One of my complaints about MIIS has always been the lack of a client application that can be run on a workstation. In any organisation large enough to need (and afford) MIIS there are going to be multiple people who need to interact with it. They may not be scheduling syncs, but they could well need to check if a password change went through, or confirm a new user has been created in all the expected places. One of my suggestions for reducing fear and loathing of IdM was to improve its visibility in the organisation – and this is difficult to do if everyone needs server console access, and a fair bit of specialised knowledge, just to figure out if someone has sync’d through correctly.
I set about to write a client application of my own – one that I could distribute to members of infrastructure, helpdesk and DB support. Part of the idea was to allow these people to see that MIIS was actually working, so a log screen provides constant progress updates. The other idea was to give a simple toolset that could be used for specific functions. I called this application MiisApp.
Unfortunately I can’t get this screenshot to look anything other than completely rubbish in this blog format. What you can hopefully just make out is:
- A big log area down the right side, which shows MIIS activity;
- A text box on the bottom left which shows the job queue (used by my simple scheduler) so you can see what MIIS is going to do next;
- An empty text box to the right of the queue – this is where AD accounts are listed that are about to be disabled. I archive their mailboxes first with Exmerge, and it takes a bit of time, so I list them here with a Status that shows the progress;
- A bunch of buttons in the middle which do various things like checking a password change history, or modifying an object’s source data to achieve particular aims (like mail-enabling an existing user);
- Some more buttons above the log box which allow activity to be stopped and re-started on the server;
- One of the menus up the top is used to insert jobs into the queue. This menu is dynamically created based on what is supported by the scheduling script;
- Other dynaminc menus which allow the user to see the import and export logs, going back to the beginning of the day.
I am vaguely aware that there are various companies out there peddling client apps and other add-ons for MIIS, but it’s still a growing area and I don’t believe anyone has written the knock-out client app that does everything anyone could ever want. Until MIIS installations get a lot more standardised there are probably plenty of fiddly, site-specific tasks you will want to farm out to other people, and making it as easy as possible for them just makes good sense.
Over the next week or so I’ll be going into MiisApp in more depth, posting code snippets for particulary useful functions.