Sailpoint - Identity IQ

Ever heard of Recertifications? I am talking about Access Recertifications which happen in organizations to periodically check who is allowed to access what? This process in many organizations goes this way ...

1. Collect user database from every Application owner across the organization
2. Consolidate the list with respect to managers
3. Send the lists to manager to verify if each of those users require the access to the application with whatever access level specified
4. Once the manager gives his decision, the users' accesses are either revoked or modified for which again its a lengthy process, as everyone acknowledges

Sailpoint's Identity IQ addresses this issue. The product just like an Identity Manager provides a unified view of the entire organizational users, with all the data pertinent to Recertifications. Once the application is configured for all the necessary applications and the user data is in, scheduled Certification Requests can be fired to every manager in the organization. Also the escalations can be handled. The managers can just login to the application and either recertify or revoke or modify user access to every application.

So most of the process is automated now. Don't think its done yet. It also can make SPML calls to any provisioning engine avaialable (not OOB) in the Identity market and thus automatize the complete Recertification process.

Read more about these at Sailpoint

One last thing, if I am not wrong these features are available in the world's renowed ... :-)

Why do companies end up paying huge amounts for Identity Projects?

The sure answer would be indiscipline. Any doubt?

When one starts up a company, least preference is given for IT discipline. No directory implementation, no domains etc which result in a process chaos after few years. Then managements start thinking about bringing things in order and end up not only paying huge amounts to get it straight moreover end up in improper implemenations. I have seen many companies which never had any system according to conventional methods when it comes to user management.

The question that bugs me every moment is why companies do not leverage the open source tools avialable? Directories are avialable in the open, operating systems are available in open, why cant one avail these?

These are my view points:

1. The day the company is christened a directory structure should be in place

2. Every employee record should be present in it.

3. All the available systems in the office should authenticate the user against this directory

4. Employee should be given an option to change his passwords and few other details online

5. Form filling should be avoided on the induction day, instead a webpage should be used and the data should be recorded into a HR database and then should be fed to the directory

6. A small PLSQL trigger on the database can create the email address without conflicts

7. Free Identity tools like SUN Identity Manager should be implemented within one year

8. Every application or tool that the organization needs should be under the perview of Identity Manager

Am I missing something???

I feel these are the basics that one should do for the company's IT wellness in the long run.

It happens only in ..........

Recently I visited my Car Service center. While they were working on my car I was going through the workshop and was shocked to read this (last one).

An update on ViDT

Today I received a comment on my previous post on ViDT.

"Is VIDT available in Market or from Sun? Could you provide some more detail about VIDT?"

The answer would be ViDT which was previously known as a VIP was the IP of Neogent. This tool makes the implementation of the organizational Identity framework much easier and thus faster. As this tool started achieving popularity, SUN acquired Neogent. Now this tool is used by SUN PS folks to implement the framework faster. This is not available outside for anyone else. SUN has kept it for self :-)

Over-Security consciousness hurts sometimes

Yesterday I was at the PVR Bangalore. I noticed a couple of foreigners arguing with the security at the entrance of the Audi. The guard says they do not allow laptops inside and the couple say its their official laptop and they cannot leave it with the security. They argued with everyone in the hierarchy and finally they left the theater cursing my country and their time. They said they were waiting in the mall for more than two hours just to watch the movie, finally which they couldn’t.

So when it comes to security, where are we heading to? Things meant to keep us happy and safe are troubling us? A theater which charges relatively double to any other ordinary theater in town doesn't provide enough infrastructure where such things can be handled.

Security is something which when dealt by uneducated and unsophisticated people will be the same.

An Observation

I was going through Linkedin and just clicked on a survey. The results it showed for the survey have something noteworthy. Check it out.

Why IDM initiatives fail?

First check this post


What is said here is true. The people who are building solutions only think of technical issues always, rather than the features which are roots of the organization, viz. Processes and Policies. From an architecting perspective it is very crucial to understand the processes of the organization and then chalk out a plan for work rather than checking out what can be done by the product.

