CVF 2073 - Identity Security and Access Management II Credits: 3 Hours/Week: Course Description: This course builds on topics in CVF 1073, Identity Security & Access Management I. It provides students with comprehensive and advanced steps necessary to design, install, configure, operate, and maintain a secured IAM solution.
Students will have the opportunity to design, install, configure, and operate during hands-on lab activities such as Advanced Threat Analytics (ATA), Identity as a service (IDaaS), SaaS-based IAM offerings, SSO using SAML or OIDC, Identity Access Governance (IGA), LDAP in *nix/Windows/Mac, Intelligence: Intelligence: Identity access log monitoring and reporting, User behaviors analytics.
This course employs both “open source technology” (*nix) and “commercial technology” (Splunk), Cloudera, ATA, Tableau. MnTC Goals None
Prerequisite(s): CVF 1073 with a grade of C or higher. Corequisite(s): None Recommendation: None
Major Content 1. Implementing Identities in a PKI
- Inside PKI X.509 v3 certificates
- Expiring identities with certificate lifetimes
- Verifying identities with Subject Alternative Name
- Binding identities to certificates
- Establishing trust via certificates
- Validating trust with digital signatures
- Creating entity trust by importing a root CA
- Distributing trust to subordinate CAs
- Flowing trust with domain Group Policy Object GPO
- Building an enterprise trust hierarchy
- Publishing Certificate Revocation Lists (CRLs)
- Increasing security with an offline root CA
- Accessing directories with LDAP
- Configuring Online Certificate Status Protocol OCSP
- Trusting an external identity provider
- Forming a certificate chain
- Locating the CA Trust Anchor
2. Expanding Trust with Federated Identity Management
- Federated management with Microsoft AD FS 3.0
- Authenticating with a trusted Identity Provider IdP
- Controlling access with claims
- Verifying SAML tokens with Relaying Party RP
- Striving for universally interoperable and portable identity
- Creating claims-aware applications
- Building claims-aware applications with Windows Identity Foundation WIF
- Abstracting SAML, WS-Trust and WS-Federation protocols
- Trusting external Identity Providers
- Extending ADFS externally with Web Application Proxy WAP
- Mapping external ADFS namespaces with DNS
3. Delivering Identities to the Cloud
- Windows Azure federation
- Extending on-premises Active Directory (AD) to Azure AD
- Implementing SSO in Azure for Office 365 and SaaS applications
- Amazon AWS federation
- Authenticating with Amazon IAM roles
- Microsoft federated log-in to Amazon services using SAML tokens
4. Mobile Identity Management with BYOD
- Enrolling mobile devices
- Joining devices with Workplace Join
- Enacting Device Registration Services DRS
- Planning a Federated Identity Roadmap
- Achieving the FICAM IdM vision
- Creating organizational identity management policy
Learning Outcomes At the end of this course, students will be able to:
- implement identity/access management to control access to IT resources
- build a Public Key Infrastructure (PKI) to manage trust between Identity Providers (IdPs) and Relying Parties (RPs)
- streamline identity authentication for applications with claims
- seamlessly authenticate to the cloud with Federated
- explain Microsoft Identity Manager (MIM).
- synchronize identities store among disparate authentication stores with 3rd party.
Competency 1 (1-6) None Competency 2 (7-10) None Courses and Registration
Add to Portfolio (opens a new window)
|