CVF 2073 - Identity Security and Access Management II

Credits: 3
Hours/Week:
Course Description: This course builds on topics in CVF 1073, Identity Security & Access Management I. It provides students with comprehensive and advanced steps necessary to design, install, configure, operate, and maintain a secured IAM solution.
Students will have the opportunity to design, install, configure, and operate during hands-on lab activities such as Advanced Threat Analytics (ATA), Identity as a service (IDaaS), SaaS-based IAM offerings, SSO using SAML or OIDC, Identity Access Governance (IGA), LDAP in *nix/Windows/Mac, Intelligence: Intelligence: Identity access log monitoring and reporting, User behaviors analytics.
This course employs both “open source technology” (*nix) and “commercial technology” (Splunk), Cloudera, ATA, Tableau.
MnTC Goals
None

Prerequisite(s): CVF 1073  with a grade of C or higher.
Corequisite(s): None
Recommendation: None

Major Content
1. Implementing Identities in a PKI

1. Inside PKI X.509 v3 certificates
   1. Expiring identities with certificate lifetimes
   2. Verifying identities with Subject Alternative Name
   3. Binding identities to certificates
2. Establishing trust via certificates
   1. Validating trust with digital signatures
   2. Creating entity trust by importing a root CA
   3. Distributing trust to subordinate CAs
   4. Flowing trust with domain Group Policy Object GPO
3. Building an enterprise trust hierarchy
   1. Publishing Certificate Revocation Lists (CRLs)
   2. Increasing security with an offline root CA
   3. Accessing directories with LDAP
   4. Configuring Online Certificate Status Protocol OCSP
4. Trusting an external identity provider
   1. Forming a certificate chain
   2. Locating the CA Trust Anchor

2. Expanding Trust with Federated Identity Management

1. Federated management with Microsoft AD FS 3.0
   1. Authenticating with a trusted Identity Provider IdP
   2. Controlling access with claims
   3. Verifying SAML tokens with Relaying Party RP
   4. Striving for universally interoperable and portable identity
2. Creating claims-aware applications
   1. Building claims-aware applications with Windows Identity Foundation WIF
   2. Abstracting SAML, WS-Trust and WS-Federation protocols
3. Trusting external Identity Providers
   1. Extending ADFS externally with Web Application Proxy WAP
   2. Mapping external ADFS namespaces with DNS

3. Delivering Identities to the Cloud

1. Windows Azure federation
   1. Extending on-premises Active Directory (AD) to Azure AD
   2. Implementing SSO in Azure for Office 365 and SaaS applications
2. Amazon AWS federation
   1. Authenticating with Amazon IAM roles
   2. Microsoft federated log-in to Amazon services using SAML tokens

4. Mobile Identity Management with BYOD

1. Enrolling mobile devices
   1. Joining devices with Workplace Join
   2. Enacting Device Registration Services DRS
2. Planning a Federated Identity Roadmap
   1. Achieving the FICAM IdM vision
   2. Creating organizational identity management policy

1. implement identity/access management to control access to IT resources
2. build a Public Key Infrastructure (PKI) to manage trust between Identity Providers (IdPs) and Relying Parties (RPs)
3. streamline identity authentication for applications with claims
4. seamlessly authenticate to the cloud with Federated
5. explain Microsoft Identity Manager (MIM).
6. synchronize identities store among disparate authentication stores with 3rd party.

Courses and Registration