Category Archives: CzechIdM

Transforming attributes in CzechIdM 7

You installed CzechIdM and then connected systems to it. You prepared provisioning and synchronization definitions with attributes mapping. Well done, now you can automatically distribute information about identities, roles and other object between connected systems. But what to do, if there is some attribute value transformation required? You will find you in the following text.

Continue reading

CzechIdM, full documentation available online, where?

CzechIdM is an opensource identity management tool that automates the operations associated with establishing, canceling, or changing identity lifecycle. We create and offer CzechIdM as a product. Our goal is to make it as simple as possible, a good GUI and a pleasant UX. That’s why documentation is very important to us.
CzechIdM documentation can be divided into basic 3 areas. For developers, administrators and implementers, and for users.

Continue reading

CzechIdM 7 – easy app configuration and module activation

New version of CzechIdM brings new approach to the application configuration. We can use easy static configuration or define configuration properties in the application itself and do some advanced magic. In the article we will go through the application configuration and show the reader how easily activate installed modules. Continue reading

Long running tasks in CzechIdM 7

New generation of CzechIdM brings many improvements to our identity manager. How we dealt with the long running task (LRT) management you can read in my post.

Introducing LRT

First of all it would be nice to introduce the LRT to those, who are not familiar with the term. Many actions in CzechIdM are supposed to run in the background since they do not need the interaction with the user or its run takes a long time.

Continue reading

Virtual systems

Imagine a situation when you need to manage accounts in systems, but it does not make sense to connect these systems to IdM for direct management. Then you have the function of “Virtual Systems”. How does it work?
To create, change (e.g. assign rights), or delete accounts on a virtually connected system CzechIdM will instruct the administrator via email to do that . The administrator of the virtual system will make the changes and then confirm it in the CzechIdM.

Continue reading

Typical requirements on source systems connected to CzechIdM

When  connecting a system to CzechIdM that is meant to be an authoritative source of data (Identities, Org. structure, Contracted positions etc..) there are several ways of how to communicate. There are many common attributes that are usually provided by the source system to CzechIdM. Source system for CzechIdM is HR system in most implementations.

CzechIdM can be connected to HR system by many ways. Most common ones are:

  • Web service (SOAP)
  • REST api
  • Database

Continue reading

CzechIdM 7 – popis produktu

CzechIdM 7 je nejnovější generací identity manageru, který v českých společnostech spravuje přes 3 milióny účtů osob. Při vývoji byly využity zkušenosti z praxe při správě identit u našich stávajících zákazníků. Do této verze byly promítnuty požadavky uživatelů, administrátorů i vývojářů.

Podívejte se na online demo na adrese a posuďte, jak moc se nám to povedlo.

Continue reading

Release 7.3 is a third public version of CzechIdM code-named Citrine.

Release 7.3 is one of the major milestones with many important features.

Main millstones:

  • User-configurable data permissions (Identity and Role).
    • Authorization policies could be assigned to standard roles. Policy evaluates permissions, what currently logged user can do with domain objects.
  • Remote connector server is supported now.
    • From now, we support an external server connector. Therefore, you are not only bound to the connectors that are supplied with the basic product. So you can use outside the base table, csv and LDAP connector for example, Active Directory, or Google Apps. You can also use secured login and password to connect to the server.
  • New version of synchronization (Identity, Role, Trees).
    • Now, we are able to synchronize new objects to/from CzechIdM – Roles and Tree structures. Thus we are e.g. able to automatically synchronize groups from MS Active Directory to CzechIdM as well as define those object in CzechIdM and provide the data to MS AD. Synchronizing trees effectively allows CzechIdM to fetch company structure, store it in CzechIdM and provide the data to the end system like LDAP.
  • Automatic roles on organization tree.
    • Identity gets role automatically by their work position. Automatic roles can be propagated recursively through the tree structures (up, down).
  • Bulk change of identity permissions in one request.
    • Now the user can ask to change their permissions in one package (request). This package goes on as a whole through the approval process and as a whole is also applied. This approach allows for greater integrity of accounts between CzechIdM and end systems.
  • Password policy management.
    • Password Policies allow us to set up a set of rules to improve security by users who may be forced to set up strong passwords and use them correctly. We distinguish the use of small, large characters, figures and special characters. We also support the minimum and maximum character limit settings. We also added enhanced password control, for example similarity with user attributes.
  • Flyway scripts integrated.
    • After enabling Flyway scripts, database migration is easy. Your database will be setup for first time exactly as it needs a system CzechIdMng. Moving to a newer version will be very easy with scripts.
  • Registrable filters
    • Custom module can register new filters on core endpoins for roles and identities. Identity can be found be by newly added criteria.
  • Forest index integrated.


Download snapshot (from Nexus): idm-app.war

Citrine: (Citrine is a variety of quartz whose color ranges from a pale yellow to brown due to ferricimpurities.) Foto