[midPoint] new to IAMs -- general usage question

Jason Everling jeverling at bshp.edu
Wed Nov 4 15:29:18 CET 2015


I wanted to reply to this one,

"or if the roles, etc in the IAM are strictly for permissions *within* the
IAM system itself and not meant to have meaning to outside systems."

The roles,orgs,etc.. in midpoint can have meaning outside the system. A
role/org in midpoint can be used to manage groups and roles in external
systems, like LDAP groups or Unix groups and also generically.

JASON

On Wed, Nov 4, 2015 at 1:07 AM, Petr Gašparík <petr at gasparik.cz> wrote:

> Hi Jon,
> Main question is what do you want to achievr. :
> - do you want to manage existing users repositories across applications
> (with all those audits and reconciliations) - hence identity management?
> - or do you want to manage realtime access of users to the applications
> (with on the fly evaluation of risk profile etc)  -  hence access
> management?
>
> MidPoint is very strong and suitable for the first case. For second case,
> there are others systems in IAM ecosystem, like Apereo's CAS
>
> Regards, Petr Gašparík
>
> Dne st 4. 11. 2015 1:19 uživatel Jon V <sito.org at gmail.com> napsal:
>
>> hello. i have installed midpoint and played with it a little.  with all
>> its complexity and options, i am still not sure if it is what i want to
>> solve the problem i have.
>>
>> i have an application with a set of data which i want to allow various
>> types of access to, based upon set of criteria tied to the user.  i do not
>> wish to reinvent the wheel and write my own code to manage users, groups,
>> passwords, authentication, etc etc, so an IAM seems like a great idea.
>>  however, i am not clear about creating *arbitrary*
>> roles/permissions/groups that my *application* will need -- if this is
>> what an IAM is designed for?  (or if the roles, etc in the IAM are strictly
>> for permissions *within* the IAM system itself and not meant to have
>> meaning to outside systems.)
>>
>> any tips on a place for a newbie to get assistance on usage of IAM would
>> greatly be appreciated.  thanks!
>>
>> -jon
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
> --
> --
> Petr G.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
JASON

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151104/69328aa4/attachment.htm>


More information about the midPoint mailing list