Identity and Access Management, Identity Governance

  SAML (from PingIdentity) SAML (Security Assertion Markup Language) is an open authentication standard that makes  single sign-on (SSO)  to web applications possible. SSO allows users to sign on to multiple web-based applications and services using a single set of credentials. Designed to simplify user sign-on experiences, SAML is most widely used in enterprise organizations and allows users to access applications and services that they pay for.  Most importantly, SAML sign-on experiences are secure because user credentials are never transmitted. Instead, they’re handled by  identity providers (IdPs) and service providers (SPs) :   The IdP stores all of the user credentials and information necessary for authorization and provides it to the SP, when requested. It's the IdPs’ job to say, “I know this person, and they should be able to access these resources.”    The SP hosts the applications and services that users want to access. These applications or services might include email p

Given a set of data in one single column, and you need to transpose every N number of rows into columns in Excel. The first task is to figure out how many rows or lines of data corresponds to one set. Once you have figured out how many consecutive rows of data corresponds to one set or a single records, then next step is transpose the selected rows into columns.  Lets take a simple example, given a data as below in one single column. aaa1 aaa2 aaa3 bbb1 bbb2 bbb3 ccc1 ccc2 ccc3 The first thing is to figure out how many rows correspond to one set. To make it simpler, we can see aaa1,aaa2,aaa3 belong to one set, and similarly bbb1,bbb2,bbb3 belongs to a different set. Hence the data represents three different records. The objective is to transpose the 3 lines or rows of data into separate columns, as below showing 3 distinct records. aaa1  aaa2  aaa3 bbb1 bbb2  bbb3 ccc1  ccc2  ccc3 The data now can now be represented into a Table format with each row corresponding to one separate record

SailPoint Identity IQ (IIQ) as the Identity Management System provides full management of User Lifecycle across all the resources in an organization. This includes Auditing, Compliance and Access Privileges of a user.  SailPoint IIQ provides following features 1) Reduce Risk: Full visibility on user access to resources on a continuing basis via certifications and access reviews 2) Reduce IT Heldesk costs: self service portals and expeditation of the processes for requesting and granting access to IT resources 3) Improve Efficiency: Automation of provisioning resources to users, including modifying, revoking user access throughout user lifecycle. 4) Automate Policy Management: The compliance to policies for user access, including separation of duties can be fully automated with the SailPoint Compliance Manager. 5) Integration with Privileged Access Management: SailPoint offers integration with several Industry Privileged Access products like CyberArk, Thycotic etc., for managing the li

Closed-loop remediation is a term that is used in Identity Management and Governance that revokes any of the access privileges of a user which were identified for revocation during a Certification process. Ideally the Closed-loop remediation feature should directly revoke roles and entitlements from the Provisioning Tool after the Certification process or campaign has flagged such entitlements of a user for revocation. For example, in Oracle Identity Manager (OIM), when a certification is complete and all primary review tasks have been signed off, Oracle Identity Manager attempts to remove every user and privilege for which the final decision was to revoke. Requests are created to de-assign any role-assignment that is revoked, to de-provision any account that is revoked, to remove any entitlement-assignment that is revoked, and to delete or disable any user that is revoked.  Note, for non-managed applications, you may have to manually revoke roles and entitlements. The key here is that

Difference between Project Schedule and Schedule Baseline Project Schedule and Schedule Baseline are documents which are produced during the Planning Phase of a Project. At first the Project schedule is baselined as per the information available during the Planning Phase, and this gives the Schedule Baseline. After Planning Phase the Schedule Baseline is now a published document for the Project and will be referred during the execution of the Project. Read here about Baseline Start/Finish . (This reference explains how Baseline is set in a Project. One can capture this baseline state in Microsoft Project Tool.) As the Project moves to execution phase, the Project Manager takes the Schedule Baseline as the starting point of the Project Schedule. From here on as the project proceeds, changes will be made to the Project Schedule. In other words, Project Schedule is a living document, whereas Schedule Baseline is fixed or published document. Any changes to the Schedule Baseline will requir

