OUR SOLUTIONS OUR SERVICES OUR PARTNERS OUR PEOPLE NEWS HIGHLIGHTS CONTACT US

OUR SOLUTIONS

UNIFY Solutions has developed a range of repeatable service driven provisioning solutions to assist customers implement processes and systems that meet their security, compliance and cost management objectives. These solutions complement customer IAM platforms and our implementation services business.

OUR SOLUTIONS
Enterprise Provisioning
BrokerTM for SharePoint® Integrating SharePoint Identities with enterprise systems
Identity Broker Series Repeatable solutions for HR provisioning
Event Broker for FIM & ILM Real time event triggered ILM
UNIFY Connect Rapid Development of management agents, connectors and adapter.
Codeless ILM Implementation Rapid and low risk implementation of ILM
UNIFY Password Reset Manager Self Service Password Reset solution

SOLUTION PROFILES (pdf download)
Real Time Compliant ILM Solutions
Enterprise Provisioning BrokerTM for SharePoint® White Paper
Frontier Software Chris Provisioning
Aurion HR Payroll Provisioning
NetWeaver Identity Management Provisioning

The Challenge

SharePoint is Microsoft's best selling product. Organisations, large and small, are using it as their Portal of choice, and for good reason. It provides out of the box collaboration with the Microsoft Office suite and can be installed and be functional within a short period of time. It is a very cost effective Portal platform for organisations that have an investment in Microsoft technologies across the enterprise. However, those organisations are likely to face a number of challenges in integrating SharePoint with their enterprise systems. Especially those that wish to implement SharePoint across a heterogeneous enterprise environment.

Typical challenges include supporting multiple directories for user definitions; support for a multi forest/domain Active Directory environment, particularly where there are users who move between forests/domains; implementing real-time compliance based upon changes to authoritative sources including user definitions and information; and allowing SharePoint to be a dynamic enterprise wide user self-service White Pages.

The Answer

UNIFY's Enterprise Provisioning BrokerTM for SharePoint® together with Microsoft's Identity Lifecycle Manager (ILM) meets these challenges and allows organisations to implement an Enterprise SharePoint portal with automated and real-time interaction and services. While SharePoint uses its own synchronisation with directories (for example Active Directory) to create SharePoint users and populate user information, this information is limited to only a sub-set of the directory attributes and generally, will not reflect the level of user information available from other applications, such as HR.

Through the Enterprise Provisioning BrokerTM for SharePoint®, information from other applications and services can be populated within SharePoint thereby increasing the value and integrity of SharePoint as a portal.

In addition, as the Enterprise Provisioning BrokerTM for SharePoint® supports real-time bi-directional interactions, nominated information from SharePoint can be populated within relevant applications and services across the enterprise.

The SharePoint "My Site" feature is transformed into a true enterprise "White Pages" application, and when coupled with the global profile admin function, allows nominated User Profile attributes to be "authoritative" within the enterprise.

With the addition of UNIFY's Event Broker, Enterprise Provisioning BrokerTM for SharePoint® ensures that nominated changes within authoritative sources are reflected within SharePoint at the time of change and automatically. If SharePoint is authoritative for information (eg. Self Service White Pages), relevant changes in SharePoint are reflected within the Enterprise at the time of change.

Changes to user names or user moving between forests/domains are no longer an administration challenge. UNIFY's SharePoint Broker together with Event Broker automates these changes within SharePoint based upon changes and moves. As this process is managed by the Enterprise Provisioning BrokerTM for SharePoint® via ILM, it is not dependent upon the directory service but becomes part of an overall Identity Management process.

SharePoint User Management with Microsoft ILM 2007

While SharePoint uses its own synchronisation with Active Directory to create SharePoint users and to populate user information, this information is limited to only a sub-set of Active Directory attributes and, generally, will not reflect the level of user information available from other ILM-connected applications, such as HR. With the Enterprise Provisioning BrokerTM for SharePoint® for Microsoft ILM 2007 it is possible to populate additional user SharePoint attributes with information being managed by ILM, thereby increasing the value of information made available through SharePoint.

