CzechIdM 8.0 Hematite, towards the asynchronicity

We proudly introduce our new version of identity manager CzechIdM called Hematite. The new version comes with a huge improvement of the event processing, so we decided to raise the major version of our software even though the API of modules and thus the compatibility has not changed.

Of course, event processing is not the only feature we improved. We also added a new workflow that takes care of the automatic roles definition approvement. Moreover, we did a great job in localization. From now on, all task names can be localized into other languages than English, as the rest of the CzechIdM.

Continue reading

How to connect Microsoft Active Directory into CzechIdM

Since MS AD is the major directory service spread across the enterprise environment, connecting it to our identity manager CzechIdM is one of the most frequent task we come across. This text is a short tutorial of how to manage accounts of users in AD via an identity manager CzechIdM. It will guide you through all the steps from the connector setup to the system provisioning configuration.


This tutorial will show you how to connect AD as target system for users (their accounts) from CzechIdM. We will use AD bundle connector from connId framework.

Before you start

First of all, you need to download the connector from Connid (e.g. Connid AD bundle 1.3.4 jar file). Then import the jar file into your application server library classpath. In case you installed CzechIdM into tomcat, then it can be placed there. If your CzechIdM is running, refresh web browser window (e.g. ctrl+F5).

Continue reading

New release CzechIdM 7.7.0 – Garnet is out

Here comes a new stable version of CzechIdM called Garnet. Big milestone feature is new automatic roles by attribute.

Automatic role by attribute

The role can be linked with value in attribute (value can be stored in Identity, Identity extended attribute, Contract and Contract extended attribute). That role is assigned to and removed from a user based on the value in the specific attribute. Recalculating of this automatic roles is done after saving identity, identity extended attribute attributes, contract and contract extended attribute attributes. All necessary attributes that defined automatic role by attribute are defined by agenda “Automatic role by attribute”.

Continue reading

Virtual systems in CzechIdM 7

Virtual systems is one of main section in CzechIdM. In CzechIdM you can have many connected systems. But not for all systems is necessary to be connected directly. For example system with a few users can be connected as virtual system, because connection to system like that will not be used that many times like on other systems, so you can save time and connect these systems like virtual systems.

Virtual system is not directly connected to CzechIdM and all changes have to be made manually  by administrator. CzechIdM sends to administrator notification with precise information about create, update or delete account on virtually connected system. Administrator can see which lines has been changed and what was there  before change and what will be there after change. And all these tasks are stored in ‘Archive’.

Continue reading

CzechIdM 7 – product description

CzechIdM 7 is the latest generation of the identity manager, which administers over 3 million user accounts in not only Czech companies. Our experience from managing identities of our existing customers has been used during its development. This version is the answer to requests of users, administrators, and developers.

Check out our online demo at and see our precious.

Continue reading

CzechIdM 7.5 Emerald is out

Three weeks after the Diamond was released, here comes a new stable version of CzechIdM called Emerald. It provides many interesting new features as well as some bugfixes. Check out the post to see what brings the latest version of our identity manager.

Provisioning brake

If you have a system connected to CzechIdM, e.g. MS Active Directory, on which you want to control provisioning operations (create, update, delete) the provisioning brake is the right choice. With provisioning brake you have control over how many operations for a specified system is done over a defined period of time. It is also possible to  set a warning or disable limit for each operation. After exceeding the each limit administrators are notified by email.

Continue reading