Book Image

Microsoft Identity Manager 2016 Handbook

By : David Steadman, Jeff Ingalls
Book Image

Microsoft Identity Manager 2016 Handbook

By: David Steadman, Jeff Ingalls

Overview of this book

Microsoft Identity Manager 2016 is Microsoft’s solution to identity management. When fully installed, the product utilizes SQL, SharePoint, IIS, web services, the .NET Framework, and SCSM to name a few, allowing it to be customized to meet nearly every business requirement. The book is divided into 15 chapters and begins with an overview of the product, what it does, and what it does not do. To better understand the concepts in MIM, we introduce a fictitious company and their problems and goals, then build an identity solutions to fit those goals. Over the course of this book, we cover topics such as MIM installation and configuration, user and group management options, self-service solutions, role-based access control, reducing security threats, and finally operational troubleshooting and best practices. By the end of this book, you will have gained the necessary skills to deploy, manage and operate Microsoft Identity Manager 2016 to meet your business requirements and solve real-world customer problems.
Table of Contents (22 chapters)
Microsoft Identity Manager 2016 Handbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

PAM components


There are a few components that make PAM work, which are as follows:

  • Active Directory management forest: A management forest is used to manage the existing forest(s) via one-way trust. Customers who already have a secured management forest, sometimes called a "red" forest, can use this management forest for PAM. If you only have a single forest, you need to create a new management forest.

  • PAM Client: This is a PowerShell cmdlet or custom solution that uses the PAM REST API, such as the open source PAM API portal we will discuss later.

  • MIM service: This is used as the PAM request and approval pipeline.

  • MIM database: This holds MIM resources (objects), attributes, and requests.

  • PAM services: These are the PAM REST API, PAM component service, and PAM monitoring service.

  • PAM REST API: This is only used by a custom PAM client and provides a mechanism for PAM interactions such as roles, requests, request approvals, and session operations.

  • PAM component service: In Windows 2012 R2...