Where native Active Directory synchronisation to SharePoint is import only, the Enterprise Provisioning BrokerTM for SharePoint® for Microsoft ILM 2007 provides bi-directional capability. This enables the "My Site" feature to perform the function of a true enterprise "White Pages" application which is no longer bound by the Active Directory schema. When coupled with the global profile admin function, it allows a subset of User Profile attributes to be "authoritative" within the enterprise.

Lastly, the addition of UNIFY's Event Broker ensures that authoritative User Profile changes (e.g. the Self Service White Pages scenario) are automatically detected when they occur and are imported into ILM. From there, metaverse precedence rules and MA attribute flows determine the extent to which any change is replicated throughout the enterprise. Conversely, using a similar approach for other connected directories in an ILM solution, any changes within other authoritative sources can also be reflected automatically within SharePoint real-time. 

The Challenge

SharePoint is Microsoft's best selling product. Organisations, large and small, are using it as their Portal of choice, and for good reason. It provides out of the box collaboration with the Microsoft Office suite and can be installed and be functional within a short period of time. It is a very cost effective Portal platform for organisations that have an investment in Microsoft technologies across the enterprise. However, those organisations are likely to face a number of challenges in integrating SharePoint with their enterprise systems. Especially those that wish to implement SharePoint across a heterogeneous enterprise environment.

Typical challenges include supporting multiple directories for user definitions; support for a multi forest/domain Active Directory environment, particularly where there are users who move between forests/domains; implementing real-time compliance based upon changes to authoritative sources including user definitions and information; and allowing SharePoint to be a dynamic enterprise wide user self-service White Pages.

The Answer

UNIFY's Enterprise Provisioning BrokerTM for SharePoint® together with Microsoft's Identity Lifecycle Manager (ILM) meets these challenges and allows organisations to implement an Enterprise SharePoint portal with automated and real-time interaction and services. While SharePoint uses its own synchronisation with directories (for example Active Directory) to create SharePoint users and populate user information, this information is limited to only a sub-set of the directory attributes and generally, will not reflect the level of user information available from other applications, such as HR.

Through the Enterprise Provisioning BrokerTM for SharePoint®, information from other applications and services can be populated within SharePoint thereby increasing the value and integrity of SharePoint as a portal.

In addition, as the Enterprise Provisioning BrokerTM for SharePoint® supports real-time bi-directional interactions, nominated information from SharePoint can be populated within relevant applications and services across the enterprise.

The SharePoint "My Site" feature is transformed into a true enterprise "White Pages" application, and when coupled with the global profile admin function, allows nominated User Profile attributes to be "authoritative" within the enterprise.

With the addition of UNIFY's Event Broker, Enterprise Provisioning BrokerTM for SharePoint® ensures that nominated changes within authoritative sources are reflected within SharePoint at the time of change and automatically. If SharePoint is authoritative for information (eg. Self Service White Pages), relevant changes in SharePoint are reflected within the Enterprise at the time of change.

Changes to user names or user moving between forests/domains are no longer an administration challenge. UNIFY's SharePoint Broker together with Event Broker automates these changes within SharePoint based upon changes and moves. As this process is managed by the Enterprise Provisioning BrokerTM for SharePoint® via ILM, it is not dependent upon the directory service but becomes part of an overall Identity Management process.

SharePoint User Management with Microsoft ILM 2007

While SharePoint uses its own synchronisation with Active Directory to create SharePoint users and to populate user information, this information is limited to only a sub-set of Active Directory attributes and, generally, will not reflect the level of user information available from other ILM-connected applications, such as HR. With the Enterprise Provisioning BrokerTM for SharePoint® for Microsoft ILM 2007 it is possible to populate additional user SharePoint attributes with information being managed by ILM, thereby increasing the value of information made available through SharePoint.

Where native Active Directory synchronisation to SharePoint is import only, the Enterprise Provisioning BrokerTM for SharePoint® for Microsoft ILM 2007 provides bi-directional capability. This enables the "My Site" feature to perform the function of a true enterprise "White Pages" application which is no longer bound by the Active Directory schema. When coupled with the global profile admin function, it allows a subset of User Profile attributes to be "authoritative" within the enterprise.

