OUR SOLUTIONS

The Challenge

SharePoint is Microsoft's best selling product. Organisations, large and small, are using it as their Portal of choice, and for good reason. It provides out of the box collaboration with the Microsoft Office suite and can be installed and be functional within a short period of time. It is a very cost effective Portal platform for organisations that have an investment in Microsoft technologies across the enterprise. However, those organisations are likely to face a number of challenges in integrating SharePoint with their enterprise systems. Especially those that wish to implement SharePoint across a heterogeneous enterprise environment.

Typical challenges include supporting multiple directories for user definitions; support for a multi forest/domain Active Directory environment, particularly where there are users who move between forests/domains; implementing real-time compliance based upon changes to authoritative sources including user definitions and information; and allowing SharePoint to be a dynamic enterprise wide user self-service White Pages.

The Answer

UNIFY's Identity Broker^TM for SharePoint^® combined with Microsoft's Forefront Identity Manager 2010 (FIM) meets these challenges and allows organisations to implement an Enterprise SharePoint portal with automated and real-time interaction and services. While SharePoint uses its own synchronisation with directories (for example Active Directory) to create SharePoint users and populate user information, this information is limited to only a sub-set of the directory attributes and generally, will not reflect the level of user information available from other applications, such as HR.

Through the Identity Broker^TM for SharePoint^®, information from other applications and services can be populated within SharePoint thereby increasing the value and integrity of SharePoint as a portal.

In addition, as the Identity Broker^TM for SharePoint^® supports real-time bi-directional interactions, nominated information from SharePoint can be populated within relevant applications and services across the enterprise.

The SharePoint "My Site" feature is transformed into a true enterprise "White Pages" application, and when coupled with the global profile admin function, allows nominated User Profile attributes to be "authoritative" within the enterprise.

With the addition of UNIFY's Event Broker, Identity Broker^TM for SharePoint^® ensures that nominated changes within authoritative sources are reflected within SharePoint at the time of change and automatically. If SharePoint is authoritative for information (eg. Self Service White Pages), relevant changes in SharePoint are reflected within the Enterprise at the time of change.

Changes to user names or user moving between forests/domains are no longer an administration challenge. UNIFY's SharePoint Broker together with Event Broker automates these changes within SharePoint based upon changes and moves. As this process is managed by the Identity Broker^TM for SharePoint^® via FIM, it is not dependent upon the directory service but becomes part of an overall Identity Management process.

SharePoint User Management with Microsoft FIM

While SharePoint uses its own synchronisation with Active Directory to create SharePoint users and to populate user information, this information is limited to only a sub-set of Active Directory attributes and, generally, will not reflect the level of user information available from other FIM-connected applications, such as HR. With the Identity Broker^TM for SharePoint^® for FIM it is possible to populate additional user SharePoint attributes with information being managed by FIM, thereby increasing the value of information made available through SharePoint.

Where native Active Directory synchronisation to SharePoint is import only, the Identity Broker^TM for SharePoint^® for FIM provides bi-directional capability. This enables the "My Site" feature to perform the function of a true enterprise "White Pages" application which is no longer bound by the Active Directory schema. When coupled with the global profile admin function, it allows a subset of User Profile attributes to be "authoritative" within the enterprise.

Lastly, the addition of UNIFY's Event Broker ensures that authoritative User Profile changes (e.g. the Self Service White Pages scenario) are automatically detected when they occur and are imported into FIM. From there, metaverse precedence rules and MA attribute flows determine the extent to which any change is replicated throughout the enterprise. Conversely, using a similar approach for other connected directories in an FIM solution, any changes within other authoritative sources can also be reflected automatically within SharePoint real-time. 

Wizard-driven Synchronisation - Identity Broker

Merged corporate organisations, Whole of Government and complex enterprise environments often struggle with the complexities and endemic issues arising from having all or some of

• multiple points of reference for individuals and information
• disparate environments which do not natively or easily integration
• foreign identity management environments only managing within their own “island” of responsibility and
• duplicated information and processes across geographical and technical boundaries
   

Many of those issues are founded upon trying to integrate applications, environments and platforms that have differing requirements, approaches and processes.

Identity Broker™ from UNIFY Solutions provides a WIZARD driven answer to synchronisation in these scenarios.

Identity Broker™ breaks down the walls that silo applications and environments to provide a common integration approach without compromising the integrity or functionality of the siloed environment.  ‘Localised’ information and processes can be realised across the organisation in a controlled and defined structure, whether they be to centralised points of reference and management and/or synchronised between and across the siloed entities.

Coupled with Identity Management and synchronisation platforms, Identity Broker™ enables a common integration approach that removes complexities and enables automated synchronisation of information and management of Identities.

Identity Broker™ provides a harmonious approach for integrating and synchronising information and events across boundaries and disparate systems, services and information stores that removes the complexities and enables integration and collaboration between environments to enable consistent information between boundaries, integration and collaboration between disparate Identity management platforms and removal of technical and geographical boundaries to facilitate centralised information and compliancy.

