Identity Manager
Creating Dynamic Groups in the IDM Engine
I was recently asked to help troubleshoot a perceived problem with Dynamic Groups. While at first I thought the problem was non-working dynamic groups, in actuality the problem was less about Dynamic Groups on their own and more about IDM working with them, specifically creating them or setting their memberQuery attribute; the memberQuery attribute holds…
Customizing IDM User Experience
Just about every client wants to be able to customize their web presence. For IDM, this includes several different points of customization for IDM Home. SSPR has one, User Application has another, OSP has a third. Each is different. There is no single point to customization for the IDM Home presentation. User Application was the first app to be…
String normalization – Removing accents and diacritic marks
An increasingly common requirement within Identity Management projects is to remove or substitute some characters in a given string. Usually these are non-English (ASCII) characters, accents and diacritic marks. We live in an increasingly global environment. This often causes challenges in identity projects where one must synchronise identity data (names, locations) from a diversity of different…
Example of calling GroupWise REST API from Identity Manager policy – Part 1
Recently a customer had the following use case requirements to be satisfied via the Identity Manager GroupWise REST connector. Obtain a list of GroupWise groups(Distribution lists) that the user is currently a member of. The ability to remove all group membership in cases when the user gets disabled in IDVault. When users…
What’s new in IDM 4.5 – Part 5
I think digging in and seeing what is new in releases of Identity Manager is a useful thing. The high level What’s New that the vendor provides is helpful, but rarely covers the level of detail I am interested in…
Manipulating node sets in IDM via Set Operations
Thanks to the power and simplicity of DirXML-Script tokens in Identity Manager, one can implement even quite complex policies, whilst only rarely needing to dig directly into the underlying XML. This was not always the case, especially in the first few versions of Identity Manager, which relied on XPath and XSLT…
Enabling IDM Mobile Approvals in IDM 4.0 SP2 and IDM 4.5
If you are using the IDM 4.0 SP2 Advanced Edition with additional toys like HPD, or if you are using IDM 4.5 AE with the same pieces, you may have the opportunity to use Mobile Approvals from an Android or other phone. This is basically a simplified mobile interface made to let those doing approvals…
Got Conflicting IDM Driver Dependencies?
Note: This solution has been developed as a proof of concept in a lab, but hasn’t been battle-tested yet in a production environment. When writing an IDM Driver, it’s easy to have dependencies which conflict with another driver’s dependencies. For example, let’s say your driver depends on commons-lang-2.6.jar, but other drivers are present which…
Delving into and beyond the current-op – Part 3
Here’s part 3 of Alexander McHugh’s series on Delving into and beyond the current-op. The third article in the series deals exclusively with direct operations, it will outline the technical details, review general best practices related to working with direct operations. It will outline how to manipulate and transform direct operations and provide some useful toolbox rules related to direct operations.
Delving into and beyond the current-op – Part 2
Here’s part 2 of Alexander McHugh’s series on Delving into and beyond the current-op. This second article will outline general best practices related to working directly with nodes other than the current-op within the “current operation”. It will also outline some useful toolbox rules and expressions that can be used to access and manipulate the entire XDS document.