This is a slightly updated picture from one I posted on twitter the other day. It’s an attempt to express my general view on high level “should be possible” integration conversations that get misunderstood as “clearly simple and straightforward and definitely happening”. In my mind I’m arguing against tightly-coupled integrations between disparate systems that do…
The perils of HR out-sourcing to an IAM solution
Over the years, I’ve been called in a few times when HR and/or payroll functions are being outsourced (or share-serviced, which is much the same thing), and this includes a migration to a new HR platform. Typically I have been brought in far too late in the proceedings when cost-cutting and service-simplification decisions have already…
How IDAM solutions cost you money
Anyone who’s been in the IDAM game for a while knows that IDAM solutions are hard to sell. We can be seen as pushing something customers “already have” – even though what they already have is a combination of manual process, scripts, inconsistent data and a tangled web of access “control” that no one really…
Portrait of a MIM project
I recently deployed a MIM 2016 solution into Production that took about 10 months to build, test and deploy. I decided to take a look at the percentage of overall time spent on broad work categories in the whole project, and that’s what this post is about. First I had to get the data on…
Role Mining, and why it’s a fantasy
Over the years I’ve had a play with a few role mining tools, and while I can’t claim that as any type of industry review, it did leave me with a general feeling that the whole concept is a fantasy. The main problem I have is that role mining assumes there is a logical structure…
Unable to get preview XML from server
Just had an odd issue with a small number of synchronised objects in a MIM 2016 Dev environment. The connector space objects in the HR MA had an “unexpected-error” reported in the Sync Service. When I try to preview sync one of the objects I get the following error: Unable to get preview XML from…
Error 0x8023060c when trying to delete a MA
I was trying to delete a CSV MA from a MIM sync service. The connector space was empty but all I got was the error “Unable to delete the management agent” and the code 0x8023060c. Nothing in the event logs at all. I was convinced it was something to do with the database and rolled…
Link to the SSPR Unlock page from the Edit User RCDC
The “Unlock User” page in the FIM/MIM Portal is entirely seperate from the main User management page – which is not especially user-friendly. This post shows a way you can add a personalised link to the User Edit page which, when clicked, takes the operator straight to the correct User Unlock page.
IAM Design Principle: Good design is simple to explain
Let’s start with a statement that can be made about any design: good design makes sense, it is coherent, it is self-evident and doesn’t need a lot of explanation. While a simple IAM solution would be a fine thing, the reality is that we must deal with complexity in technical connectivity, data, business rules and…
SQL MA Failed to retrieve the schema
This week I battled with an error from the OOB SQL MA for MIM 2016 (which I don’t think has changed at all from FIM 2010, and probably not earlier versions as well). The MA was working with a SQL database table on a server in another, non-trusting AD forest, and using Windows authentication. The…