Archive for July, 2013

SCIM from Excel

In my twitter timeline i’m watching the hash tag #cisnapa bringing some news and facts from the Cloud Identity Summit 2013 from Napa. It seems like Mark Diodati was demonstrating a SCIM client for Excel.

Bildschirmfoto 2013 07 10 um 16 41 09

So if you’re interested in the code, here you go:

Might this be the new rise of Excel as an identity management suite? 🙂

Categories: Cloud, IAM, IDM, SCIM

Connector mixture

Still working on an migration project which i mentioned in an earlier blog post, i was stumbling over some interesting connector configurations. Just facing the fact that the “old” IAM suite being in place does ship with a whole bunch of out-of-the-box connectors, we were digging deeper into the current configuration to get shed some light onto all the specialities that are implemented under the hood. What i didn’t expect: we did found a connector mixture in the configuration of various connected systems.

Just imagine the following situation:
Given an solid and proven IAM suite having a native connector to execute CRUD operations towards a connected system, let’s say an LDAP directory, you would have the service provider being responsible for the implementation use the ootb connector to use them for all of the typical CRUD operations. But, erm… no, think again.

What did we found:
While the reconcile (the R of CRUD) operations are being implemented using the native connector, the create, update and delete operations (C, U and D of CRUD) are implemented using a web service. 

Some of you may ask: “Why?” A friend of mine would have answered that with his simple 42-like answer: “It’s feasible.” The customer would have answered that with a various set of answers depending on the connected system we were talking about. To be honest: just one out of those reasons for one single operation into one special LDAP directory was that much satisfying and explanatory that i’m willing to declare: “There is no way around leveraging the web service for this single operation.”

In a perfect world there wouldn’t be configurations like that. Would you recommend mixing connectors to a single connected system to your customer? If yes, why or in which situations? 

Categories: IAM, IDM