The Managed Identities for Azure Resources feature is a free service with Azure Active Directory. Formerly known as Managed Service Identity, Managed Identities for Azure Resources first appeared in services such as Azure Functions a couple of years ago. Much more recent though Azure Copy (AzCopy) now supports Azure Virtual Machines Managed Identity. This negates the need to get and manage SAS keys or certificates, and even the need for installing and leveraging the AzureRM or AzRM PowerShell modules.… [Keep reading] “Using AzCopy with Azure Virtual Machines Managed Identity”
Installing and configuring a SailPoint IdentityNow RACF Connector isn’t something you do everyday. It’s probably something you will only over do once or twice it at all. This post is my learnings from troubleshooting the SailPoint IdentityNow RACF Connector Gateway to allow the IdentityNow RACF Source to connect to the RACF Agent on z/OS. The best background reference for such a configuration is this document on Compass. The IdentityNow RACF Connector Gateway can be downloaded from here.… [Keep reading] “Troubleshooting the SailPoint IdentityNow RACF Connector Gateway Configuration”
Recently I was configuring a SailPoint IdentityNow JDBC Source with data a little different than a simple series of single valued columns. The Source was an Oracle SQL View with around 19 columns of which one key column was multi-valued. It contained a list of the Roles a user is a member of.
Just like doing anything for the first time there was some trial and error before I got the JDBC Source all configured and the Import, Correlation and Aggregation working.… [Keep reading] “Configuring a SailPoint IdentityNow JDBC Source with multivalue fields – ‘mergeColumns’”
A RACF Management Agent for Microsoft Identity Manager ? Isn’t there one in the box? No. Host Integration Management Agents were deprecated when Microsoft released Forefront Identity Manager as the successor to Identity Lifecycle Manager (ILM). I understand it was partly due to lack of demand for the integration, and the reliance on Host Integration Server (HIS) along with the move in operating system support 32-bit (in ILM) to 64-bit (in FIM). With ILM integration with Host Systems via HIS you were required to map out the key sequences anyway.… [Keep reading] “A Rudimentary RACF Management Agent for Microsoft Identity Manager”
Why a FIM/MIM PowerShell Management Agent for Oracle Internet Directory? Why not just use the Generic LDAP Connector for Microsoft Identity Manager? I needed an integration solution that was able to update an Oracle Database behind Oracle Internet Directory. That meant I required a solution that was able to use LDAP to get visibility as to who/what was in OID, but then make updates into an Oracle DB. That functionality I wanted to be contained on a single Management Agent, not an MA for the Database and another for LDAP.… [Keep reading] “Microsoft Identity Manager PowerShell Management Agent for Oracle Internet Directory”
If you are an IT Professional it is highly likely you are very familiar with Microsoft Active Directory and in turn PowerShell and LDAP. At some point though you may need to integrate with another LDAP directory such as Oracle Internet Directory and you find it isn’t as straight forward as Active Directory and the rich tooling it comes with. I’ve had to create interfaces with numerous LDAP directories over the years but its been quite a long time since I had to integrate with Oracle Internet Directory.… [Keep reading] “Querying Oracle Internet Directory (LDAP) with PowerShell”
SailPoint IdentityNow comes with many connectors to allow provisioning and lifecycle management of entities in connected systems. However there will always be those systems that require some manual tasks/input. In those instances SailPoint IdentityNow to ServiceNow Ticketing Integration can create a ticket in ServiceNow that can then be tracked whilst those manual steps are fulfilled.
Integration of IdentityNow with ServiceNow doesn’t use a connector in the same sense as the other Sources do in IdentityNow. It uses an Integration Module.… [Keep reading] “SailPoint IdentityNow to ServiceNow Ticketing Integration”
SailPoint IdentityNow Access Requests for Roles or Applications usually require approvals which are configured on the associated Role or Application. The Approval could be by the Role/Application Owner, a Governance Group or the Requestor’s Manager. However for reminders and escalation policies the configuration is only available to be retrieved and set via the API. The SailPoint Identity Now api/v2/org API is used to configure these Global Reminders and Escalation Policies.
This post details how to get the configuration of your IdentityNow Org along with updating the the Global Reminders and Escalation Policies.… [Keep reading] “Get/Update SailPoint IdentityNow Global Reminders and Escalation Policies”
Log Analytics is a fantastic tool in the Azure Portal that provides the ability to query Azure Monitor events. It provides the ability to quickly create queries using KQL (Kusto Query Language). Once you’ve created the query however you may want to run that query through automation negating the need to use the Azure Portal every time you want to get the associated report data.
In this post I detail;
- creating a Log Analytic Workspace
- enabling API Access
- querying Log Analytics using the REST API with PowerShell
- outputting data to CSV
Create a Workspace
We want to create a Workspace for our logs and queries.… [Keep reading] “Azure AD Log Analytics KQL queries via API with PowerShell”
I recently had a seemingly simple task for a customer to setup a AD FS 2016 relying party trust for their SailPoint IdentityNow deployment. Sounds easy right?
In this scenario AD FS 2016 was to be the Identity Provider (IdP) and IdentityNow the Service Provider (SP). Our end-goal of the solution was to allow the customer’s users to authenticate via SAML into IdentityNow using their corporate AD DS email address and password. Great outcome from a user experience perspective and for corporate governance too!… [Keep reading] “AD FS 2016 and InvalidNameIDPolicy using SAML Authentication to SailPoint IdentityNow”