Oracle Access Management (OAM) 12c (12.2.1.4.0) includes the following new features: The most important feature now available in OAM 12c P S4 is the OAP protocol is over REST communication by default. This  enables the use of HTTP(S) infrastructure to route and load balance requests.  Also the Health Checks can use the  REST API to run the preconfigured tests on the servers. (see details for the new features in OAM listed below) (1) Passwordless Login Passwordless authentication allows you to bypass the standard web form based authentication when using a mobile device. For details, see Using Passwordless Authentication in Administering Oracle Access Management. (2) Dynamic Client Registration Dynamic client Registration (DCR) provides a way for the native mobile apps (Android) to dynamically register as clients with the OAuth Server (OAM). For details, see Dynamic Client Registration in Administering Oracle Access Management (3) OAP over REST Oracle Access Protocol (OAP) over REST enab

Centrally Managed Users (CMU) Centrally Managed Users or CMU is a new feature introduced since Oracle DB 18c which allows simplified database user management through integration with Microsoft Active Directory (AD). Beginning with Oracle Database release 18c, version 18.1 and later supports direct integration with Microsoft Active Directory (AD) using the new centrally managed users capability. CMU allows the Oracle database to perform user authentication and authorization directly against AD. Benefits of CMU With centrally managed users, users accessing the database can be centrally managed to improve an organization's security posture. An enterprise user (a user in Microsoft Active Directory) can be exclusively mapped to a database account, or many enterprise users (in an Microsoft Active Directory group) can be mapped to a shared account in the database. Microsoft Active Directory groups can also be mapped to a database global role, which provides users with additional privilege

10 Processes in the Executing Process Group There are 5 Process Groups as per the PMI PMBOK Guide for PMP – Initiating, Planning, Executing, Monitoring & Controlling & Closing. This post is about processes in the Executing Process Group. PMBOK 6 Executing Process Group There are now ten (10) processes in the Executing Process Group from PMBOK 6 Guide. Following is the break up of the processes among their respective knowledge areas. Integration Management Knowledge Area has 2 processes, Resource Management Knowledge Area has 3 processes, and Knowledge Areas of Quality, Communication, Risk, Procurement and Stakeholder Management have one process each for a total of 10 Processes. What is Executing Process Group? The Executing Process Group consists of the processes used to complete the work defined in the Project Management Plan to accomplish project requirements. The processes in this Group are the ones that need to be performed to complete the work defined in the project manage

How to create a user in Oracle Identity Manager (OIM)/Oracle Identity Governance (OIG) with a future "Start Date" and ensure user account is only enabled on the "Start Date" User accounts are created in Oracle Identity Manager (OIM) as users are on-boarded or join the organization. There are typical use cases when users are given a joining date or the day when a user reports to duty. The user should be able to login to the systems when he starts his duties. Hence, the user account and login should be enabled for the user so that they can successfully login to the systems. The user account should only be in the enabled or in Active state on the day user is officially supposed to start. In other words the account which has been created for the user should be in a Disabled state until the day of start. The security rule is n ever to have an active account or Entitlements for Users who are not active in the system. The user account is Active on the day user joins the or

Understanding WebLogic Server Clustering and WebLogic Domain This post gives an overview of WebLogic Server Clustering and Domains. A WebLogic architecture is composed of an Admin Server and a Managed Server. When you install WebLogic server you create a domain which has resources and the Admin server acts the admin instance which will manage, monitor, configure the resources in this domain. Each Domain can have one or more Managed servers. Managed servers are the instances where you deploy your applications. For example Oracle Identity Manager (OIM) is a J2EE application deployed on a WebLogic Managed server. So at a minimum the architecture will be composed of a WebLogic Admin server and a WebLogic Managed server on which the OIM is deployed. However for practical implementations, you would have at least two Managed servers hosting the deployed Application for high availability. The 2 Managed servers will provide continuity of operations in case one of the Managed servers is unavaila