Microsoft announced at the RSA conference that they’re shipping (finally!) the GA version of Microsoft Forefront Identity Manager (FIM) 2010.
We recently deployed an early adopter release of FIM here to synchronise accounts between the various Active Directories in different parts of the organisation and our Lotus Notes infrastructure. That project was kind enough to invite me to sit in on their FIM training course and I was pretty impressed with the product overall.
To get some basic syncronisation happening between a SQL database and an AD in the lab tutorial was actually a very straight forward and easy process – which seemed to be a lot more straight forward to me compared with the older Tivoli Identity Manager and CA Identity Manager products I’ve worked with in the past. This isn’t really a fair comparison though as I’m comparing those older versions which have probably moved on to Microsoft’s brand spanking new version.
There aren’t as many connectors available with FIM compared to other products on the market, which you sort of expect from a Microsoft centric product (duh, its written by Microsoft). However, it does have very nice, slick out of the box connectors and integration into Microsoft datastores (AD, ADAM, SQL) which you’d expect.
The other main differentiator I feel for FIM would be the GINA extension for Q&A type forgotten password reset. Historically, GINA extensions have been a cross your fingers and hope it doesn’t break affair. With FIM, I would have a higher expectation that this is no longer the case. At least you’d have 1 throat to choke if an MS patch doesn’t play nice with the GINA.
My personal feeling is that we’re approaching a time where large organisations have multiple provisioning solutions catering for different systems. We’re moving away from wanting to pay large $ to integrate and retro-fit identity solutions into business apps. Why not have a Microsoft platform to seamlessly provision into Microsoft apps and an Oracle platform to do the same for Oracle apps? Of course there’s an operational impact but you buy time to market and reduced complexity (within those integrated apps – probably not when the provisioning engines need to talk to each other). Anyone got some thoughts on this?
Identity and Access Management
FIM, forefront, idm, microsoft, provisioning
Thanks to a meeting with a vendor just before Christmas, I recently became aware that there are more open source identity management projects out there than you think (or at least, more than I thought). Some are still in a pretty embryonic stage, but others have been around for a long time. Who knows, we might even need to jury rig a solution if times get tough.
Here’s the list of open source idm projects that I’m actually now aware of:
And of course there is a whole bunch of stuff from Sun.
Has anyone used these successfully? Are there any others I’ve missed?
Identity and Access Management, Open Source
idm, opensource
This article came across my inbox the other day. Martha (the author) doesn’t really have a security / idm background, according to my (quick, possibly faulty) skim of her LinkedIn profile, so I was interested in her takeaway on security and SaaS and the role of identity in SaaS.
Identity management does get a few mentions (must be a good article), but the main quote I thought worth repeating was:
All of the firms I talked with for this piece referenced Symantec’s research about rogue employees and lost laptops as the primary sources of data loss and theft. Working in the cloud removes the laptop issue and even the smartphone issue.
The wow factor for me (the rest of the article is pretty rushed) is this is the first time I’ve read about cloud computing reducing risk for an organisation, rather than increasing it.
Alas, Martha only hints about identity services in the cloud, and a pretty limited implementation:
User security is rooted in role-based access and identity management. Identity management is maintained in the firm’s LDAP directories. Permissions and denials are controlled by the firm’s administrator. The directories can be either inside the firm’s firewall, at the SaaS provider’s site, or in a DMZ.
Now, if only a large software vendor would release some sort of framework for identity services in the cloud. Should SaaS vendors be looking into this?
Cloud Computing
cloud, idm, linkedin, risk, SaaS, symantec
After days of toil, we’ve finally got the blog live. Identricity.com covers identity and access management news from Australia and around the world.
Where does the name come from? I think the identity part is clear, but well, there are some ‘eccentricities’ in our industry – minor nuances that anyone involved in IdM/IAM/IM projects in large enterprises can appreciate.
Any questions pr suggestions, feel free to ping me on ab@identricity.com or www.twitter.com/adrianbole. Stay tuned!
Identity and Access Management
ab, iam, identricity, idm, welcome