When we are deploying Identity Management (IDM) solution in organization, we are facing a number of questions. One of them is how to map organization structure scheme (first picture below) to target system so we can facilitate and clarify the work of administrators to manage access and privileges tied to organization structure (OS). Let me Read more about Practical organization structure in Active Directory[…]
The user naming attribute “name” is a string attribute and can be defined manually. MidPoint will ensure that the value of this attribute is unique. Although for small setups there is no problem with entering this attribute value manually, it can be usually defined by an expression based on various UserType object properties (attributes). In Read more about Different Naming Conventions For Different User Types[…]
Do you use CAS and need just-in-time provisioning? Use midPoint! It can be maybe simpler than you can imagine. Few days ago I got requirement if it is possible to provision identities from CAS after user logs in. For sure, you can make provisioning for each service provider using CAS by itself. But what if Read more about Using midPoint with CAS[…]
So the last weekend was dedicated to IDM solution upgrade procedure – and it all went OK! After several months of continuous integration of new target systems and expressions and after weeks of integration and acceptance testing we got a green light and the upgrade was started. How does such upgrade look like? Is it Read more about Successful IDM solution upgrade[…]
When provisioning users in the multi-tenant environment, you have many organizations in your organization structure and your users belong to different organizations. Their access rights are combinations of roles AND tenants to which they belong. For example you can use a directory system, where users are provisioned, and assigned into groups, which are created and Read more about Working with multi-tenant roles[…]
An IDM deployment is not always a straightforward process. It perhaps bears a similarity to the development of a software product, which is far from a linear process as well. So, from time to time, it is necessary to modify or repair the data already present in midPoint system. For simple actions, like setting a Read more about Fixing Data with Bulk Actions and XSLT[…]
The “insider” has been indicated as a the most severe security threat for decades. Almost every security study states that the insiders are among the highest risk in almost any organization. Employees, contractors, support engineers – they have straightforward access to the assets, they know the environment and they are in the best position to Read more about What can we really do about the insider threat?[…]
Identity Management Engineer is not just a job. It’s rather a mission. IDM Engineer is supposed to be ready to be involved in the IDM project in any or multiple phases. He can start from the very beginning, when the project is in its pre-sales phase; he can provide consultations for partners during the analysis Read more about What Does IDM Engineer Do?[…]
Sometimes the customer requirements are very interesting, such as generating random attribute values. In this case I will show you how midPoint can generate random sAMAccountName attribute value for Microsoft Active Directory (AD) account provisioning. Although you can let the Active Directory to generate sAMAccountName just by omitting any value when creating a new account, Read more about Provisioning Random sAMAccountName Value[…]
Customers usually have different deployment environments such as production, testing and development. The names and number of the environments may vary of course. If you want to maintain the configuration in XML files for revision control, you will most probably need to maintain multiple copies of (almost) the same configuration, mappings etc. Can we do Read more about Storing Extended Attributes in System Configuration[…]