Our new Brand
Identity Works LLC is excited to announce we are now doing business as Instrumental Identity. Our brand and image are important to us and as such we decided it was time for a change.
Read more
Using Tomcat Rewrites to Customize the UI and Add Friendly URLs in IdentityIQ
Rewriting URLs The problem Let’s say you’ve written a custom SailPoint IdentityIQ (IIQ) plugin that exposes a plugin page. By default, plugins in IIQ have a technical-looking URL, like this: https://iiqdemo.example.com/identityiq/plugins/pluginPage.jsf?pn=PluginName. That’s both too much and too little information for an end user. If your page consumes Angular state, it might have an even uglier…
In Sync & Secure: Phase 1 Linting and Code Check for IdentityIQ
Continuing the discussion from In Sync & Secure: CI/CD Design Challenges and Considerations: Phase 1 of the DevOps solution standup process focuses on the many pre-deployment tests you can run to prevent issues from reaching your IdentityIQ environment and can leverage both SailPoint and custom tooling to meet your testing needs. Phase 1 also acts…
In Sync & Secure: CI/CD Design Challenges and Considerations
The minimum viable product of every DevOps solution is to reliably deploy an application in an automated fashion without any developer interaction (outside of optionally clicking a start button). Regardless of what pipeline platform you have available, your first consideration will be to follow a “push” or “pull” methodology for your pipeline. In the scenario…
In Sync & Secure: A DevOps Voyage with IdentityIQ and IdentityNow
With Navigate around the corner, we felt now would be an opportune time to share our journey and experiences in implementing robust DevOps processes within our clients’ diverse environments. The world of Information Security is constantly evolving, and as a result, so are the tools and methodologies used to manage and automate security processes. As…
Identity Works @ SailPoint Developer Days ’23
Identity Works had the privilege of presenting at the first annual SailPoint Developer Days conference. Our team of expert consultants provided valuable insights into what we have done with SailPoint IdentityIQ and presented on 4 different topics. Check out our recorded presentations below: Matching & Merging Identities from Multiple Authoritative Sources (presented by Mark Earnest)…
Higher Education Implementation Suite
Identity Works LLC has been in the field for decades working across all verticals, but we often find ourselves working with colleges and universities. Over the years, we have solved many of the complex challenges with multi-personas and access policies that exist in higher education. We frequently hear “our setup is unique, we have this homegrown…
IDW SailPoint IIQ Query Plugin
Have you ever needed to query data directly from your IIQ database for reporting? Have you ever wanted to test a SailPoint filter or HQL query before you used it in a role membership rule? Have you ever wondered why your IIQ Filters behave the way they do? Have you ever needed a Filter String…
IDW Sailpoint IIQ History Plugin
SailPoint IdentityIQ ships with a variety of historical and audit logging. Aggregation jobs can save a snapshot of an Identity containing all of its attributes and accounts so an admin can refer to it later. You can view the history of lifecycle events for an Identity. You can view certification information. You can view historical…
Announcing the open-source IIQCommon library
IdentityWorks is pleased to announce the availability of the “public subset” of our feature-rich IIQCommon library, which you can find at: https://git.identityworksllc.com/pub/iiqcommon IIQCommon is a utility library used in virtually all of our SailPoint IdentityID installations and plugins. Some of the utilities included in this library are documented below. Utilities A whole slew of convenience…
IdentityWorks Sailpoint IIQ UI Enhancer Plugin
The SailPoint IIQ user interface is far more user-friendly and reliable than the interface of competing identity managers. However, from time to time, it still encounters limitations. IdentityWorksLLC has created an IIQ plugin, the UI Enhancer, to insert many useful features and security enhancements to the existing user interface, filling in the gaps. Contact IdentityWorksLLC if…
Mysterious password changes in OIM 11.1.2.3 and newer
There is a strange behavior of OIM 11.1.2.3, which appears to still be present in 12c, that causes unexpected password changes on accounts. Specifically, all encrypted fields on a parent UD table are set to NULL on access policy evaluation, which triggers any Password Updated-type provisioning actions. These will typically fail, resulting in an open task, because…
Running Powershell via SailPoint’s IQService
When creating business logic for a connector in SailPoint IdentityIQ, it is sometimes necessary to run a Powershell script “out of band” (i.e. from a Workflow or Run Rule task). This is not well-suited to the Before/After model used by IQService connectors. In this article, I will go through how the IQService invokes Powershell and how…
Running SailPoint IIQ in Docker
At Navigate 2019, several people expressed interest in IDW’s containerized version of SailPoint IIQ, so here it is in publicly accessible form! I’ve been using this containerized version to do virtually all of my local development since I created it. It takes about two minutes to have a brand new IdentityIQ system up and running…
Automated OIM Configuration Deployments
A majority of organizations implementing Oracle Identity Manager (OIM) struggle with migration and deployment procedures. Migrating a newly developed connector often involves many manual steps, and can result in problems such as a missed deployment steps, importing wrong versions, etc. One solution to those problems is automation, where everything is stored and controlled in a…
OIM and Weblogic vulnerability
Weblogic and OIM are vulnerable to Java deserialization attacks over the network. This vulnerability was reported to Oracle in 2015 and assigned CVE-2015-4852. Oracle has released a series of patches to address the issue, but many systems continue to be vulnerable. The attack is easy and the steps are publicly available. An attack does not…
Creating an Identity System to handle Multi-valued attributes
Organizations in verticals such as Higher Education have requirements around multi-affiliation and multi-valued identity data. In this blog post we will look at how you can configure identity data in Oracle Identity Manager to meet the needs of Higher Education (or any organization with multi-affiliation and multi-valued identity data) without the need to make data…