Identity and Access Management, Identity Governance

How to provision users in bulk into Active Directory Group with Oracle Identity Manager OIM. Oracle Identity Manager (OIM) can integrate with Active Directory as a target system for provisioning users in Active Directory. With Oracle Identity Manager as the central Identity Management system one can manage, provision, deprovision or terminate user accounts as per the policy defined in OIM. The OIM connector for Microsoft Active Directory User Management is required for this integration. With this connector in place OIM can manage the lifecyle of user accounts in Active Directory. There are situations where there is a need to provision hundreds of users. This is a typical scenario where one needs to bulk provision users into a Active Directory Group via OIM. (instead of provisioning users one by one manually which can be tedious and time consuming). This post deals with provisioning users to a Group in Active Directory (provisioning users to AD is a related but different use case

Here is a good post from a blog about Certification Revocation (original blog is here) my  last post , I examined the reasons why certificate revocation is important to enterprise security. Now I’ll walk you through the steps you need to follow to check for revoked certificates. Certificates are believed to be ‘good’ unless we’re told otherwise, so certificate authorities simply need to maintain lists of ‘bad’ certificates that have been revoked. These lists are then made available so that anyone can query the status of a certificate. For the most part, if the certificate we are checking does not appear on a list, we can assume it’s okay. How can a compromised certificate be used in an attack? Read More. Many methods exist for publishing and querying these lists but few of them are widely used. This is largely because the methods are slow, prone to failure or are just plain complicated to understand and implement. So, what are the methods and what proble

PKI Technical Standards What follows is a comprehensive set of lists of applicable PKI standards. Notes:  Standards tend to migrate from one body to another, as they mature and become ratified and adopted by steadily bigger groups. Over time this can lead to redundant standards documents. For instance, most of the RSA Laboratories' PKCS series have been adopted by the IETF now; such standards can appear more than once in the lists below. A nearly complete compendium of information security standards was produced by APEC and is available from the Federal PKI Steering Committe website:  APEC Standards Handbook . Important PKI Standards Organisations The Major PKI Related RFCs Other PKI Related RFCs Other Cryptography Related RFCs Other Security and Crypto Standards ANSI Financial Industry PKI Standards ANSI Financial Industry PKI Standards IN DEVELOPMENT ISO PKI Standards PKCS Series Smartcard Standards & Guidelines European Electronic Signature Standards PK

This article is from Microsoft knowledge base for enabling Smart Card or PIV card logon with Microsoft Active Directory. Though this article is for Windows 2000, it is continues to be relevant for Windows 2008 or 2012 servers. The third party certification authority or Certificate Authority (CA) is an entity that issues digital certificates. Examples of Certificate Authority, GlobalSign, Symantec, Entrust, Digicert etc. Third party CA is mentioned here to differentiate with the Microsoft's Certification Authority. If you are implementing Smart Card logon with a Microsoft CA then you need to refer to this document  and this doc , which provides how to configure Active Directory Certificate services. The below article provides all the information required in order to implement Smart Card Login to Active Directory. This enables a user to authenticate to an Active Directory with two factor authentication using a Smart Card, such as a PIV card thereby eliminating use of passwords to