Give users seamless access to SharePoint with one set of passwords and policies and without the complexity and limitations of Active Directory Federation Services.
Access Manager simplifies the process of managing different user communities' access to Microsoft SharePoint. The result: users get seamless access to SharePoint with one set of passwords and policies – even if their user accounts reside in Active Directory identity stores spread across the enterprise.
If you use SharePoint for collaboration and data sharing, you've likely noticed that it's difficult to manage access from your various identity stores. While SharePoint supports standard LDAP identity stores, using anything other than Active Directory (AD) can complicate administration.
Even if you're just using AD, management can be difficult when you have multiple AD domains or identity stores. The identity and access management becomes even more complex if you want to give your partners and customers access to your SharePoint resources, as these communities are often managed in separate identity stores. As the need to share information continues to grow, many organizations are surprised to find how complex and limiting Active Directory Federation Services can be.
Fortunately, Access Manager simplifies the management of multi-community access to Microsoft SharePoint. It does this by securely exchanging identity information between Access Manager and SharePoint through an identity federation process.
Using the WS-Federation standard, Access Manager serves as the single authentication point for all user access requests to SharePoint – regardless of where those users' identities are stored in Active Directory.
The process eliminates the need to manage individual identities in a single Active Directory identity store. The basic process flows in a near instantaneous manner:
1. The user requests access to SharePoint.
2. The SharePoint server passes the authentication request to the Active Directory Federation Services (ADFS) server.
3. The ADFS server redirects the request to Access Manager Identity Server acting as the identity provider.
4. The user logs in to Identity Server. Identity Server validates the user and his or her credentials against the identity information contained in the appropriate identity store.
5. Once validated, Identity Server transforms the user identity into a set of ADFS claims (a collection of specially formatted user authentication information, such as name, identity, key, group, privilege, and so on). Identity Server sends the ADFS claim back to the ADFS server, which grants the user access to SharePoint.
A key advantage of using NetIQ Access ManagerTM to handle SharePoint users is that it supports multiple identity stores out of the box, including Microsoft Active Directory and NetIQ eDirectory. You can also customize Access Manager to support additional LDAP identity stores. That means you can preserve the identity stores that already exist within your organization. You don't have to move them to AD or consolidate them into a single identity store just to facilitate management of your SharePoint environment. It also lets you give your customers and partners access to SharePoint without having to replicate their identity stores.
