Data Standardization and the User Management Resource Administrator

Tools4ever’s  UMRA (User Management Resource Administrator) automation module is a powerful solution to synchronize two different directory services together.  In a typical automation project, we decide that one of the systems is the authority.  This is what we refer to as a one-way sync.  Information is pushed down from one system to the other.  Typically we are working with a student information or HR system as the source data and pushing down to Active Directory. 

 

One of the very first steps in accomplishing this synchronization is data standardization.  That is, how would the UMRA  identify that user with student ID 12345 is actually John Doe in OU A?  The answer is we must establish an anchor between the two systems.  The best way to go is usually the employee or student ID number in the information system.

When we begin development, we need to do our best to populate the existing user accounts in Active Directory.  This can be a time consuming task if it were not for the UMRA.  A standardization project can be developed to first search AD based on first name and last name, and perhaps some other identifying information to then populate the AD account’s employeeID LDAP attribute.  This should get us about 90-95% of the way there.  There are always a few that we may not be able to match up.  In that case we would need to either manually update them, or create a CSV file with ID number and username and run that through a quick mass update.

Now that we have established an anchor between the information system and Active Directory, we can proceed in developing the rest of the automation process.  This anchor ensures that no duplicate accounts are created and that we have matched up the correct person with the correct AD account.

One final note, always remember to back up your UMRA projects!

Extracting data from Skyward with the UMRA

The User Management Resource Administrator (UMRA) has a powerful script action called the Generate Generic Table action.  This action is responsible for reading from various sources of data.  There are three main choices; Database query, File (text, csv), or an LDAP Query.  When working with an information system such as Skyward, we choose the Database query option.

Before you are able to configure the generic table, you must make sure that you have the proper ODBC driver in place.  Skyward utilizes the Progress OpenEdge driver.  This must be purchased and licensed from Skyward. 

When configuring the generic table, we need to then select the DSN connection that is in place to connect to either the Finance or the Student database depending on your scope.  We typically set up two separate automation projects, one for staff and one for students.

Be sure to enter the user name and password for the account that has rights to run select statements to the Skyward databases.

From there the next step is to write a select statement that pulls the correct information that you need to perform a sync with Active Directory.  Once your statement is set, you now have the information in the table ready for your For-Each action.  Some of the columns we are after for staff accounts are:

NAME.NAME-ID

NAME.LAST-NAME

NAME.FIRST-NAME

NAME.MIDDLE-NAME

BUILDING.HAABLD-DESC

This is only a small example of the information available in Skyward.  Depending on your goals for the sync, you may need to pull more information.

Your Identity Management Strategy: What’s on the Menu?

Identity Management projects have a reputation for being long, costly and technically complex. What if the benefits of an Identity Management strategy could be yours while staying within the limits of your budget, including overhead that goes with technically complex projects?
 

Thanks to hundreds of Identity Management projects managed by their technical consultants, Tools4ever has been able to create a number of Identity Management best practices, aiming at achieving the maximum result with the minimal effort. 

One best practice is establishing a real Identity Management maturity model. Another result is an Identity Management à la carte menu, demonstrating Tools4ever’s capacity to deliver point solutions as well as an integrated Identity Management approach.

Here a few examples of the Identity Management à la carte menu of solutions that have been implemented. (The estimated implementation time refers to average size organizations of about 2000 users.):

•              Delegation and tracing of the management of all user accounts and their resources (2 days);

•              Synchronization with HR system (2 days);

•              Identity Management Self Service Portal and Workflow Management (5 days);

•              RBAC - Role Based Access Control level 1 (3-5 days);

•              Web portal for auditing and managing NTFS rights or Group Management (2 days);

•              Single Sign-On for your 10 main applications (3 days);

•              Self Service Password Management (1-3 days);

•              Password Synchronization (1 day).

Interested? What are you having? Visit http://www.tools4ever.com/to learn more about our solutions and how they may help you achieve your Identity Management goals.