Lastly, the addition of UNIFY's Event Broker ensures that authoritative User Profile changes (e.g. the Self Service White Pages scenario) are automatically detected when they occur and are imported into ILM. From there, metaverse precedence rules and MA attribute flows determine the extent to which any change is replicated throughout the enterprise. Conversely, using a similar approach for other connected directories in an ILM solution, any changes within other authoritative sources can also be reflected automatically within SharePoint real-time. 

Identity Broker

Identity Management is a critical business service with dependencies on, and interactions with many enterprise applications and services, either as Authoritative sources or consumers of information and events managed by the Identity Management platform.

Its value to the enterprise is based upon the integrity of the information and interactions it has with the applications and services, whether they are the providers or the consumers.

The need for high integrity drives the reliance upon tight integration and interaction with and upon applications, especially those that are Authoritative sources.

It is this requirement that is driving a focus away from connectors being developed from the Identity Management platform to the application, to one based upon the development of tightly coupled application specific connectors that can interact and provide the functionality to the Identity Management platform.

UNIFY terms this Application Driven Identity Management.

It is a model that ensures that the solution is not compromised through poor interaction or coupling with the applications and services for which the Identity Management platform is responsible for.

In addition to ensuring high integrity, Application Driven Connectors allow for less complexity within the Identity Management solution and therefore reduced costs and overheads when designing, deploying and managing the solution.

As the Identity Management solution is extended further across the enterprise, the benefits that Application Driven connectors provide by streamlining the design and reducing the administration overhead become more apparent and relevant.

UNIFYs Identity Broker suite provides Application Driven connectors for multiple Identity Management platforms using a consistent and enterprise compliant framework.

The Identity Broker suite has been developed based upon our Application Driven Framework which focuses upon Application to Identity Management platform integration, rather than the traditional Identity Management to Application approach which inherently does not provide tight application integration and collaboration, and results in increased complexity within the Identity Management platform as more business rules, processes and attributes need to be accommodated.

UNIFY works very closely with the relevant Application vendors to ensure the tight collaboration that only Application Driven connectors can provide.

Key benefits of UNIFYs Identity Broker suite include:

Application Driven Brokers

Identity Broker provides tight integration and coupling with Applications whether they be Authoritative or Consumers, bi and uni-directional for attributes and events.

Identity Management Platform Design

Identity Broker is written specifically for the Application, but with support for multiple Identity Management platforms and services. Identity Broker can be easily extended to support additional Identity Management platforms without compromising the Application integration.

Streamlined Identity Management Platform Design

Identity Broker removes the complexities inherent in most Identity Management platform designs and implementations particularly around business processes, static events and hierarchical management.

Ease of Use

All Identity Brokers use an easy to use Graphical User Interface (GUI) to allow customisation and management of the interactions between the application and the Identity Management platform. Key components can be easily activated or de-activated including (but not limited to) future / past event management, attribute mappings and flow definitions.

Application Driven Identity Management

Identity Broker ensures integrity through an Identity Management solution that is based upon Application Driven outcomes and information that can only be recognised via Application Driven Brokers.

Non-Invasive

Identity Broker typically does not require the installation of product on the application environment.

