At its Tech-Ed for Professionals summit, being held in Florida this week, Microsoft unveiled the first public beta version of Identity Lifecycle Manager 2.
This product will handle the entire identity life cycle, from provisioning new users to deployment to termination.
It provides a much-needed solution in the Microsoft (NASDAQ:MSFT) space in enterprises, but whether or not it's acceptable by enterprises remains to be seen, because it will enable end users to manage their own identities, which raises security issues.
ILM 2, the codename for the successor to ILM 2007, will "deliver integrated identity management systems across heterogeneous systems and multiple audiences," Douglas Leland, general manager, Microsoft's identity and access business group, told InternetNews.com.
It will have a "powerful set of self-service capabilities for the end user and a suite of rich administrative tools and enhanced automation for IT professionals," Leland added.
Being user-centric is "significant for Microsoft," Leland said. The goal is to put users in control of the management of their identities and access privileges using Microsoft Windows and Office, "providing a consistent and familiar interface in a privacy-friendly way," he added.
There will be no problem with supporting Windows XP, "because we support down-level as well" but "obviously you will get significant benefits as you move to Vista," Leland said.
The user-centric approach puts Microsoft in the lead because "the state of the art is not providing meaningful tools for end users to manage their own profiles and entitlements," Leland said.
That's a point Bilhar Mann, CA's senior vice president of security management, takes issue with.
"They say that, in listening to customers, they've identified a major flaw with other identity management products, in that users don't have self service capabilities," Mann told InternetNews.com.
"That's not correct; we delegate the managing of identity and passwords to end users, and this feature's in our shipping product now."
Microsoft's user-centric approach worries Kevin Kampmann, a senior analyst at The Burton Group. "The concept is interesting, but there are still issues around interoperability and putting mechanisms in place that make it viable," he told InternetNews.com.
"Does the user want to do this?" he added. "And there's a whole issue of trust on the enterprise side that needs to be dealt with."
CA has got that angle covered: Earlier this week, it unveiled Security Compliance Manager and a slew of other products with identity management features.
Security Compliance Manager lets managers certify and attest to the access rights a user has. "A user can ask for access rights, but can't get them without certification or approval by a manager," Mann said. "It's just like when an executive asks for a corporate credit card, there's no way he'll get it without a manager's approval."
CA's identity management products also control access based on a user's role in the corporation. For example, finance department staff won't be able to get access to engineering applications and vice versa. "There's control at the outset and there's also a control chain," Mann said.
ILM2 will let enterprises manage multiple credential types -- passwords, identity certificates, smart cards and one time password devices, which will "provide significant cost savings and advantages in terms of security because you get an end to end view," Leland said.
It provides a user interface for creating workflows and policies. This lets users "select, drag, drop and create sophisticated workflows and policies through portals," and allows policies to manage both Windows and non-Windows environments, Leland said.
The public beta of ILM2 shows that Microsoft is "getting serious about identity management in terms of the ability to provide a consistent management framework for identity information," Burton Group's Kampmann said.
Next page: Leveraging Microsoft solutions