The Instrumental Identity IIQ History Plugin painlessly enhances auditing and event tracking within existing IIQ systems, offering greater visibility to administrators, auditors, and business analysts. SailPoint IdentityIQ ships with a variety of historical and audit logging. Aggregation jobs can save a snapshot of an Identity containing all of its attributes and accounts so an admin…
View detailsIdentityWorks is pleased to announce the availability of the “public subset” of our feature-rich IIQCommon library, which you can find at: https://git.identityworksllc.com/pub/iiqcommon IIQCommon is a utility library used in virtually all of our SailPoint IdentityID installations and plugins. Some of the utilities included in this library are documented below. Utilities A whole slew of convenience…
View detailsThe SailPoint IIQ user interface is far more user-friendly and reliable than the interface of competing identity managers. However, from time to time, it still encounters limitations. Instrumental Identity has created an IIQ plugin, the UI Enhancer, to insert many useful features and security enhancements to the existing user interface, filling in the gaps. Contact Instrumental…
View detailsThere is a strange behavior of OIM 11.1.2.3, which appears to still be present in 12c, that causes unexpected password changes on accounts. Specifically, all encrypted fields on a parent UD table are set to NULL on access policy evaluation, which triggers any Password Updated-type provisioning actions. These will typically fail, resulting in an open task, because…
View detailsWhen creating business logic for a connector in SailPoint IdentityIQ, it is sometimes necessary to run a Powershell script “out of band” (i.e. from a Workflow or Run Rule task). This is not well-suited to the Before/After model used by IQService connectors. In this article, I will go through how the IQService invokes Powershell and how…
View detailsAt Navigate 2019, several people expressed interest in IDW’s containerized version of SailPoint IIQ, so here it is in publicly accessible form! I’ve been using this containerized version to do virtually all of my local development since I created it. It takes about two minutes to have a brand new IdentityIQ system up and running…
View detailsA majority of organizations implementing Oracle Identity Manager (OIM) struggle with migration and deployment procedures. Migrating a newly developed connector often involves many manual steps, and can result in problems such as a missed deployment steps, importing wrong versions, etc. One solution to those problems is automation, where everything is stored and controlled in a…
View detailsWeblogic and OIM are vulnerable to Java deserialization attacks over the network. This vulnerability was reported to Oracle in 2015 and assigned CVE-2015-4852. Oracle has released a series of patches to address the issue, but many systems continue to be vulnerable. The attack is easy and the steps are publicly available. An attack does not…
View detailsOrganizations in verticals such as Higher Education have requirements around multi-affiliation and multi-valued identity data. In this blog post we will look at how you can configure identity data in Oracle Identity Manager to meet the needs of Higher Education (or any organization with multi-affiliation and multi-valued identity data) without the need to make data…
View details