Identity Manager
Creating Dynamic Groups in the IDM Engine
I was recently asked to help troubleshoot a perceived problem with Dynamic Groups. While at first I thought the problem was non-working dynamic groups, in actuality the problem was less about Dynamic Groups on their own and more about IDM working with them, specifically creating them or setting their memberQuery attribute; the memberQuery attribute holds…
Buddy the Elf, What’s Your Favorite Color: Five Elf Quotes That Actually Relate to IT Security
The Holidays are here and one of my all-time favorite traditions is catching up on my all-time favorite holiday movies. AND my ALL-TIME FAVORITE holiday movie is Elf. Buddy’s trip from the North Pole workshop down to New York City and his adventures there had me thinking about my every day grind. The day in…
Customizing IDM User Experience
Just about every client wants to be able to customize their web presence. For IDM, this includes several different points of customization for IDM Home. SSPR has one, User Application has another, OSP has a third. Each is different. There is no single point to customization for the IDM Home presentation. User Application was the first app to be…
String normalization – Removing accents and diacritic marks
An increasingly common requirement within Identity Management projects is to remove or substitute some characters in a given string. Usually these are non-English (ASCII) characters, accents and diacritic marks. We live in an increasingly global environment. This often causes challenges in identity projects where one must synchronise identity data (names, locations) from a diversity of different…
Managing Office 365 license (Individual Service Plans) via Identity Manager
Office 365 licensing is unique where it is possible to mix and match various Enterprise Plans. The two common types of plans offered are Enterprise Packaged Plans and Enterprise Individual Plans. Currently there are three different packaged enterprise plans offered which are E1, E3, and E4. The enterprise…
Example of calling GroupWise REST API from Identity Manager policy – Part 1
Recently a customer had the following use case requirements to be satisfied via the Identity Manager GroupWise REST connector. Obtain a list of GroupWise groups(Distribution lists) that the user is currently a member of. The ability to remove all group membership in cases when the user gets disabled in IDVault. When users…
What’s new in IDM 4.5 – Part 5
I think digging in and seeing what is new in releases of Identity Manager is a useful thing. The high level What’s New that the vendor provides is helpful, but rarely covers the level of detail I am interested in…
Manipulating node sets in IDM via Set Operations
Thanks to the power and simplicity of DirXML-Script tokens in Identity Manager, one can implement even quite complex policies, whilst only rarely needing to dig directly into the underlying XML. This was not always the case, especially in the first few versions of Identity Manager, which relied on XPath and XSLT…
Enabling IDM Mobile Approvals in IDM 4.0 SP2 and IDM 4.5
If you are using the IDM 4.0 SP2 Advanced Edition with additional toys like HPD, or if you are using IDM 4.5 AE with the same pieces, you may have the opportunity to use Mobile Approvals from an Android or other phone. This is basically a simplified mobile interface made to let those doing approvals…
Got Conflicting IDM Driver Dependencies?
Note: This solution has been developed as a proof of concept in a lab, but hasn’t been battle-tested yet in a production environment. When writing an IDM Driver, it’s easy to have dependencies which conflict with another driver’s dependencies. For example, let’s say your driver depends on commons-lang-2.6.jar, but other drivers are present which…
