SailPoint Press Releases :: News & Events :: SailPoint Technologies

SailPoint Press Releases :: News & Events :: SailPoint Technologies

SP Identity IQ: Certification not updated to show revocations done

Okay! I am trying to be pretty descriptive here.

Suppose you have created a certification in Sailpoint's Identity IQ.

The Certification Owner has revoked a user and saved the certification. Then the certification header would be something like this.

An email is sent to the administrator to revoke the entitlement/account.
Administrator, being a good employee has done the revocation right away.

A scheduled Account Aggregation, in the next few hours, get kicked off and brings in the new data regarding the revocation.

An Identity refresh scheduled for the same night, updates the entitlements for the users.


Problem:

You still do not notice the update in the Certification header. It still shows a list of items, which were completed, as due.

Solution:
In every Certification configuration there is a parameter named nextRevocationsScantime

This has a default setting which is inherited from a SystemConfiguration setting.

remediationScanInterval set to 86400000 milliseconds

nextRevocationsScantime attribute is created along with remediationsKickedOff="2"

The above attribute is created, once you revoke someone and save the cert.

Later when you remove the entitlements in database and do an account aggregation and identity refresh; it shall not directly reflect in your cert. Once the nextRevocationsScantime is complete and PERFORM MAINTENANCE TASK runs then it scans and completes the process.

Later in the cert you will not see nextRevocationsScantime. Rather you would see this. remediationsCompleted="1" remediationsKickedOff="1"

Hope this helps to few consultants.

Attention Sun IdM Customers - "What's Your "Plan B"?

Attention Sun IdM Customers - "What's Your "Plan B"?

This is what Sailpoint says about SUN Identity Manager, its customers and the solutions they can offer to these customers. Interesting read.

It's always sad to see SUN Technologies dying.

epoch conversion tool

What is epoch time?

http://en.wikipedia.org/wiki/Unix_time

Short description from Wikipedia:

Unix time, or POSIX time, is a system for describing points in time, defined as the number of seconds elapsed since midnight proleptic Coordinated Universal Time (UTC) of January 1, 1970, not counting leap seconds.

Where do you find with respect to IAM parlance?

I have found that Sailpoint's IdentityIQ uses this convention for all dates. examples are create date, expiration date etc.

So if you want to understand what are the exact dates?

visit http://www.epochconverter.com/

An important tip for Sailpoint implementors - Requests Page

I was recently working on integrating Remedy with Sailpoint's IdentityIQ 5.0. Other than getting a weird error in the log I was unable to trace the root cause. One of my colleague tried having a look and suggested I should see in https://localhost:8080/identityiq/monitor/requests/requests.jsf. I could actually see all the items that are queued up there. Here is a screen shot.

It is suggested to have a look at this page when you are trying to debug something and unable to go ahead from the usual check points.

Bill Gates advice to the Youth

I came across this article on LinkedIN. Its a good read for everyone. Go ahead, read it from here.

Facebook's Sharing feature now on LinkedIn

This is something very good from linkedin. Check out this video; it explains it all. Very good feature.

Match the following: SUN Products get New Names under the Oracle Umbrella

I have read this on Oracle site which was showing the latest names given to all the SUN products. Check it out

Sailpoint's IIQ 5.0

Finally, Sailpoint is coming up with its fully geared up Entitlement management software, Identity IQ 5.0. It is going to be released next week. It boasts of many exciting new features like Provisioning, Access Request Manager integration etc. 

Need to wait and watch how the product would be after this release. One quick doubt (may be too early) I have is, are they trying to bring new Provisioning product along? Then why (as there are  already a lot of products available and deployed)?

I have worked on versions from 2.5 to 4.0

Password Reset Issues

I regularly read Jackson's Blog and today I found a very interesting post which was talking about a particular presentation in the RSA conference. I recommend everyone to read it. One line I thought should be mentioned here from the presenter's website was ...

It has been estimated that the average cost of a password reset involving a help-desk call is $22

So how much are companies bleeding on password reset calls???

How unique is your browser?

I subscribe to Bruce Schneier's Crypto-gram. There was one article on "How unique is your browser?". Read it. 

I have tried it for my browser and the results were as follows.

Your browser fingerprint appears to be unique among the 645,288 tested so far.

Dont forget to read the FAQ section

This is how the Chinese are doing Business

I have come across an interesting article on the SANS news mailer. Give it a read.

My old team at SUN is no more

I learn't that recently on the first week of January, the whole team of SOA/BI was removed. All the resources were let out in RIF. That was so unfortunate to know. I am sure everyone would find wonderful jobs again.

Also I hope Oracle keeps the wonderful suite of IAM products of SUN going.

My experience in Sales

Long time ago, when I was pursuing my masters, as a part of the course I had a to complete a three month internship. I got selected into an organization which was into Networking and Server sales. The three months I spent there were pathetic. I almost forgot those days.

However, I have recently saw a Hindi movie, which depicted the true picture about sales. After watching this I remembered my old experiences.

During the internship, for the first few days I was asked to collect existing Customer feedback on the sales done with them. One day I ended up at an Agricultural Research University in Hyderabad. I met a professor who was in-charge of a Digital Library project. I met her and asked for feeback. She almost started crying. The story unfolded so ...

