Many companies use an on-premise certificate authority (CA) for their internal purposes. Without a doubt, one specific function of the certificate authority in a company is handling users’ certificates. Those certificates are bound to physical persons and as such, they fit neatly into the identity management problematics.
For this reason, CzechIdM implements the CA functionality in the form of a module. In this short series of posts, we will describe basic workings of our CA implementation and how it can be fit into the company’s infrastructure.
In MS Active Directory, groups can have members not only from the same domain but also from other trusted domains. This is determined by “type” of a group. Such cross domain group membership can be now managed by CzechIdM.
You installed CzechIdM and then connected systems to it. You prepared provisioning and synchronization definitions with attributes mapping. Well done, now you can automatically distribute information about identities, roles and other object between connected systems. But what to do, if there is some attribute value transformation required? You will find you in the following text.
CzechIdM is an opensource identity management tool that automates the operations associated with establishing, canceling, or changing identity lifecycle. We create and offer CzechIdM as a product. Our goal is to make it as simple as possible, a good GUI and a pleasant UX. That’s why documentation is very important to us.
CzechIdM documentation can be divided into basic 3 areas. For developers, administrators and implementers, and for users.
Reg module servers as a registration point for new users to access CzechIdM. To be a registered user, one has to go through several validation steps before he can log in to CzechIdM. In the article we will describe, how the reg module can save administrator’s time. Continue reading
New version of CzechIdM brings new approach to the application configuration. We can use easy static configuration or define configuration properties in the application itself and do some advanced magic. In the article we will go through the application configuration and show the reader how easily activate installed modules. Continue reading
New generation of CzechIdM brings many improvements to our identity manager. How we dealt with the long running task (LRT) management you can read in my post.
First of all it would be nice to introduce the LRT to those, who are not familiar with the term. Many actions in CzechIdM are supposed to run in the background since they do not need the interaction with the user or its run takes a long time.
Imagine a situation when you need to manage accounts in systems, but it does not make sense to connect these systems to IdM for direct management. Then you have the function of “Virtual Systems”. How does it work?
To create, change (e.g. assign rights), or delete accounts on a virtually connected system CzechIdM will instruct the administrator via email to do that . The administrator of the virtual system will make the changes and then confirm it in the CzechIdM.
As a new member I was given some small features to improve CzechIdM 7. These features are Short Text, Indication that “Filter” is filled-in and Run chosen tasks.
When connecting a system to CzechIdM that is meant to be an authoritative source of data (Identities, Org. structure, Contracted positions etc..) there are several ways of how to communicate. There are many common attributes that are usually provided by the source system to CzechIdM. Source system for CzechIdM is HR system in most implementations.
CzechIdM can be connected to HR system by many ways. Most common ones are:
- Web service (SOAP)
- REST api