Fixing Data with Bulk Actions and XSLT

An IDM deployment is not always a straightforward process. It perhaps bears a similarity to the development of a software product, which is far from a linear process as well. So, from time to time, it is necessary to modify or repair the data already present in midPoint system. For simple actions, like setting a Read more about Fixing Data with Bulk Actions and XSLT[…]

What can we really do about the insider threat?

The “insider” has been indicated as a the most severe security threat for decades. Almost every security study states that the insiders are among the highest risk in almost any organization. Employees, contractors, support engineers – they have straightforward access to the assets, they know the environment and they are in the best position to Read more about What can we really do about the insider threat?[…]

Provisioning Random sAMAccountName Value

Sometimes the customer requirements are very interesting, such as generating random attribute values. In this case I will show you how midPoint can generate random sAMAccountName attribute value for Microsoft Active Directory (AD) account provisioning. Although you can let the Active Directory to generate sAMAccountName just by omitting any value when creating a new account, Read more about Provisioning Random sAMAccountName Value[…]

Storing Extended Attributes in System Configuration

Customers usually have different deployment environments such as production, testing and development. The names and number of the environments may vary of course. If you want to maintain the configuration in XML files for revision control, you will most probably need to maintain multiple copies of (almost) the same configuration, mappings etc. Can we do Read more about Storing Extended Attributes in System Configuration[…]

Unique E-mail Address Value

Some time ago we’ve discussed how to generate e-mail address for resource target attribute. But almost everytime you would need to store user’s e-mail address in midPoint to push it anywhere you need. So we need to enter the value in midPoint (we have fancy “emailAddress” attribute handy) and let the resource schema handling mappings Read more about Unique E-mail Address Value[…]

Five Practical Ways to Ruin Your IAM Project

Identity and Access Management projects are very common nowadays. The interesting fact is that too many of them either vastly under-deliver or totally fail. I have been fighting in the IAM trenches for many long years and I have seen both successful and failed projects. It looks like to me that the IAM projects are Read more about Five Practical Ways to Ruin Your IAM Project[…]

Sun IdM to midPoint migration (case study)

We would like to announce that one of several ongoing migrations from Sun IdM to midPoint has successfully finished. It was done by our partner AMI Praha. They published interesting article describing their deployment, unfortunately only in Czech language, available at nasazeni-idm-midpoint-v-ami-praha. We would like to highlight that it is a typical deployment for a Read more about Sun IdM to midPoint migration (case study)[…]

IDM Antipatterns and Best Practice

All of us know it: ideas that sounds great but they fail miserably. It is a common sight almost everywhere. But during last few months I’ve heard an unusual number of such ideas related to the Identity and Access Management solutions. I know that veteran IAM practitioners are probably already well aware of them, but Read more about IDM Antipatterns and Best Practice[…]

Expression Evolution In Real Life

When customizing midPoint for deployment, you will need expressions sooner or later. In this post, I would like to present one possible way of the email expression evolution. Let’s suppose that our target system has an account attribute “InternetAddress” to store user’s e-mail address. Goal generate e-mail address based on user’s givenName and familyName attributes. Read more about Expression Evolution In Real Life[…]