 
Overview
On 6 October 2009, Microsoft released Forefront Identity Manager 2010 (FIM) RC1, with the final release scheduled for the first quarter of 2010. FIM consists of a portal and a synchronization engine – the very same application Microsoft Identity Integrators have known as Identity Lifecycle Manager (ILM) 2007 FP1, and Microsoft Identity Integration Server (MIIS) before that. As we transition from ILM to FIM, Event Broker extends the underlying FIM/ILM Synchronization Engine to improve security, ensure continuous compliance, reduce administration costs and meet service levels by adding real-time and event triggered capability.
Event Broker makes your FIM/ILM solution event-aware. For example -
·    If a change occurs within the synchronization engine such that an update to a connected directory/store is pending, it initiates the relevant run profile immediately rather than having the synchronization engine sit idle until the next scheduled run as per a non Event Broker design.
·    If a change occurs external to the synchronization engine in a connected directory, again, Event Broker will initiate the relevant run profile at the time of change.
Event Broker is a robust, flexible and scalable real-time, event manager for Microsoft's Identity Management Platform, be it ILM or FIM.  It is configurable to be “event aware” for any FIM/ILM-based provisioning solution and triggers the synchronization engine to execute run profiles only when there is work to do.
The latest Event Broker 2.2 release introduces a new execution thread model to allow ILM architects to mitigate the likelihood of MicrosoftIdentityIntegrationServer database record locking due to simultaneous synchronization activity. This feature makes any ILM/FIM solution more robust than ever when driven by Event Broker.
Value Proposition
Event Broker allows organisations to retain the integrity and reliability of a FIM/ILM-based solution, while at the same time giving it “event awareness” that allows it to break the shackles of the traditional scheduled and pre-programmed operation mode. This has a liberating effect that permeates every aspect of the operational environment, ensuring that identity provisioning and attribute flows occur only when necessary, and only for the relevant changes.
Event Broker effectively extends the FIM or ILM synchronization service to be a near real-time, persistent and “continuous compliant” platform.
Features
Event Broker has an intuitive configuration interface that simplifies and streamlines the management and design of an ILM solution. Jobs, known as “Operation Lists”, are configured as a series of tasks or “Operations”.
Operation Lists can be invoked either
·    in response to a change event in a connected source (Incoming),
·    in response to a pending export from the synchronization engine (Outgoing), or
·    on a timed schedule
Most FIM/ILM-based Identity Management solutions evolve to include a variety of tasks and processes, and these can be expressed within Event Broker as Operations within Operation Lists. Operations can be chained in a simple sequence, or to intelligently “branch” based on the result of a preceding Operation.
An Event Broker Operation can be
·    any standard FIM/ILM run profile
·    any one of a packaged set of plug-ins, such as a task to archive the run history or execute a SQL script, or
·    a label to support branching in operation sequence.
Each operation is configurable to allow override of the default assigned processing time-out and retry settings, together with a set of specific success return codes to provide maximum flexibility during configuration.
By virtue of its intuitive management console, Event Broker ensures a consistent paradigm for configuring and managing all operational activity for any FIM/ILM environment. In doing so it effectively reduces the overall complexity of the entire Microsoft Identity Management platform.
Event Broker and FIM
Event Broker remains the only available automated, real-time event manager for all FIM synchronization engine interactions.  For the forthcoming release, FIM will not incorporate automated, real-time provisioning from the synchronization engine (pending exports). Nor will it respond to events in connected sources, in particular authoritative sources, which could give rise to identity flows within the synchronization engine (pending imports).
Event Broker for FIM will continue to provide this fundamental capability and facilitate end-to-end automated, real-time provisioning.  Without Event Broker, FIM will not be able to respond appropriately to changes in applications and services at the time of change.
Moreover, Event Broker provides FIM implementers with the only tool capable of intelligently handling the added complexities introduced with the FIM Portal. The supplied management agent set now includes the “ILM MA”, which is required to provide synchronization between the FIM Portal and the FIM synchronization engine’s “metaverse”. This MA ensures that not only are identities within the portal synchronized with the metaverse, but also policy data is synchronized. This constitutes the most significant variation to the synchronization service architecture from ILM2007 FP1, FIM architecture, whereby both traditional identity data is maintained side-by-side with business rules in the form of policy objects within the metaverse. Event Broker provides the capability of determining the nature of a detected change in the FIM portal, thereby providing the intelligence necessary to determine if the FIM synchronization can process the incoming delta with or without first performing a full synchronization on all MAs.

While virtually all Identity Management platforms come with a standard set of "out of the box" connectors or agents that allow for integration and collaboration with a common set of applications and directories, it is the when the solution needs to be extended across the enterprise that the challenges of integration with applications, directories and services become apparent and potentially "show stoppers".

These challenges also occur when the standard connectors do not provide the level of integration and collaboration required as the Identity Management solution has to be enhanced to accommodate more complex or fine grained interaction and processes.

