When implementing a connector for the Midpoint identity management solution, there is a potential to interconnect a broad spectrum of services. Using the System for Cross-domain Identity Management (SCIM) protocol seems as a road to take. We are also working with the connId framework. It provides a means for building identity connectors in a more Read more about Real life story of SCIMv1 and ConnId, Part 1[…]
Unix/Linux servers can be configured to authenticate and authorize against LDAP server, by using LDAP accounts and groups. With some Identity Management solutions you can put users to these groups, but you need to manage the groups by the native LDAP tools. This is not the case with midPoint! MidPoint allows you to create not only LDAP accounts, but also the groups so it can become the ultimate tool for IT administrators or even for users with limited IT skills, really simplifying the LDAP group management. […]
Sun Identity Manager a.k.a. Oracle Waveset is a software product at the end of its lifecycle. Yet many organizations still operate Sun IDM solution because they haven’t found any reasonable migration path. But now there is a migration path that leads to the most comprehensive open source IDM solution: Evolveum midPoint. In the previous two posts I have described the obstacles and motivation of Sun IDM migration. It is quite clear that major migration obstacles are the cost and the risk. However, we have successfully addressed both of these obstacles. The cost is addressed by the unprecedented deployment efficiency of Evolveum midPoint. Yet it is the risk that is usually the worst issue for any migration of any software system. But due to the flexibility of Evolveum midPoint we have managed to keep migration risk at a very acceptable level. And this post describes the details of our solution. […]
Many applications connected to LDAP use LDAP groups for authorization. With some Identity Management solutions you can put users to these groups, but you need to manage the groups by the native LDAP tools. This is not the case with midPoint! MidPoint allows you to create not only LDAP accounts, but also the groups so it can become the ultimate tool for IT administrators or even for users with limited IT skills, really simplifying the LDAP group management. […]
Sun Identity Manager is a king that has fallen. It is now called Oracle Waveset and it is as good as dead. Yet there are still many Sun IDM installations that hesitate with the migration. One of the major concern is the cost of the migration project. But as I have written in the first Read more about From Waveset to midPoint, Part 2[…]
At many places in midPoint we can (and sometimes have to) specify queries in order to find one or more objects in the system. We do this e.g. when we want to restrict objects (like users, roles, resources or services) shown on the screen, when selecting objects that are to be included within a report, when specifying objects that are to be processed by a background task, when account owner is to be determined, or when assignment target is to be found. All of this is done via midPoint query language – abstract XML-based language that is designed to specify constraints on objects, and optionally paging and sorting instructions. This language is very powerful. The negative side of that power is complexity: it is quite hard to write (correct) queries by hand. Because of this, we’ve recently added a simple, yet helpful feature to midPoint: query playground.
Back in 2000s the Sun Identity Manager was the king. It was the best IDM product pursuant to Gartner. It had a good market share. And according to my experience it was actually the only practical IDM system on the market. Sun Identity Manager is now dead. It died in 2010 when Sun Microsystems was acquired by Oracle. Sun IDM was renamed to Oracle Waveset and the development of the product has been immediately stopped. But Sun IDM is a tough one. Even though it was killed 6 years ago it still survives in a creepy half-life form to this day. Oracle obviously tried to migrate all the Sun IDM installations to Oracle Identity Manager. But many customers refused to migrate. We can only speculate about the reasons, although anyone that had any hands-on experience with Oracle IDM will certainly have an opinion about that. Anyway, the future was not entirely bright for those who still maintain Sun IDM installation. But now there is a new hope. […]
The organizational structure in midPoint does not always represent a typical enterprise. In case of multitenant setup in the cloud, the organization units represent “tenants” which are completely independent. In enterprise organizations, the sub-organizations and their members are usually readable (to some extent) to all members. In the multitenant setup must maintain tenant isolation. How can this be done using midPoint? […]
Do you need to manage different linux machines? Are you struggling with that? Are you losing track of which user can access which Linux machine? Are users upset with different logins for different linux machines? If you answer positively at least one question, I’ll try to alleviate your everyday suffering with this blog. If your answers were no Read more about Provisioning to Unix in 5 steps[…]
When we are deploying Identity Management (IDM) solution in organization, we are facing a number of questions. One of them is how to map organization structure scheme (first picture below) to target system so we can facilitate and clarify the work of administrators to manage access and privileges tied to organization structure (OS). Let me Read more about Practical organization structure in Active Directory[…]