scripts within the enterprise to maintenance and modify accounts, groups, authentications, and permissions.
  • MIM Developers who want to understand and utilized the features of Identity Panel to avoid security exposure, data loss, and other unwanted changes
  • Application Owners who want to understand how to secure their application access
  • Security Engineers who want to understand how to protect the company from one of its largest risks (according to the Guardian)
  • Compliance Engineers and auditors who need compliance reports

Prerequisites

Attendees will usually be an engineer, developer, or architect in the technologies that will be used with the Suite. As a minimum, you should have a sound understanding of network directories, and your organization’s identity management processes.

What you will learn

  • Understand how Identity Panel protects the enterprise
  • Understand the gaps and risks that are introduced when when organizations automated IAM with Microsoft Identity Manager and PowerShell scripts, and know how tol addresses these risks with Identity Panel
  • Understand how Identity Panel fits into you Change Control process and brings your organization in compliance with SOC II Type 2 audit and other standards
  • Know how to empower your GDPR and non-repudiation compliance effort with Identity Panel
  • Learn how to Identity Panel tells you what is going to happen before you or MIM make the change
  • Understand how to report and visualize change. Know who or what caused any change to your MIM code, connectors, and identities
  • Learn how to fix identity problems in your enterprise Identity Panel has unearthed
  • Learn how monitor and prevent stealth password capturing from being secretly implement within MIM
  • Discover how companies are responding to “code red” situations with Identity Panel, preventing rouge players from acting against the company IT systems
  • Discovery how to institute separation of duties in your scripts, preventing privileged scripting from acting against the organization.

Agenda by feature

  • Time Traveler and Service Panel
  • Uplift Rule Engine and Source Control (.NET rules extension on rails)
  • Scheduler and Workflows
  • Managed PowerShell
  • Preventing unwanted change, and approving change
  • Test Cases
  • Bulk Clean-up
  • How Identity Panel protects itself

Agenda in detail

Time Traveler and Service Panel

  • Identity Silos
  • Contrails
  • Directory and Application identity history
  • Claims logging
  • Assessing an issues
  • Making identity changes with Service Panel

Uplift Rule Engine and Source Control

Scheduler and Workflows

  • Who is doing the work? Panel Services vs. Web Application
  • Security contexts
  • Change volume thresholds
  • Overlapping schedules (conflicting schedules)
  • Workflow approvals
  • Preventing unwanted change, and approving change

Managed PowerShell

  • Separation of Duties
  • Eliminating user level privileged access
  • Protecting and hiding credentials from developers

Test Cases

  • Change Control – Provide you have tested your changes
  • Change Control – Show you can check your changes before, during, and after
  • Change Control – Show you can roll-back unwanted outcomes
  • Development to production life-cycle on rails

Bulk Clean-up

Manage the Humans!

  • Human Checks – Who is watching the store?
  • Who is changing MIM?
  • Who made that change to AD?
  • Who is stopping the Schedule?
  • Did someone turn provisioning off (and forget to turn it on)
  • Limit who can do what to whom through Service Panel
  • Non-repudiation
  • Empower on-boarding and get the human data right

How Identity Panel and Service Panel protect themselves

  • Security architecture
  • Access Logging
  • MIM RDP Console – Identity Manager
  • Least privileged
  • Panel Check
  • Optional: Auto-update Panel Service from App Server or cloud