I feel, technologically everything is possible, with the only two constraints - TIME and MONEY. If a space shuttle can be sent to MARS, then an Identity implementation is possible, with or without the chosen product's features. However the feasibility of a solution with respect to time and money has to be planned when one architects.

Just my thought ...

Metaview deprecated - SUN Identity Manager 8.0

The best thing I feel SUN developers did was they removed the Metaview feature. This reportedly had couple of bugs and I was once caught by them :-(

SUN Identity Manager 8.0 is released

SUN Identity Manager 8.0 is out

For all the enthusiasts - come download and experience the amazing product

A brief overview of this release:

Sun Identity Manager 8.0 is the latest version of the Sun Identity Manager product offering with expanded Role support, enhanced reporting capabilities, and updated resource adapter and application server support. This update improves upon the industry-leading Identity Manager 7.1 solution with:

# Role Enhancements

• Role life cycle management can require approvals on Role creates, edits and deletes, and Role changes can be applied to all assigned Users.
• User-to-Role life cycle management improvements enable support for future and temporary Role assignments.
• Default Role types including Business Roles, IT Roles, Applications, and Assets are now provided to encourage best practices with regards to Role management.
• Business Roles can contain roles required by all, conditional for some, and optional (by request and optional approval) for others. A Business Role designer can define coarse grain access, while delegating to the user or a manager the ability to fine tune the access within the scope of a Business Role.

# Enhanced Reporting with Data Exporter

• Manager operational data can be made available for use by other processes and applications.
• Data held by and flowing through Identity Manager can be periodically exported to a customer-managed data warehouse or third-party business intelligence and reporting tools.
• Exported data can be used to answer historical questions regarding 'Who had access to a system, and who approved that access?'. It can also be used to provide reports on operational behavior over time, such as 'Provision Operations by Resource' and 'Workflow Approval Response Times'.

# Attribute Configuration

• Extended, queryable, and summary attributes can now be configured for roles as well as users.
• The new extended attribute configuration supports specification of value syntax (STRING, INT, DATE, or BOOLEAN), whether the attribute can have a single or multiple values, and a text description for the attribute.

# Other Notable Updates

• UNIX resource adapters now support SSH connections using private/public key pairs for authentication to managed resources.
• Service Provider user password changes will be checked against the password policy configured on the user directory.

# Supported Resource Additions and Updates

• Exchange 2007 (New)
• Microsoft Active Directory Application Mode (ADAM) (New)
• RSA SecurID 6.1.2 (Updated)
• Siebel CRM 8.0 (Updated)
• Oracle E-Business Suite on Oracle Applications 12 (Updated)
• HP OpenVMS 8.3 (Updated)

# Supported Application Server Updates

• Sun Java System Application Server 9.1 (GlassFish v2 UR1, 32-bit and 64-bit)
• Oracle Application Server Enterprise Edition 10g Release 3 (10.1.3)
• Oracle Application Server Standard Edition 10g Release 3 (10.1.3)
• BEA WebLogic Server 10
• JBoss Application Server 4.2

# Bug Fixes and Platform Support Updates

For more information about the features in this release, see the Identity Manager 8.0 Release Notes or the Identity Manager documentation set.

Using Kerberos to Authenticate a Solaris 10 OS LDAP Client With Microsoft Active Directory

This article describes how to configure a Solaris OS client to use Microsoft Windows Server 2003 R2 Enterprise Edition (Active Directory) for authentication and naming services.

Download the PDF and read on.

8 - The wait is over

Yes the wait is over. Very soon the latest version, 8.0 of Identity Manager will be out. Keep checking for updates on the same.

Create Table without using mouse and menus

A little bit out of context, however I thought this is interesting and helpful.

