The perils of HR out-sourcing to an IAM solution

Over the years, I’ve been called in a few times when HR and/or payroll functions are being outsourced (or share-serviced, which is much the same thing), and this includes a migration to a new HR platform. Typically I have been brought in far too late in the proceedings when cost-cutting and service-simplification decisions have already…

How IDAM solutions cost you money

Anyone who’s been in the IDAM game for a while knows that IDAM solutions are hard to sell. We can be seen as pushing something customers “already have” – even though what they already have is a combination of manual process, scripts, inconsistent data and a tangled web of access “control” that no one really…

Portrait of a MIM project

I recently deployed a MIM 2016 solution into Production that took about 10 months to build, test and deploy. I decided to take a look at the percentage of overall time spent on broad work categories in the whole project, and that’s what this post is about. First I had to get the data on…

Role Mining, and why it’s a fantasy

Over the years I’ve had a play with a few role mining tools, and while I can’t claim that as any type of industry review, it did leave me with a general feeling that the whole concept is a fantasy. The main problem I have is that role mining assumes there is a logical structure out…

Unable to get preview XML from server

Just had an odd issue with a small number of synchronised objects in a MIM 2016 Dev environment. The connector space objects in the HR MA had an “unexpected-error” reported in the Sync Service. When I try to preview sync one of the objects I get the following error: Unable to get preview XML from…

Link to the SSPR Unlock page from the Edit User RCDC

The “Unlock User” page in the FIM/MIM Portal is entirely seperate from the main User management page – which is not especially user-friendly. This post shows a way you can add a personalised link to the User Edit page which, when clicked, takes the operator straight to the correct User Unlock page.

IAM Design Principle: Good design is simple to explain

Let’s start with a statement that can be made about any design: good design makes sense, it is coherent, it is self-evident and doesn’t need a lot of explanation. While a simple IAM solution would be a fine thing, the reality is that we must deal with complexity in technical connectivity, data, business rules and…

SQL MA Failed to retrieve the schema

This week I battled with an error from the OOB SQL MA for MIM 2016 (which I don’t think has changed at all from FIM 2010, and probably not earlier versions as well). The MA was working with a SQL database table on a server in another, non-trusting AD forest, and using Windows authentication. The…

Test non-trusting cross-domain Windows authentication to SQL using PowerShell

Sometimes I want to simulate connectivity from an application another way, usually for troubleshooting or verifying networks and accounts have been set up correctly. One thing that’s always been difficult is testing I can connect to a SQL database in a non-trusting domain, using an AD account in the other domain. I can’t hardcode credentials in…