SailPoint : Branding

I was going through a demo and architect of SailPoint IQ  having login  page with company logo.

It is not difficult to customized the UI in Sailpoint if you have the access to compass.

I was wondering how to do it without having a compass account. 

Here is how you can do it

Place your image in  folder apache-tomcat-8.5.24\webapps\identityiq\ui\images

I have placed my own photo :)

SAILPOINT: provisioning in Active Directory

SAILPOINT : This is project which is pursue side projects outside FIM/MIM/Azure AD connect..

After configuring or on board the Active Directory Application, the next we want  how to proviosnnig a new user in AD from Identity warehouse.I wanted to do this from quite some time.

This is not the best way to provisioning user in AD, however it will show what need to be done at basic level in provisoning, To be honest i find it very hard as I do not see much explanation and steps need to do it available  in open forum.

We will create two role 1) Entitlement 2 ) Business , these two role will help in understanding what need to be done, if we want to set up a real and complex provsioning in AD.

Navigate to "Setup" from drop down list select Roles.
Click on New Roles and select role
In Role Editor, select the Type "Entitlement".

Scroll down the page
In Entitlements, click ADD and select the application Active Directory.
From the option Add An Entitlement, select Group Membership and select the group,save and submit it.

Next follow the above steps and create a role with Business type.

In Assignment Rule. select Match List , Add Identity Attributes, In select Attribute we can select the attribute from Identity warehouse.In general we can select attribute tagged to multiple user, In this for example we want to provisioing a single user based on first name.

We have select the first name "Anne" and add the entitlement created above in it and submit it.

Navigate to task and run the refresh Identity cube and it will generate a form where we have to give the details of DN, sAMAccountName and password , After submitting the form the user will be provisioning in AD.

In Next Blog we will provisioning the user in AD without submitting the form.

Static classes in Powershell

Static in PowerShell is calling a method without creating instance of the object.
In Powershell it not always mandatory to create new function, there are many existing .Net build function can be used.

Eg. [Math] class

PS C:\> [math]::Sqrt(4)

2

To see all the static method associated with the class

PS C:\> [math] | gm -Static

Happy Learning

Powershell Script Security.

Sometime the script will not pass through the Compliance as you have hard coded the password information of account in the script and any one who have the access to the server can use it with GOD mode access, Many times to come out of the situation converted my scripts to exe and deployed it in Production, However there is a drawback know one cannot debug the scripts and about the functionality.What if you not there in the company anymore,It will be a nightmare to team who is managing it.

There is one way I am writing it here without converting the script to exe, however it is not a full proof security ,but to some extent you can hide the password information from the user.

Thanks ..

.. Year 2017

# I do not have my resolution yet this year, may be I am in comfort Zone
   I have to kick my ass and start working.

This year we are going to see a lot of transformation, It's good for all IT guys start embracing cloud technology.

I set my Goals today.

Azure AD connect.
Learn C# Programming
Azure
Office 365
                                                                       Anirban
---------------------------------------------------------------

Window Azure AD Connector : Group Membership.

Group membership of on-premise not sycing to Office 365.

Sometime the membership to the group on-premise will not match to the number of membership to the group in O365. There could be numerous reason the number will not match, are all the member to the group on-premise present in Azure AD ? 

If all the member to the group are present in Azure AD and still not member to the group in O365. check the membership of the group in  Azure AD and in EXO.

Determine the group member count in Azure AD

1.  Connect to MSOL (connect-msolservice)

2.  Run get-msolgroup -searchstring "GroupName" | foreach {(Get-MsolGroupMember -GroupObjectId $_.objectid.guid).count}

Determine the group member count in EXO

1. Connect to Exchange online shell
https://technet.microsoft.com/en-us/library/jj984289

2. Run (Get-DistributionGroupMember "GroupName").count

  If the count is different, there is no option left with us to fix it,Raise a case with Microsoft and they will sync the group membership at backend. 

Happy New Year to All .

FIM 2010 R2 to MIM 2016 InPlace Upgrade [ excluded service and portal ]

As most of our FIM infrastructure is in Server 2008 R2, It always a business decision whether we are doing in place upgrade or migrate it over to totally new Server 2012.

FIM 2010 R2 to MIM 2016 InPlace Upgrade [ excluded service and portal ]

1. Snapshot of VM
2. Back up of your database
3. .Net framework of 4 or higher is supported by MIM, if it is not there make sure it is upgraded to 4 or higher version.
4. Change the compatibility level of SQL to 100 using SQL Management Studio.
5. Backup the encryption key

 It is very important to back up the encryption key if you plan to use the existing database.  The reason for this is that the server configuration, extension DLLs and other vital information is stored in the database.  It will make life much easier in your migration upgrade.

6. Backup the extensions folder

 This is not absolutely necessary unless you plan to start with a clean database.  The extension DLLs are actually stored in the backend database as well as the extensions folder.  If you backed up the encryption key before moving or restoring the existing database from FIM, then these DLLs will be re-populated into the extensions folder.

 If for some reason you do not see the DLLs, then utilize your backup of the previous extensions folder to repopulate your Extensions.

7. Backup the source code.

Nowhere it is mentioned to uninstall the FIM , if you are doing a inplace upgrade you have to uninstall the FIM from Control Panel\All Control Panel Items\Programs and Features.

Once the FIM software uninstalled restart the server.

Navigate to the location of the Installation files for MIM 2016 Synchronization Service and begin the installation.

While installing point your SQL server instance to FIM Synchronization database of FIM and steps are same like FIM installation however the installer will discover the FIMSynchronization database and asked for the encryption key.After entering the Key it will start rebuilding your index and FIM will upgrade to MIM.

Please do test all your logic and upgradation in Test before moving to production.

All the Best..!!