In a recent SailPoint IdentityIQ implementation I was required to perform single account aggregation in a LCM provisioning workflow. In general, single account aggregation can be
Normally, after OpenDJ installation, when we use any OpenDJ commands under $OpenDJ_Path/bin, we have to include parameters like hostname, baseDN etc. For example: ./ldapsearch --hostname localhost --port 1389 --baseDN="ou=people,dc=example,dc=com" --bindDN="cn=directory manager" --bindPassword=yourpassword uid=* dn dn: uid=user.0,ou=people,dc=example,dc=com dn: uid=user.1,ou=people,dc=example,dc=com dn: uid=user.2,ou=people,dc=example,dc=com dn: uid=user.3,ou=people,dc=example,dc=com This could be annoying and unsafe, because the user and password are in […]
At a recent client engagement involving SailPoint IdentityIQ, I was asked to provide an enhancement feature which would allow them to reverse the termination of an identity that was done by mistake. The client had a highly customized environment where the identities could be any of several account types and could potentially hold dozens of […]
I recently came across an instance where I needed to certify access for an application hosted in the cloud. The application does not have an out-of-the-box IIQ connector, but the application could export the users and entitlements and send them to my instance of IIQ. I decided to use SFTP to get a csv file. […]
Recently at a client we went live with SailPoint IdentityIQ 6.3p3. The client was interested in replacing their legacy Sun Identity Manager Service Provider Edition (SPE) implementation with IdentityIQ. The environment handled creating all B2C and B2B users for the company. The objective of the project was to create a service that both consumer and […]
The Setup In this post we’ll discuss how to create a self-signed Google Apps API certificate for use in automated testing. We do many types of software and system testing in the Custom Development practice at IDMWORKS, from Unit tests to Integration tests, System and Smoke tests. These are created using tools such as JUnit and […]
Those of us that have been around the NetIQ / Novell community for a while, have had many wishes for iManager to be a better tool. Unfortunately the “one console to rule them all” was never the real intent of the product. My recommendation is to use Apache Directory Studio (ADS) as a companion tool […]
One thing that can be commonly overlooked in early SailPoint projects is performance tuning. Just like a car, SailPoint will get you where you need to go, but with a little tuning, it can get you there much faster. SailPoint provides a great performance tuning guide with all of the detailed JVM and database tuning […]
Often times an IDM solution’s connector/functionality does not have the ability to fully match the disablement requirements for a client when it comes to Microsoft Exchange. An example of this is the education industry where the requirement calls for the Active Directory account to be placed into a dummy organizational unit, yet left enabled to […]
As an IdentityIQ implementation becomes more mature, there will inevitably be more applications connected. Depending on how the roles are set up, this will have one major consequence: provisioning the roles will take longer. The way IIQ will attempt to provision the roles, out of the box, is serially. It will run through each application […]