From Nothing to Identity Lifecycle Management with MidPoint!
A few minutes ago, midpoint processed 400 new accounts and also sent out welcome emails to the newly accepted students. This was the first batch of new users that midpoint has had to process and it went smoothly, 100% success rate as a matter of fact.
Up until now, all of our “Identity Management” has been a timely manual process, extracting data from a SQL Database, merging that data into Excel, manually adding other fields/attributes and then using Powershell to import them into the various systems. After the accounts were created we would then send out emails to the account holders. That was a very time consuming process for just creating them, imagine having to manually manage those accounts and groups they belong to throughout their entire lifecycle as they come and go!
Back in late 2013, early 2014, we looked at various IDM technologies including some open source like OpenIAM, Syncope, OpenIDM, WSO2 and also closed source like Microsoft Forefront Identity Manager and Oracle IDM. Although these products worked for other places, or they were just very large installs, they just did not fit in with our current ecosystem. We were looking for a product that was vendor agnostic, ability to use different identity connectors, and we didn’t want to have to buy in to a complete identity stack when we already have a robust identity authN/authZ system. I actually gave up for a few months and then I circled back to Google in a search for a solution I knew was out there. I came across MidPoint so I decided to take it for a spin and after a few weeks of getting familiar with the system and seeing what it could do and what we could do with it, I had knew this was the right solution for us.
So began the months of configuring/testing/asking/reporting and we now have a robust Identity Management solution, Identities are automatically being generated and created in all of our resources, assigning roles/groups/entitlements based on numerous attributes like affiliation, department and status all while organizing them into their respective organizational units across different systems that is sync’d in real-time. New students now get their account information the day they are accepted and not just a few weeks before the first day of class which will greatly improve our business processes. We also configured MidPoint to send out notification SMS messages and welcome emails to the account holders when they are provisioned a new account or if their accounts have been modified or deprovisioned keeping our account related support tickets down, fully-automated! When I say fully-automated, I mean fully-automated, no more Excel or Powershell, no more manually syncing users to various systems, no more manual group management, no more manually disabling/enabling accounts in different applications or any type of human interaction for that matter. For almost every situation we have created templates in which these automate every task that we would have normally had to do by hand and they help ensure that every user account is correct and consistent throughout every resource.
It is amazing to watch and see how easy it is to push new users/groups/entitlements and their attributes into various systems with just a few changes and clicks. Within the very first week of production, we were asked if we could add the users departments and divisions into our learning management system, and without midpoint, this would have been a huge task, but with midpoint deployed and running, all users were updated within a few minutes.
Although we are still in the very early stages of production, a few more kinks to iron out, we have already seen the many benefits of this system and I wanted to just let you know how it turned out. Midpoint is here to stay!
I am not a java developer and I know I asked many questions through the mailing list and everyone was very helpful and responsive so THANK YOU Evolveum for creating a wonderful product and a special thanks to Radovan, Pavol, Ivan, Katarina and the rest of the team that helped us get this far!
Jason A. Everling
Sr. Network Analyst
Baptist School of Health Professions