Our sales guy approached her long back and started explaining her about SUN's initiative in digital library solutions. He recommended her a server which was priced at Rs.5 Lakhs or half a million in Indian currency. She, I assume asked him if it would work with any custom software and he said yes. The Prof. blindly bought it. In the other part of the story, which happened before, someone else approached her regarding a software solutions to Digital Libraries. She gave the contract to them to write a software for the university.

Now on the D-Day they had both the software and the server. They kept the software CD in the CD-ROM of the SUN server and expected something to happen. Oops!!!!! nothing happened because the software was written in .NET. The university realized this and called the software vendor and requested to rewrite it in Java. The guy accepted it for another 2Lakhs, which the university did not have.

So the day I went there I learnt that because of all this fiasco, the Prof got demoted, the solution came to a halt and they have a software and hardware which do not work together. The prof boots up the server and checks yahoo mail once in a week.

After this she tried calling my sales guys many a times, in vain.

This is how sales are ... People are duped 1000% of the times in software. That is the reason why software is selling.

There would be a time when people would certainly get intelligent and then I wonder what these IT sales guys do?

If you want to know the name of the horrible company I worked for ...

Liferay Symposium 2009

On 5th October 2009, Liferay conducted a symposium in Bangalore at Hotel Leela Palace. My company, Nous Infosystems is a Silver Partner to Liferay.

I had a one hour slot to talk. Myself being an Identity guy, to present something relevant to Liferay, I chose to integrate Liferay with Sun Identity Manager. Post experiment with the integration I have presented a paper on the same.

Highlights:

We leveraged the Liferay API for the following functions

• Retrieve a list of all the Roles available in the Liferay System
• Retrieve a list of all the User Groups available in the Liferay System
• Retrieve a list of all the Communities available in the Liferay System
• Override the User Create function to create user with a given set of parameters
• Create web service calls for all the functions

Using these web services calls we retrieved the list of user groups, roles, communities from the Liferay system dynamically every time Liferay was selected as a resource for any users. Upon combining the policies for mapping roles to communities and User groups, the user was provisioned to the Liferay User table using a webservice; this webservice calls a function which overrides the basic Liferay Api create user function. Similar are updates and deletes.

All comments and discussions are welcome. The presentation can be found here.

Note: The one in the suit is not me :-)

Cutting Cost? You must read this

Okay it’s been some time I wanted to write about this. Last year when I was working with a large organization the first initiative they took up as a part of cost cutting initiatives was they reduced the thickness of the tissue paper used in the loo. Then they removed employees (LOL)

Just looking at the crazy ideas people are getting these days, I thought I shall share all such nonsense to the world and might be who is crazy but did not get these ideas can implement them.

1.    Remove tissue paper from bathrooms.
2.    Remove the soap solution at the wash basins
3.    Use cheap paper in the loo or if you think your guys only wash, remove the paper
4.    Do not put any glasses next to the water purifiers. Ask people to get their own bottles to fill. If you want to be kind, just put one glass and place a poster saying, “This glass is washed twice everyday”
5.    Don’t use coir or soft carpet. Use a plastic one. It can be cleaned easily. The cost of carpet shampoo can be avoided.
6.    Switch on only every other alternate light. Switch off the remaining.
7.    Switch off the AC during lunch hour.
8.    Charge for four wheeler parking space. This way all employees shall get only two wheelers or use public transport and reduce the carbon footprint 

9.    Switch off the coolers; just let them function only as purifiers.
10.    Cut the size of the coffee cups.
11.    Install the coffee machines very far from the employees’ work spaces. So they get frustrated to walk till them and stop having coffee.
12.    Rent some space in front of the office for a chaiwala who sells cigarettes etc. so people would prefer going out for a smoke and then have tea there.
13.    Also you would get some rent.
14.    Call those guys who place TVs in offices for advertising purposes. Ask them to start their business in all common areas and they would pay you for it.
15.    Rent small office spaces in cafeterias to people who would like to sell clothing or some fancy stuff etc.

Technical

1.    Install printer, don’t give paper. Keep the paper with the manager
2.    Allow Google access to only employees who are on a project
3.    Remove dialing outside number access to all employees, except managers or above
4.    Do not provide any stationery to the employees.
5.    Give the manager one diary yearly, enough

If I get to find or hear any other nasty things in this domain I shall post it.

Have fun guys.

Acquisitions for expanding business

I think by now its official. Mphasis is acquiring AIG Systems and Solutions India Pvt Ltd. Mphasis is trying to expand its customer base by leaps and bounds by this acquisition as AIGSS has many clients across AIG with the highest revenue generator being AIG Corporate systems. 

And to tell you, AIGSS had to roll out a lot of young heads to compensate some numbers. 

Blame the software???

Yesterday my brother was narrating what happened at his workplace. Before that; he is working for an MNC which serves a large international clientele.

Last month his account was credited with salary which was more than his CTC. He assumed it was the variable pay or some extra pay for working on weekends. Later he enquired and to a surprise many employees got excess salary. Before everyone could even think of celebrating the company sent a mailer saying due to some wrong calculations everyone got credited excess salary and the same shall be deducted next month.

This is how companies are being managed. What quality can be delivered by such people to the clients???

Identity Governance - A good (Q & A)

Check this out

Identity Governance - Buyer's Guide

Sailpoint has recently released the Identity Governance Buyer's guide. Try and give a read ...