Create Table without using mouse and menus

Do you know it’s possible to create Table without using mouse and menus in MS word and Outlook. Here it’s that…

Type the content +——+——+——+ in Microsoft Word, Outlook and press Enter. One row of a table will be created and for more rows you can press TAB

Step 1: Type +———–+————————+————-+

Step 2: (After pressing Enter having the cursor at the last ‘+’ Result will be like the below one)

Step 3: (press TAB to create more Rows)

In this ' + ' represents the column borders and ' – ' represents the length of the each column. This Simple way can be used at urgent times

Open Source at SUN - Identity Management

The Identity Manager IDE has been open-sourced. As a side note, this also means that the Eclipse
plugin is officially out there. The versions of IdM that are supported include 6.0 (sp3/sp4), 7.0, 7.1.x.x, 8.0 (after the release).

Is NetBeans Plugin Supported by SUN?

Good Question isn't it?

Answer:

Sun only officially supports the Netbeans plugin through standard support tickets and only if you have a support contract for Identity Manager.

The picture of a person whom I adore

Yes, it is Whitfield Diffie the inventor of the Public Key Cryptography.

AD Password Sync can be delayed

Read an article on Microsoft site on how to delay the password updates for a user specific amount of time. I am sure this would be useful for many of us at any time during our deployments.

Read on ...

Kindly leave your emailId

I get few tech queries. Most of them are posted as comments. When I want to get back to them, I do not have their mail id.

Thus kindly post your mail id.

Thanks a lot.

Tripit.com

A little bit out of the box, however I have been just told about an amazing tool provided by http://www.tripit.com.

Features:

1. Just send your trip itinerary to plans@tripit.com and it automatically creates your id with your email and sends you a password
2. It also parses your email and plans your calender accordingly.
   
3. Using the calender update URL you may synchronize your personal calenders.
4. Also when you expand your network by adding friends it shows where they are and to them, where you are.

Isnt this cool???

All the frequent travelers out there, register on http://www.tripit.com

SUN Identity Manager - A Tip

When a resource is created (ex: LDAP) you may test this. Enter the credentials to connect except the password. Amazingly you will find that the Test Connection succeeded. Now save it to have problems later :-)

So if there is a problem in retrieving data or something similar anytime, you better check your resource for password.

Thought it would help some.

Faking one's experience has become the practice of the Industry???

Pondering yesterday about what has everyone got for what they are, I was astonished by the fact that all the class toppers in my class are just doing good, however the average guys are doing much better. My engineering class toppers are just working for ordinary packages in good companies and the others are working for exemplary packages.

Faking one's experience has become a part and parcel of many IT professionals' lives. I can tell you a wonderful story.

Few of my intelligent and hardworking friends resorted to their masters after completing engineering. Remaining people who couldn't clear their exams or didnt get jobs were just roaming on roads with their parents money for almost two years. By the time these intelligents completed their Masters, these people who enjoyed their two years flaunted their resumes in the industry with an experience of two years and got better jobs. These foolish intelligent guys were obviously freshers and deserved less than them.

Moral: So you may have fun for two years after engineering; goto Goa, roam around with your girl friend and then finally struggle for six months to be in a better position.

Pointers:
Companies like Wipro, Infosys, Satyam, I mean name any big brand, there are atleast 30% of people joining them via lateral hiring with fake experiences. These people fake their experience their payslips and get a good pay and better grade than the ones who are genuine. These big companies which boast about background verifications do very little to stop it. If anyone has to say anything against my word, I can prove my statements.

Ethics have no place in the Indian IT industry today.

One another technology which has fallen prey to these fake guys is SAP. Every Tom D**k and Harry goes to some place in Hyderabad to get software installed for Rs.2000 i.e. a mere $50 on their machines and get courses learnt for a mere Rs. 10000 i.e ($250) and thats it once done, these people call themselves a 3 yr experienced and get paid almost 100 times their SAP tution fee.

Is this the only way to go ahead? If so, one can enjoy his school, college and everything, finally buy couple of certificates and one PC with printers to print his fake resume and submit it. Thats it he would have a better situation than the guy who slogged all his life?

I dont remember the ending of the story by SomerSet Maugham but today atleast the grasshopper wins. Will there be some change in this pattern?

Final word, I think even the NASSCOM is sleeping.