As more organisations recognise the benefits of Application Driven Identity Management they are realising the benefits and returns that tight integration and coupling with applications and services at a business level are bringing. This in turn is driving a need for more advanced connectors that are designed and developed from the application to the Identity Management platform rather than the current approach of Identity Management platform to the Application.

These connectors and approach UNIFY has termed Application Driven Connectors.

UNIFYs Identity Broker suite of connectors are commercially available Application Driven Connectors that have been design and developed in collaboration with the application vendor and provide a very tight integration and collaboration between the application to the Identity Management platform.

However, there is always a potential need for an organisation to have to develop custom connectors for internally developed applications.

Traditional approaches to this requirement have been to custom design and develop intransigent, monolithic connectors based upon the Identity Management vendors' development platform which, unless the organisation makes significant investment, do not allow for the benefits of Application Driven Identity Management.

UNIFYConnect allows organisations to custom develop and implement agile Application Driven Connectors for custom applications or for extending current connector functionality.

Based upon the same Application Driven Framework used by Identity Broker, UNIFYConnect provides all of the benefits of Application Driven Connectors but for a custom development requirement.

UNIFYConnect provides "out of the box" the following benefits:

  1. Rapid development environment for functionally rich, Application Driven Connectors
  2. Native support for complex bi-directional Application and Identity Management platform interactions, including
  3. Hierarchical management
  4. Future Events
  5. Past Events
  6. Graphical User Interface for customisation and management
  7. Logging and Reporting
  8. Real-Time event management
  9. Non-Invasive on the Application platform
  10. Application Driven Framework compliance
  11. Fully Application Driven Identity Management compliant

Only UNIFYConnect provides all of the benefits of Application Driven Connectors for organisational custom development requirements, thereby extending Application Driven Identity management across the enterprise.

UNIFY has developed its Codeless ILM Implementation Toolkit to provide customers with low risk, rapidly deployed, and easily supported ILM platforms. This Toolkit and UNIFY's associated methodologies have taken into account the codeless components of ILM 2.

As Microsoft security partners and customers would encounter, the most difficult aspect of an ILM implementation is the requirement to write code to perform more than basic data synchronisation functionality. UNIFY has pooled its years of experience of implementing ILM to develop the Codeless ILM Implementation Toolkit.

With the Codeless ILM Implementation Toolkit, UNIFY consultants are able to transform ILM implementations into configuration exercises, removing the need to write and test code in all but the most unique circumstances. Configuration can be changed easily without the need to recompile, enabling easy testing of business logic and processes, thereby reducing costs, minimising project time frames and negating risk and impact to business and application owners

The addition of external tools which can be used within the Codeless ILM Implementation Toolkit further enhance the functionality of ILM, allowing extended solutions, repeatable and customisable without a requirement to maintain a development team to support it.

UNIFY Password Reset ManagerTM

UNIFY's Password Reset Manager is a cost effective and feature rich, secure web-based Self Service Password reset solution that allows organisations to streamline password management costs and overheads without having to make the significant investment that is often associated with other offerings.
Where traditional password management solutions based on network access provide a redundant feature set with an exorbitant price tag, the UNIFY approach concentrates on delivering just the required functionality, without losing any of the associated flexibility, and at a fraction of the cost.
Functionality includes:

  1. Recording of users answers to a series of questions via a secure web-site
  2. Self Service Password reset via a secure web application based upon "Challenge and Response" scenario
  3. Self maintenance of answers
  4. Ability to interface with Active Directory and Active Directory Lightweight Directory Service (ADLDS)
  5. Configurable account lockout settings
  6. Ability to provide notification of a password change
  7. Intuitive user interface
  8. Easily deployed
  9. Does not require GINA changes

UNIFY's Password Rest Manager is a cost effective, flexible and scalable Self Service Password reset service that can provide immediate benefits and savings to an organisation at the fraction of the cost of other solutions

 
Copyright © 2008 Unify Solutions. All rights reserved. Home | Our Solutions | Our Services | Our Partners | Our People | News | Contact Us