Among other benefits, Identity Broker™

• Provides a common and consistent Wizard approach for integration regardless of the application, organisation geographic spread, technical and Identity Management platforms in place
• Enables cross-platform Identity Management collaboration where required
• Accommodates multiple (unlimited) Authoritative sources
• Streamlines the inclusion of systems and processes inherited through Merger & Acquisition or changes in administrative arrangements
• Mitigates the need to immediately consolidate applications, information and processes
• Provides a consistent framework for synchronising information and Identity Management to centralised references and across multiple environments

While virtually all Identity Management platforms come with a standard set of "out of the box" connectors or agents that allow for integration and collaboration with a common set of applications and directories, it is the when the solution needs to be extended across the enterprise that the challenges of integration with applications, directories and services become apparent and potentially "show stoppers".

These challenges also occur when the standard connectors do not provide the level of integration and collaboration required as the Identity Management solution has to be enhanced to accommodate more complex or fine grained interaction and processes.

As more organisations recognise the benefits of Application Driven Identity Management they are realising the benefits and returns that tight integration and coupling with applications and services at a business level are bringing. This in turn is driving a need for more advanced connectors that are designed and developed from the application to the Identity Management platform rather than the current approach of Identity Management platform to the Application.

These connectors and approach UNIFY has termed Application Driven Connectors.

UNIFYs Identity Broker suite of connectors are commercially available Application Driven Connectors that have been design and developed in collaboration with the application vendor and provide a very tight integration and collaboration between the application to the Identity Management platform.

However, there is always a potential need for an organisation to have to develop custom connectors for internally developed applications.

Traditional approaches to this requirement have been to custom design and develop intransigent, monolithic connectors based upon the Identity Management vendors' development platform which, unless the organisation makes significant investment, do not allow for the benefits of Application Driven Identity Management.

UNIFYConnect allows organisations to custom develop and implement agile Application Driven Connectors for custom applications or for extending current connector functionality.

Based upon the same Application Driven Framework used by Identity Broker, UNIFYConnect provides all of the benefits of Application Driven Connectors but for a custom development requirement.

UNIFYConnect provides "out of the box" the following benefits:

1. Rapid development environment for functionally rich, Application Driven Connectors
2. Native support for complex bi-directional Application and Identity Management platform interactions, including
3. Hierarchical management
4. Future Events
5. Past Events
6. Graphical User Interface for customisation and management
7. Logging and Reporting
8. Real-Time event management
9. Non-Invasive on the Application platform
10. Application Driven Framework compliance
11. Fully Application Driven Identity Management compliant

Only UNIFYConnect provides all of the benefits of Application Driven Connectors for organisational custom development requirements, thereby extending Application Driven Identity management across the enterprise.

UNIFY has developed its Codeless ILM Implementation Toolkit to provide customers with low risk, rapidly deployed, and easily supported ILM platforms. This Toolkit and UNIFY's associated methodologies have taken into account the codeless components of Microsoft Forefront Identity Manager 2010.

As Microsoft security partners and customers would encounter, the most difficult aspect of an ILM implementation is the requirement to write code to perform more than basic data synchronisation functionality. UNIFY has pooled its years of experience of implementing ILM to develop the Codeless ILM Implementation Toolkit.

With the Codeless ILM Implementation Toolkit, UNIFY consultants are able to transform ILM implementations into configuration exercises, removing the need to write and test code in all but the most unique circumstances. Configuration can be changed easily without the need to recompile, enabling easy testing of business logic and processes, thereby reducing costs, minimising project time frames and negating risk and impact to business and application owners

The addition of external tools which can be used within the Codeless ILM Implementation Toolkit further enhance the functionality of ILM, allowing extended solutions, repeatable and customisable without a requirement to maintain a development team to support it.

UNIFY Password Reset Manager^TM

UNIFY's Password Reset Manager is a cost effective and feature rich, secure web-based Self Service Password reset solution that allows organisations to streamline password management costs and overheads without having to make the significant investment that is often associated with other offerings.
Where traditional password management solutions based on network access provide a redundant feature set with an exorbitant price tag, the UNIFY approach concentrates on delivering just the required functionality, without losing any of the associated flexibility, and at a fraction of the cost.
Functionality includes:

1. Recording of users answers to a series of questions via a secure web-site
2. Self Service Password reset via a secure web application based upon "Challenge and Response" scenario
3. Self maintenance of answers
4. Ability to interface with Active Directory and Active Directory Lightweight Directory Service (ADLDS)
5. Configurable account lockout settings
6. Ability to provide notification of a password change
7. Intuitive user interface
8. Easily deployed
9. Does not require GINA changes

UNIFY's Password Rest Manager is a cost effective, flexible and scalable Self Service Password reset service that can provide immediate benefits and savings to an organisation at the fraction of the cost of other solutions