Evolveum’s Identity Management and Governance Blog

Simplifying LDAP Group Management Using MidPoint

Posted on by Ivan Noris

Many applications connected to LDAP use LDAP groups for authorization. With some Identity Management solutions you can put users to these groups, but you need to manage the groups by the native LDAP tools. This is not the case with midPoint! MidPoint allows you to create not only LDAP accounts, but also the groups so it can become the ultimate tool for IT administrators or even for users with limited IT skills, really simplifying the LDAP group management. […]

From Waveset to midPoint, Part 2

Posted on by Radovan Semancik

Sun Identity Manager is a king that has fallen. It is now called Oracle Waveset and it is as good as dead. Yet there are still many Sun IDM installations that hesitate with the migration. One of the major concern is the cost of the migration project. But as I have written in the first Read more about From Waveset to midPoint, Part 2[…]

Query playground

Posted on by Pavol Mederly

At many places in midPoint we can (and sometimes have to) specify queries in order to find one or more objects in the system. We do this e.g. when we want to restrict objects (like users, roles, resources or services) shown on the screen, when selecting objects that are to be included within a report, when specifying objects that are to be processed by a background task, when account owner is to be determined, or when assignment target is to be found. All of this is done via midPoint query language – abstract XML-based language that is designed to specify constraints on objects, and optionally paging and sorting instructions. This language is very powerful. The negative side of that power is complexity: it is quite hard to write (correct) queries by hand. Because of this, we’ve recently added a simple, yet helpful feature to midPoint: query playground.

[…]

From Waveset to midPoint, Part 1

Posted on by Radovan Semancik

Back in 2000s the Sun Identity Manager was the king. It was the best IDM product pursuant to Gartner. It had a good market share. And according to my experience it was actually the only practical IDM system on the market. Sun Identity Manager is now dead. It died in 2010 when Sun Microsystems was acquired by Oracle. Sun IDM was renamed to Oracle Waveset and the development of the product has been immediately stopped. But Sun IDM is a tough one. Even though it was killed 6 years ago it still survives in a creepy half-life form to this day. Oracle obviously tried to migrate all the Sun IDM installations to Oracle Identity Manager. But many customers refused to migrate. We can only speculate about the reasons, although anyone that had any hands-on experience with Oracle IDM will certainly have an opinion about that. Anyway, the future was not entirely bright for those who still maintain Sun IDM installation. But now there is a new hope. […]

A way to fight your fears or Self Service implementation

Posted on by Kate Honchar

This is my story. Let me share it with you. When I heard abbreviation IDM at the first time, I understood nothing (IDM administrators, please, don’t laugh very loudly at this moment 🙂 And by the way, don’t read this post at all). Even when I heard the full definition of Identity Management I got the same Read more about A way to fight your fears or Self Service implementation[…]

Once upon a time

Posted on by Katka Bolemant

Once upon a time there was an idea to manage more than the users and their accounts using midPoint. We moved beyond the boundaries of traditional old-fashioned identity managers introducing generic synchronization which allows to synchronize and manage organizations, organizational units, groups, group membership and everything related to identities. The constraints in relation to identities Read more about Once upon a time[…]

MidPoint 3.4 (Heisenberg) Released

Posted on by Radovan Semancik

MidPoint 3.4 code-named “Heisenberg” was released a few days ago. This is the sixteenth midPoint release since the project started all these long years ago. MidPoint went a very long way since then.

The Heisenberg release is the best midPoint release yet. We have finished access certification functionality, which makes midPoint the very first open source product to enter the identity governance and compliance playing field. We have also improved midPoint internals to better handle inconsistencies of resource data and we have also made many small internal improvements to increase robustness. This was one of the inspirations for the code-name. Similarly to Heisenberg’s uncertainty principle midPoint accepts that there is a degree of uncertainty when it comes to processing of the identity data. It may not be practically possible to always base the decisions on authoritative data. Practical identity management system needs to accept that the identity data are always in a state of flux – and midPoint does just that. And it manages the data reliably even in situations where other systems fail miserably. […]

midPoint goes multitenant

Posted on by Ivan Noris

The organizational structure in midPoint does not always represent a typical enterprise. In case of multitenant setup in the cloud, the organization units represent “tenants” which are completely independent. In enterprise organizations, the sub-organizations and their members are usually readable (to some extent) to all members. In the multitenant setup must maintain tenant isolation. How can this be done using midPoint? […]

There is No Security without Identity Management

Posted on by Radovan Semancik

It isn’t. That’s how it is. Why? Take any study describing potential information security threats. What do you see among the top threats there? Take another study. What do you see there? Yes. That’s the one. It is consistently marked as one of the most serious threats in vast majority of studies published for (at least) last couple of decades. Yet it looks like nobody really knows what to do about this threat. So, who is this supervillain? He’s right under your nose. It is the insider. […]