Identity and Access Management, Identity Governance

This post will cover the steps required to get Docker installed on Linux host (RHEL Red Hat Enterprise Linux). In essence when we say, installing Docker, it means installing a Docker engine.  Why would one want to install a Docker engine? It is for making containers exist on an Operating system. After Docker (engine) is installed on the Operating System, then you can run applications in the docker container. One installs a Docker engine on the Operating System. Next, you create a Docker image. The Docker engine will allow to run individual containers from the Docker image. Put simply a container is a runtime instance of the Docker image. A docker container is a process which runs on a host. Docker or rather the Docker engine enables these processes to run in isolated containers. In other words, Docker makes possible or enables to create, run and manage containers on a single operating system. A Docker container contains all the application and its dependencies, thereby one can safely

SailPoint integration with Privileged Access Management (PAM) solution, such as CyberArk, Xceedium SailPoint Identity IQ is an Identity Management and Governance product that provides user provisioning and deprovisioning which can be automated with workflow based approval processes. On the other hand Privileged Access Management solutions, such as Xceedium, CyberArk , Beyond Trust etc, provide secure and policy based access to administrator or root/privileged accounts. In order to get full visibility and control of these privileged accounts one must integrate the Identity Management/Governance with the Privileged Access solution.  This integration  between SailPoint IIQ and CyberArk Privileged Management provides a centralized, policy driven governance for all identities in an enterprise including privileged users. Here is video which shows the SailPoint and CyberArk integration . The demo shows access to Privileged Access Management from within the SailPoint.  On left is a

This post goes over the key steps to login to your EC2 virtual machines hosted in the AWS (Amazon Web Services).    There are two ways to connect to the remote machine (the EC2 virtual machine) which is hosted on the Amazon cloud      (1) either connect via a standalone SSH client or use a Java SSH client directly from your browser.   (2) or use putty client (putty is SSH client, provided by https://www.putty.org , that can downloaded from  https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html   Scroll down to the Binary files and pick your appropriate version. For 64-bit x86 version the download is here   https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe If you want to connect with your browser then only IE and Firefox are supported. See note below regarding Chrome browser. Since Chrome browser does not support plugins using NPAPI, you cannot use the in-browser Java SSH client (NPAPI deprecation on Chrome). You need to use Internet Explorer or Firefox b

What is Reconciliation in Identity Management Reconciliation is a term used in Identity Management for recognizing changes to Identity attributes and their subsequent synchronization with other user stores or an Identity Manager. Identity Manager is a product (e.g. Oracle Identity Manager, SailPoint IIQ Identity Manager) that provides full view and management of user's Life cycle, from creating an account to its final disablement or management of user account on-boarding, off-boarding or user provisioning/de-provisioning. Here User on-boarding/off-boarding is in terms of Business Processes whereas provisioning/de-provisioning is in terms of technical steps. Reconciliation or "Recon" is a generic term used for various Identity Management products, such as Oracle Identity Manager, SailPoint IIQ, IBM Security Identity Manager.  Here is how Oracle defines Reconciliation: When changes in the identities are made directly in a user store, for example an LDAP identity store,

What are Basic Authentication and Form Based Authentication? And Kerberos Single sign-on Basic authentication and Form based authentication allow a user to authentication to a server via a browser. Both these authentication mechanisms use the HTTP/HTTPS protocols with HTTPS being the secure channel. Basic authentication is formally defined in an RFC (there is no RFC for Form based authentication). Both authentication mechanisms will allow a remote user to authenticate to a server. However, Basic authentication does not use cookies, hence there is no concept of a session or loggin out a user. Form based authentication are implemented via HTML forms which have username and password fields for a user to enter and send over to the remote server for authentication. Form based authentication use cookies for session management so user logout can be controlled. Another popular browser based authentication is via Kerberos Single Sign-on which allows a user to login to trusted website seamle

Azure AD Connect Azure AD Connect is a tool that connects functionalities of its two predecessors –  Windows Azure Active Directory Sync, commonly referred to as DirSync , and Azure AD Sync (AAD Sync). Azure AD Connect will be now the only directory synchronization tool supported by Microsoft as DirSync and AAD Sync are deprecated and supported only until April 13, 2017. Why do you need Azure AD Connect?    To synchronize users’ identities between local and cloud directories. Here "local" refers to the on-premise Active Directory infrastructure and domains and "cloud" refers to the applications hosted in Azure cloud, such as Office 365 or O365. Why do you need to synchronize between local or on-premise Active Directory and Azure AD?    To provide for users access different resources on both on-premises and cloud environments with just a single set of credentials. Applications that are deployed in a traditional Data Center or on-premise rely on the on-premise