Focus: Identity management
Product: Sun Java System Identity Manager 7.0
Vendor:Sun
Microsystems
Price: $50 per user
Sun Microsystems' latest ID management solution unifies its user
provisioning and auditing products, providing an impressive level
of integration and functionality in a single package. Sun Java
System Identity Manager 7.0 is a complete solution that allows an
enterprise to use a single console for a multitude of ID management
tasks, including role delegation, password synchronization,
automated provisioning and compliance auditing.
Configuration and management: B
Setup was somewhat lengthy, although not difficult; a minimum
installation required a dedicated server, JRE, JDK, Tomcat and
MySQL. Large enterprises will need robust hardware and software
components (all major databases and application servers are
supported). The documentation is thorough and well written.
User data sources are added via agentless connectors. Among the
supported sources, which Sun calls resources, are RSA products,
Blackberry Enterprise Server, Remedy, PeopleSoft, Siebel and all
database servers. Supported resources can be added in a few simple
steps, and others can be accessed through generic connectors, or
custom built through the API. Sun has integrated SPML to allow for
nearly any type of integration, including Web applications, which
generally present a huge challenge because of their distributed
nature.
Most of the common primary identity stores, such as Active
Directory, require that at least one Sun Identity Manager Gateway
be installed. The Gateways make Identity Manager very scalable; you
add as many Gateway servers as you need.
Policy control: A
Policy and audit is where Identity Manager really shines. By
integrating fully functional auditing capabilities into the
standard interface, it allows you to provision a new user for
Active Directory, RACF and Oracle, and compare the access given to
current policies. If there are any violations, provisioning is
automatically escalated for approval based on a process you define.
You can even periodically audit existing identities for policy
violations.
Delegation of duties reduces cumbersome management overhead.
Effectiveness: A
Sun has done an impressive job in furnishing a comprehensive ID
management solution for the large enterprise, providing fast and
effective linking of users to identities. In addition to the great
administration features, it handles user interaction very well.
Users can easily log in to Identity Manager to handle password
resets and requests for resource access. Automatic resource
discovery allows a simpler approach to adding and configuring
identity stores, while ID consolidation helps link various user
accounts throughout the enterprise. Information from ID stores can
be reconciled, eliminating inconsistencies and reducing errors.
Reporting: A
Identity Manager handles all major reporting functions -- getting
the data, formatting and moving it -- remarkably well. Clicking on
the reports tab in the management interface provides access to
canned reports, and you can also easily create very flexible custom
reports.
Reports can be scheduled, cloned, downloaded or emailed in PDF
or CSV format, or viewed in real time in a custom-built
dashboard.
Verdict
Sun Java System Identity Manager excels with agentless connectors,
scalability and amazing auditing.
Testing methodology
Our lab included two Active Directory domains and one OpenLDAP
tree. User accounts were enumerated from various sources, including
MySQL and SQL Server, Web applications, and various client-server
applications. User roles such as administrators, power users and
end users were created to test access controls.
This review originally appeared in the March 2007 edition of
Information Security magazine.