New features in CzechIdM

There was internal meeting in our company center few days ago. So what’s new in CzechIdM? How it will help our customers?

1. Delegation

Boss leaving for two weeks vacation and he’s asking his assistant: „Could you please take over my approving?“ „Ok, tell me your password please, so I can log in to your account.“ „But there’s no need for that,“ smiles boss, „I delegate my right to you, so all requests, which come in next two weeks to my account, will be automatically transferred to yours…“


2. Authentication against end system

Mr. Pokorný is older man and he doesn’t want to remember tens of different passwords. Logging into CzechIdM is not making him any problems: he doesn’t have to remember special password. He use his usual password, which he’s using every day, when he’s logging into company’s portal. CzechIdM take care of the authentication: it asks portal for verification of password, of course using safety transfer of information.

3. Escalation

Mr. Kratochvíl get sick and he’s gone for couple of weeks, because he’s in spa for treatment. Unfortunately he forgot to forward his work to colleagues and at his account there are couple of unapproved user tasks for a few days now. Will the user tasks ever be approved? Yes, of course, tommorrow will start a system of automatic escalation: requests will be forwarded to another authorized employee, who will deal with them.

4. Forced change of password

All employees of one department are using same password. They are used to it and don’t plan to change it. Do you think it’s safe? We don’t, so we implement forced change of password to CzechIdM: after first successful login the user has to set new safe password.

5. Bulk actions

Administrator sometimes needs set some user attribute in bulk or “push” some statistic data into CzechIdM. For this situation there is new bulk actions in CzechIdM.

6. Changing password from Windows

When Mr. Novák wants to change password on mailserver, he presses Ctrl+Alt+Del and he inserts new password into Windows dialog. When he wants to change his password on Portal, he presses Ctrl+Alt+Del and he inserts new password into Windows dialog. When he wants to change his password in domain… he will do the same. To the domain is connected CzechIdM and it sends new password by safe route to other connected systems. So Mr. Novák doesn’t need to take care of it: he can administrate all of his passwords straight from Windows.


7. Queue for undelivered tasks to connected system

Something is broken somewhere. Central LDAP isn’t running. But it’s first day of month and CzechIdM should create accounts for new employees… What happen to these accounts? What happen if CzechIdm tries to create account on inaccessible LDAP? Fortunately nothing serious: task is queued and as soon as LDAP is running, accounts will be correctly created.


8. Nicknames for systems

Are you using special nickname for your company mailserver? For example “Exchange” after used product? And would your users understand it too? If not, don’t worry. CzechIdM now enables define nicknames for systems: “Exchange” for administrators, “Mail Server” for users. Everybody will see what he understands.

9. Automatic tool for keeping language mutations

Next new will be appreciated by every developer of CzechIdM: simple Java application manages language mutations of all captions and messages in CzechIdM, points out untranslated texts and it also secure that all sets of captions are complete and actual for all languages.

10. Remote connector server

CzechIdM usually uses connector from open-source project OpenICF. Connector is code in Java, it’s running in enviroment of so called connector server, with which CzechIdM communicates with connected systems. Remote connector server runs separately from CzechIdM, in other JVM or even in other machine. There’s also another advantage, besides of distributing the resources: if connected system doesn’t support crypted native communication, we install remote connector server on the machine, where the connected system runs. Communication between CzechIdM and connector server always uses SSL and therefore is safe. Unprotected communication is then only locally between connector server and connected system.


If you’re intersted in some of these features and you want to know more, just send me an email to

Leave a Reply