Adventures in identity management
Over the years, I’ve been called in a few times when HR and/or payroll functions are being outsourced (or share-serviced, which is much the same thing), and this includes a migration to a new HR platform. Typically I have been brought in far too late in the proceedings when cost-cutting and service-simplification decisions have already…
Anyone who’s been in the IDAM game for a while knows that IDAM solutions are hard to sell. We can be seen as pushing something customers “already have” – even though what they already have is a combination of manual process, scripts, inconsistent data and a tangled web of access “control” that no one really…
I recently deployed a MIM 2016 solution into Production that took about 10 months to build, test and deploy. I decided to take a look at the percentage of overall time spent on broad work categories in the whole project, and that’s what this post is about. First I had to get the data on…
Over the years I’ve had a play with a few role mining tools, and while I can’t claim that as any type of industry review, it did leave me with a general feeling that the whole concept is a fantasy. The main problem I have is that role mining assumes there is a logical structure out…
Just had an odd issue with a small number of synchronised objects in a MIM 2016 Dev environment. The connector space objects in the HR MA had an “unexpected-error” reported in the Sync Service. When I try to preview sync one of the objects I get the following error: Unable to get preview XML from…
I was trying to delete a CSV MA from a MIM sync service. The connector space was empty but all I got was the error “Unable to delete the management agent” and the code 0x8023060c. Nothing in the event logs at all. I was convinced it was something to do with the database and rolled…
The “Unlock User” page in the FIM/MIM Portal is entirely seperate from the main User management page – which is not especially user-friendly. This post shows a way you can add a personalised link to the User Edit page which, when clicked, takes the operator straight to the correct User Unlock page.
Let’s start with a statement that can be made about any design: good design makes sense, it is coherent, it is self-evident and doesn’t need a lot of explanation. While a simple IAM solution would be a fine thing, the reality is that we must deal with complexity in technical connectivity, data, business rules and…
This week I battled with an error from the OOB SQL MA for MIM 2016 (which I don’t think has changed at all from FIM 2010, and probably not earlier versions as well). The MA was working with a SQL database table on a server in another, non-trusting AD forest, and using Windows authentication. The…
Sometimes I want to simulate connectivity from an application another way, usually for troubleshooting or verifying networks and accounts have been set up correctly. One thing that’s always been difficult is testing I can connect to a SQL database in a non-trusting domain, using an AD account in the other domain. I can’t hardcode credentials in…