Wednesday, June 29, 2016

Connectors for Identity Provisioning

We have an intern working for us before he reports for National Service next month. So we gave him some exploration tasks, one of it being to automate our onboarding process using OpenIDM.


New staff on boarding procedures for our office:
1. Create an AD Account
2. Create Zimbra Email Account
3. Create VPN Account
4. Create SVN Account
5. Create Helpscout Account
6. Create Slack Account
7. Create JIRA User
8. Add user to Google calendar

Simple task. Should be able to finish within a month.

No.

Tasks like creating a Zimbra email account, VPN account and SVN account are command-lines operations, thus we need a SSH connector. Took a quick look at https://forgerock.org/openicf/docs/connectors/. Happy! We thought we can workaround with the Solaris Connector.

But no again... the link was broken.

Raised a ticket with Support and was told a new SSH Connector is going to be released soon for OpenIDM 4.0.

Before that happens, what can we do? Generate a flat file using CSV Connector; Run a script to execute the commands on target systems. Less than ideal.

So sometimes, things like this do happen. When you look back the design after implementation, you would like : "OMG! What the hell? Who did that?" Mostly not asking what was the limitation when a design decision was made.

Side track a bit... So we were looking deep into RSA Via Lifecycle & Governance. One thing we like about their architecture was a Mulesoft engine was embedded, which provides the connectivity to external systems. Mulesoft has tons of connectors out there (https://www.mulesoft.com/exchange#!/?types=connector). Ok, not all are Mulesoft-certified, but I would think if one is certified, it would also mean the cost will be different. :)




So, one of my Identity Specialist went crazy and wanted to integrate OpenIDM with Mulesoft. It has what we want - SSH, Slack, JIRA.

Will try. :)

.





No comments:

Post a Comment