Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Experiences with identity management systems

Experiences with identity management systems

Experiences with identity management systems

Has anybody been involved in any aspect of identity management systems?

What I mean by Identity management systems are pieces of software (normally custom written for a company or organisation to fit around their specific requirements) that use data in a relational database, such as HR/Payroll or student management systems to control aspects of the network login, eg:
* disable login the day after a person leaves and delete 3 months later;
* create a network account and mailbox in the correct OU in the tree for their position within the organisation according to a defined naming convention, populating account attributes from field names (forename, surname, dept, manager and expiry date if its a temp or visitor account) the day before their start date then send manager an email with network login information.
* Extend the expiry date of an account if somebody takes a 6 month extension on their course of study.

I've been pulled into this at very short notice here and wondered if anyody else has experience they would be prepared to share.


RE: Experiences with identity management systems

Well we don't create network logins, but we do create logins for the people who use our wesites based on data feeds. I think the most critical piece of this is record-keeping. Record when the login was created, when it was deactivated and deleted and why. Most of our issues are with researching why people can't log in. If you are going to create credentials automatically based on name, you will need the process to check to see if the name already exists and then add a number to it if it does (or some other process to adjust the name). Names are not unique. Make sure to store the identifier from the HR system or student management system. This will help prevent the wrong John Smith from getting disabled or deleted.

"NOTHING is more important in a database than integrity." ESquared

RE: Experiences with identity management systems

That's the sort of software we're using here (from a different vendor).

Mechanisms of dealing with name clashes, email address clashes etc are being written into the system from the design stage.


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close