What can we really do about the insider threat?

The “insider” has been indicated as a the most severe security threat for decades. Almost every security study states that the insiders are among the highest risk in almost any organization. Employees, contractors, support engineers – they have straightforward access to the assets, they know the environment and they are in the best position to Read more about What can we really do about the insider threat?[…]

How to Start Up an Open Source Company

Evolveum is a successful open source company now. We develop open source Identity and Access Management (IAM) software. We have legally established Evolveum in 2011 but the origins of Evolveum date back to mid-2000s. In 2014 we are getting out of the startup stage into a sustainable stage. But it was a long way to Read more about How to Start Up an Open Source Company[…]

Transitive closure and matrix multiplication in identity management

MidPoint development of is full of interesting software problems – be it management of long-running tasks, integration of third-party workflow engine, devising a flexible authorization mechanism, creating a GUI that adapts to the customizable data model, or many others. However, the following one in particular reminded me of my happy student years at the faculty Read more about Transitive closure and matrix multiplication in identity management[…]

Provisioning Random sAMAccountName Value

Sometimes the customer requirements are very interesting, such as generating random attribute values. In this case I will show you how midPoint can generate random sAMAccountName attribute value for Microsoft Active Directory (AD) account provisioning. Although you can let the Active Directory to generate sAMAccountName just by omitting any value when creating a new account, Read more about Provisioning Random sAMAccountName Value[…]

Storing Extended Attributes in System Configuration

Customers usually have different deployment environments such as production, testing and development. The names and number of the environments may vary of course. If you want to maintain the configuration in XML files for revision control, you will most probably need to maintain multiple copies of (almost) the same configuration, mappings etc. Can we do Read more about Storing Extended Attributes in System Configuration[…]

Unique E-mail Address Value

Some time ago we’ve discussed how to generate e-mail address for resource target attribute. But almost everytime you would need to store user’s e-mail address in midPoint to push it anywhere you need. So we need to enter the value in midPoint (we have fancy “emailAddress” attribute handy) and let the resource schema handling mappings Read more about Unique E-mail Address Value[…]

Project Provisioning with MidPoint

Evolveum midPoint is a very unique Identity Management (IDM) system. MidPoint is a robust open source provisioning solution. Being an open source the midPoint is developed in a fairly rapid, incremental and iterative fashion. And the recent version introduced a capability that allows midPoint to reach beyond the traditional realm of identity management. Of course, Read more about Project Provisioning with MidPoint[…]

The Old IDM Kings Are Dead. Long Live the New Kings.

It can be said that Identity Management (IDM) was born in early 2000s. That was the time when many people realized that a single big directory just won’t do it. They realized that something different was needed to bring order into the identity chaos. That was the dawn of a user provisioning system. Early market Read more about The Old IDM Kings Are Dead. Long Live the New Kings.[…]

Five Practical Ways to Ruin Your IAM Project

Identity and Access Management projects are very common nowadays. The interesting fact is that too many of them either vastly under-deliver or totally fail. I have been fighting in the IAM trenches for many long years and I have seen both successful and failed projects. It looks like to me that the IAM projects are Read more about Five Practical Ways to Ruin Your IAM Project[…]