I had blogged earlier on the one the issue of the idm one liner I came up with: “Your manual processes are as good as the errors they produce”. Often when my colleagues and I are embarking on an identity management project we  become intimately acquainted with our clients data and manual processes. It is not uncommon for us to find ourselves in a situation where we don’t have good data to work with when doing Identity Mapping. What I mean by good data is: Having user records across target systems that match up on a unique ID across the systems. Think of this as a universal Employee ID number. Now if everyone did this Identity Management integration work would be simple and straight forward. But more often than not integrators have to bend over backwards to figure out how to “map” these records. Let me give you an example. Imagine having 5 Roberts in your Human Resources data (usually your authoritative source).  While they may have unique last names, many people with common first names might have common last names i.e. Robert Thomas. Secondly even these two fields in an environment where there is bad data will have multiple spellings of the name. So Robert can also be Robbie, Rob, R-dizzle. Same goes with Mike, Michael, Mikey etc. If a unique ID number was used across systems these minor spelling mismatches wouldn’t matter because you would just look for a matching ID.

read more from "Bad Data can change sides"

Check out the new Identropy Identity Management Blog. Or subscribe to the rss feed.

I recommend this resource to anyone who would like to learn about Identity Management. It is particularly geared towards those who want to learn about the basics of Identity Management. The Identity 101 series is particularly insightful. The various aspects of Identity Management (provisioning, single sign on etc) are covered and use cases are given to help illustrate the need for finding solutions.

Ash asked for Idm one-liners so here’s one for you: Your Manual processes are as good as the errors they produce. Recently I was working with a client that had various rules in place concerning employee Identities. The problem was they were relying on manual processes to enforce them thus opening themselves up to human error. One example would be their username naming convention which consisted of a combination of characters from the first name, middle name and last name. There are also special cases involving exceptions (if a username was already taken). While working on the IdentityMap for this client they decided they wanted to do some data cleansing as well. So I starting writing rules for excluding problem records. Hundreds of records were out of compliance with their various rules.

So the lesson to learn here is:

read more from "Manual processes are as good as…"

Image via Wikipedia

Gartner puts out its Magic Quadrant for User Provisioning report Annually. This report identifies the leading players in the Market and provides alot of data on the adoption of Provisioning Identity Products.

the usual suspects: Sun, Novell, Microsoft, IBM are mentioned. Although there areothers major players as well i.e. Courion. The company I work for Identropy gets a mention, in relation to being an innovating force with as a Courion partner.  Understanding these products may give you a practical feel for what role Identity is playng at this point in time.

Read the full report here:
http://mediaproducts.gartner.com/reprints/novell/159740.html

Related articles by Zemanta

• Notes on Presenting to Gartner…and That Magic Quadrant Thing
• Connect Pro a “Leader” Once Again In Gartner’s Magic Quadrant

Image via CrunchBase

I was at a client doing some Identity mapping. They have TIM Tivoli, which had to be mapped against their people soft data. I needed to pull their usernames (eruid), employeeIDs (eradEmployeeID) from objectclass eradaccount (AD stuff), I also had to get their email accounts (which are under a custom objectClass (did not come from AD originally). I was trying to write a VBScript to pull everything. But Unfortunately all the code that’s out there on the web is very AD specific (AD Provider, adspath etc) and was not able to properly run a query from a VBscript to hit LDAP.

So I emailed Charles Ahart a blogger who blogs about his Tivoli experiences. And I tell him about my problem. I mentioned I was trying to pull this data into SSIS to map against their PeopleSoft Employee ID. So VBScript or Vb.net code would work. I was also given access to their DB2 database. That thing is crazy I could connect from SSIS to it, but the data is just all over the place. While I needed just 3 attributes It was so difficult to track them down. Even the Client’s TIM dba couldn’t figure it out. So I thought if I can’t do this with a script, I will have to do it through running a query against the DB2. I think the script would be an easier route to take.

Charles Responded:
read more from "Mapping Tivoli- Lessons Learnt"

Image via Wikipedia

If you want to understand identity Management, you have to first be able to analyze the problems surrounding coorporate identities today. Courion, an identity software vendor (I recently completed training on their product), held an event where they presented their product. An attendee wrote:

Observations from Converge:

- The main industry vertical customers attending were financial and health care.   User provisioning is a key issue and it is very expensive to do manually

- RoleCourier is gaining traction as customers are using it to avoid complexity, excessive roles, and political situations that arise when doing role-based provisioning

- ComplianceCourier is getting a lot of interest for its capability to enable business managers to periodically review and verify employee access rights

- There was a great customer presentation from Goodyear Tire and Rubber Corporation, where they discussed a previous failed attempt at implementing IAM, followed by their project with Courion, which is rolling out very smoothly.  One interesting note: a focus on educating and motivating users to appreciate the new system really pays off.

read more from "Understanding Identity Part 1"

Image by Brice Bonneau via Flickr

About a month and a half ago I became an Idmc (Identity Management Consultant). Since I’m new to Identity Management/ Identity Access Management my new blog can serve as a good guide for newbs to better understand Identity by tagging along with me on my own journey.

When I tell people my job title, they at first think I’m trying to help Jason Bourne reclaim his lost identity. Well, my work revolves around managing users corporate identities (think login accounts).

So far I’ve been doing Identity Mapping work mainly as well as some odd jobs i.e. installing linux (yes I consider installing linux an odd job), testing out hypervisors, Migrating AD and of course going through training.  So In my blog I’ll mostly be sharing some technical tips on things I pick up along the way. I’ll also be unraveling the answers to questions about Identity Management that come up in my head.

This upcoming week I’ll be heading to Boston with my colleague Eric to be trained by Novell on their Sentinel product.  I will share my thoughts with you. But before that, here’s the list of posts I’m working on for this week.
read more from "What the heck is Identity Management?"