Over the years of working with Identity and Access Management solutions we have developed a number of unique solutions that we offer to our customers. They help simplify, streamline and make it less expensive to implement complex projects.
Identity Management Automation
Automatic documentation of ISIM Workflows
This is a set of Security Directory Integrator Assembly Lines intended to aid in exporting and importing of the custom IBM Security Identity Management code. It handles ACLs, Forms, Workflows, Mail Templates, and Provisioning Policies. Also included is an XSLT script to sort the inside of exported workflow XMLS to aid in comparing different versions of the same workflow.
ISIM sometimes re-orders internal elements of the workflow, and, while the order does not affect the workflow function, it does mess up the diff-ing. This script helps overcome that issue.
Automatic documentation of ISIM Workflows
If you worked with the IBM Security Identity Manager’s workflows you probably love them and hate them all at the same time. The workflows are quite powerful and flexible, but they can also be very cumbersome to manage and hard to troubleshoot. This code is an elegant solution to keep reigns on your workflows by drawing them in an easy to analyze manner.
In other words this code shows you how to visualize ISIM workflows without using ISIM at all
IBM Security Identity Manager Schedule Inspector
This script answers the question “what will ISIM do and when?”. It does so by intelligently decoding the scheduled events table in ISIM. Useful for a mass export of the recon schedules, finding out next steps for in-flight workflows, checking for inconsistencies in the table etc.
The scripts creates a table digest, a cleanup SQL script and and a full binary dump:
- scheduled_message_digest.csv - a readable, CSV formatted digest of the scheduled_message table
- scheduled_message_cleanup.csv - SQL script to remove invalid references and obsolete entries
- scheduled_message.dump - raw, but decoded and unzipped dump of the messages from the table, for indepth investigations.
IBM Security Identity Manager Testing framework
A set of libraries and testing procedures to help do regression testing during upgrades and system enhancements. Based on the FOSS Robot Testing framework.
Access Management Migration and Upgrade
Access Management synchronization scripts
A set of scripts that can be used to clone the WebSEAL related configuration from one ISAM server to one more target servers, or to synchronize the WebSEAL related configuration from a master server with that of one or more target servers. This script has use-cases in both development and production scenarios. These scripts include capabilities to clone/synchronize WebSEAL instances, WebSEAL configuration file settings, custom WebSEAL pages and directories, files and certificate stores used by WebSEAL, and WebSEAL junctions (including any passwords used in the junction definitions). The scripts will generate a file of ISAM CLI commands to clone/synchronize these items from a master server to one or more target servers.
Access Management configuration migration
A set of migration scripts that can be used to assist in the migration of a TAM software-based deployment to an ISAM 9 appliance-based deployment. These scripts are designed for use in implementing a parallel deployment style migration approach. These scripts include capabilities to discover the configuration of existing WebSEAL server instances and existing TAM policy, and generate files of commands to recreate the configuration and policy. Any files and/or keystores referenced in the TAM configuration or policy can optionally be gathered, along with any customized WebSEAL pages, making them available for uploading to the ISAM appliance(s) via a generated set of commands. The generated commands are executed using a script, called “isamcli”, that has a user interface based on the classic TAM “pdadmin” command, and which uses the RESTful management API of the appliance to implement the requested commands. This “isamcli” script provides a superset of the commands available with “pdadmin”.
ISIM Command Line Interface
A re-implementation of the traditional pdadmin interface with the use of the new ISAM REST libraries.
Identity Management Adapter Library
In additon to enhancing numerous vendor supplied adapters, we have created uniqe Identity management adapters that allow our customers to seamlessly provision, deprovision and change accounts on:
- Epic Systems HRM - Epic EMP and SER record management
- Good MDM
- Open VMS
- Any database with a JDBC and ODBC-JDBC bridge