Since MS AD is the major directory service spread across the enterprise environment, connecting it to our identity manager CzechIdM is one of the most frequent task we come across. This text is a short tutorial of how to manage accounts of users in AD via an identity manager CzechIdM. It will guide you through all the steps from the connector setup to the system provisioning configuration.
This tutorial will show you how to connect AD as target system for users (their accounts) from CzechIdM. We will use AD bundle connector from connId framework.
Before you start
First of all, you need to download the connector from Connid (e.g. Connid AD bundle 1.3.4 jar file). Then import the jar file into your application server library classpath. In case you installed CzechIdM into tomcat, then it can be placed there. If your CzechIdM is running, refresh web browser window (e.g. ctrl+F5).
Virtual systems are supported
A virtual system is a system, that can not be directly connected for online management. The reason may be for example the absence of a suitable system connector. The virtual system is basically only a registration mode, where for each system change is generated the implementation request (notification) that is assigned to the particular implementer. This implementer must ensure that the change is made to the target system.
Identity manager helps on the field of privileges management. It can solve tasks like roles evidence and distribution or role assignment to users. Another benefit of identity manager is that role assignment can usually be driven by workflow and user tasks. How does it work in CzechIdM, you will find out in the article.
Zveme Vás na workshop zabývající se problematikou Identity Managementu (IDM) vzhledem ke směrnici GDPR.
Téma: Identity Management a GDPR
Kdy: 14.11.2017 v 9:00 hodin
Kde: BCV solutions s. r. o., 7. května 1168/70, 106 00 Praha 4 – Chodov, 149 00
Workshop je bezplatný, počet míst je omezen. Občerstvení je zajištěno. Pdf pozvánka.
In MS Active Directory, groups can have members not only from the same domain but also from other trusted domains. This is determined by “type” of a group. Such cross domain group membership can be now managed by CzechIdM.
We are glad you are using our product. Sometimes it happens, that you find some functionality that may not work correctly. Or you need some new features to be added to CORE, ACC or IC module. In this article we will show you, how to report the bug or the feature request.
Imagine a situation when you need to manage accounts in systems, but it does not make sense to connect these systems to IdM for direct management. Then you have the function of “Virtual Systems”. How does it work?
To create, change (e.g. assign rights), or delete accounts on a virtually connected system CzechIdM will instruct the administrator via email to do that . The administrator of the virtual system will make the changes and then confirm it in the CzechIdM.
As a new member I was given some small features to improve CzechIdM 7. These features are Short Text, Indication that “Filter” is filled-in and Run chosen tasks.
When connecting a system to CzechIdM that is meant to be an authoritative source of data (Identities, Org. structure, Contracted positions etc..) there are several ways of how to communicate. There are many common attributes that are usually provided by the source system to CzechIdM. Source system for CzechIdM is HR system in most implementations.
CzechIdM can be connected to HR system by many ways. Most common ones are:
- Web service (SOAP)
- REST api