CSS Blog |
The popularity of Apple’s iPads and iPhones among consumers are well documented, but recent findings from Forrester Research shows that these devices are gaining steam in the corporate world. The “Consumerization of IT” or BYOD (Bring Your Own Device) has become a common occurrence among all departments, and not surprisingly, Apple …
I was recently helping someone new to FIM come to grips with the multivalued attribute (MVA) table. The MVA table can be used to populate a multi-valued attribute—in a common scenario, this would be the member attributes of a group object.
Although there are good write ups on how to do this for those familiar with FIM, step by step instructions seemed helpful for those just learning.
iOS 5, Apple’s new operating system for iPad, iPhone, and iPod Touch, will be released “soon” – Apple officially says “this Fall”, and many prognosticators are pointing to sometime in October. While the new release has hundreds of new features, the feature that’s of particular interest to digital identity practitioners such as CSS is one that’s received very little press to date.
Recently, I have been involved in several client projects that involve the distribution and synchronization of user accounts between multiple organizations. This is a little different than the standard synchronization scenario, which assumes that there is one organization, and data flows from an authoritative source, such as an HR data store. An example of this basic synchronization can be seen in Figure 1; assume that we have three domains in our organization, and domain A is authoritative.
In this blog, I will describe how to send an email message when a group is changed from static membership to criteria (dynamic) membership. The email notification contains the display and account name of the group, the person making the change, and the previous static group membership.
In this blog, I will describe how to send an email message when a dynamic group’s criteria (filter) changes. The email notification contains the display and account name of the group, the person making the change and both the old and new membership criteria filter. Having the previous filter definition can be invaluable if you need to revert back to a previous filter setting.
Most ILM/FIM implementations require some custom code extensions, and debugging these extensions is an important part of the development process. When developing code extensions for ILM and FIM, one of the configurable options is to run your code in a separate process. This is an option for ECMA, MA and …
With the recent sting of very public and highly publicized IT compromises, many IT security stake holders are re-evaluating their overall security strategy. It is inevitable that at some point in that evaluation, the idea of implementing multifactor authentication will be considered.
Smartcards are often discussed and quickly dismissed as an alternative to existing multifactor schemes. However, in recent years there have been many changes to the smartcard product offering, that include reductions in total cost and easier implementation into heterogeneous environments.
As with many quests, the one I embarked on to figure out how to create criteria based sets and groups where membership was based on an attribute in the FIM portal being “empty” turned out to be more complex than first thought. We start our story with a mythical client …
Determining a comprehensive view of access rights in a Microsoft network can be a difficult task – as anyone that has undergone a recent audit can attest. The collection and organization of security data into detailed reports can take significant time and effort. There are multiple reasons that the process of gathering the data is difficult and time consuming, but the common factor is that security information is dispersed throughout multiple security stores.
In a Windows environment, security store information is dispersed in the following methods:
Subscribe via RSS »
