Archives

Project: IAM
Client:   Retail Group
Technology: Keycloak

Description: SRG web applications are protected using Keycloak. Multiple layrers of authentication and multiple forms of authentication are configured for SRG- 2 Factor Authentication. SRG has training portal. Partner company employees get also access to training Portal which is made possible by implementing OpenID Federation b/w SRG and Partner company.

Technical

  • Installed and configured Keycloak environment .
  • Set up SSO among multiple applications.
  • Implemented multi factor authentication for specific roles.
  • Implemented OpenID Federation between keycloak and Site Minder.
  • Implemented OAuth Federation to enable Socail Sites Signp such as Twitter, LinkedIn etc.
  • Pass user attributes to application.
  • Supported application RBAC by passing user role information in token.
  • Configured Global Logout. o Implemened OAuth Federation to enable Socail Sites Signp such as Twi

Project: IAM
Client:   Retail Group
Location: Brisbane, Australia
Technology: SailPoint IIQ

Description: As part of Client’s Data Center Migration project, several custom applications were developed to client to facilitate smooth migration. The IAM solution automates identity management among these custom applications and client existing applications.

Deliveries: 

Technical

  • Requirement Gathering and Analysis, Solution Design.
  • Installed and Configured SailPoint IIQ
  • Configured HR Feed using csv File as a source.
  • Configured User Provisioning, Group Provisioning, Correlation with LDAP, JDBC.
  • Extended Identity Attributes, Customized UI with extended attributes
  • Configured Life Cycle Events and Business Processes
  • Configured Role Mining and different roles such as IT Role, Business Roles etc
  • Configured standard, group based and population based reports
  • Configured standard, group based and population based certifications.
  • Configured Account Policies, Role SOD Policies and Entitlement SOD policies.

Project: Finance Company
Location: Belgium
Technology: CA Identity Manager, CA Identity Portal

Deliveries:

CA Identity Manager/CA Identity Portal

  • Designed Screens for user front-end.
  • Implemented Approval workflows.
  • Configured numerous Policy Xpress Policies.
  • Developed LDAP connector in accordance with client requirements.

     Custom Code(CA API Programming):

  • Developed a PDI(Pentaho Data Integration) script which inputs Ethias roles excel file and produce xml files.  These xml files are  imported in Identity Manager to create/update Admin/Provisioning roles.
  • Above generated xml files can be imported in Identity Portal to create/update Entitlement tree.
  • Developed PowerShell script to load bulk objects in IDM using etautil commands.
  • Developed Custom Participant Resolver Adapter in Java.
  • Developed BLTHs, Field Level Validations, Screen Level Validations, Event Listeners etc.

 CA Single Sign On:

  • Installed and configured SSO environment using silent(unattended) installation
  • Utilized advanced components like CA Directory Management Server, One View Monitor etc.
  • Developed Custom authentication Schemes to support multi factor authentication.
  • Integrated SSO with Open ID
  • Implemented Federation with Salesforce

Project   :      eEmployee
Location   :  Oslo, Norway)
Client   :         PSU
Technology   : Oracle Identity Manager

Description: PSU is a Nordic mail and logistics group that delivers complete solutions within postal services, communications and logistics. eEmployee is  IAM system using OIM, OAM and OIF. OIM will create, maintain and revoke user accounts and privileges for employees automatically based on information stored in Posten’s employee master data system. OIM handles following systems: Oracle ERP, OEBS.HR, Oracle Apps, AD, Exchange and OID.

Deliveries:

  • Configured Provisioning and Reconciliation workflows, auto-provisioning.
  • Monitored, tested and Fixed reconciliation issues and used Reconciliation Manager, Recon Archival Utility in monitoring/fixing some issues.
  • Implemented email notifications in different cases like creation/termination/rehire of users using Email Definition
  • Used OIM utilities like Recon Archival Utility, Audit Archival and Purge Utility, FVC utility
  • Created functional specifications and Technical specifications Documents, test cases.
  • Developing scheduled tasks, adapters, event handlers in java to integrate with OeBS.HR, MS Active Directory, MS Exchange Server, OID

Project  : CA IDM
Location  : Onsite(Oslo, Norway)
Client  : Bank Group
Technology   :CA Identity Minder, CA SiteMinder
Description: Bank Group is a union of different banks of Norway having different processes established across different locations which shares IT infrastructure like AD, Exchange, ACF2, Oracle FD Front etc. IDM project manages the identity management processes across all these banks in a single environment.

Deliveries:

  • Set up Central Environment such as Identity minder in integration with Site Minder, Provisioning Components, Directory Server etc.
  • Created CA Directory router towards Client AD and set it as authentication directory.
  • Design and implemented Delegated Administration and UI for different administrators/end users, request/approval workflows, email workflows etc.
  • Integrated standard endpoints such as  AD, Exchange , ACF2.
  • Integrated dynamic endpoints such as Oracle FD Front , Generic Mail Connector
  • Implement Customization in Java, JavaScript such as BLTH, Event Handlers, LAH etc.
  • Configured Report server with IDM.
  • Implement Business Logic such as in Identity Policies, Policy Xpress etc.

Project  CA-IAM
Client  :  Power Company
Technology  : CA Identity Minder, CA Site Minder, CA Control Minder

Description: RSEB consists of several hundred of technical and managerial personnel. Earlier, fulltime system administrators was managing numbers of manual processes for access rights, billing, audits etc. The IAM Suite delivers unparalleled reliability, availability scalability by combining CA Identity Manager and CA SiteMinder WAM into a single IAM solution —

Deliveries:

Identity Minder:

  • Created Endpoints for Database Tables/Procedures, Web Service, AD, Exchange etc.
  • Implemented Reverse Sync mechanism using Reverse Sync Policies for different endpoints
  • Implemented approval workflows for Reverse Sync Policies, Users creation, Roles assignments etc.
  • Implemented High Availability in Cluster’s Provisioning components.
  • Implemented IDM Data Replication between DC and DR.
  • Implemented Business Logic using Identity Policies, Policy Xpress, BLTHs, LAHs, JavaScript validations, Event Handlers etc.
  • Troubleshooting Identity Manager issues related with any of IDM components.

Project : SSO Upgrade
Location : Oslo (Onsite, Offshore)
Client  : Railway Company
Technology : CA Single Sign On, CA Access Gateway

Description: Internal web applications are protected using CA SSO. SSO’s Existing solution version turned obsolete with time. The scope of SSO upgrade project is to configure new SSO environment in parallel to old environment, with latest version and enhanced features and then migrate all Prod applications from old to new environment.

Deliveries: 

 CA Single Sign On:

  • Made CA SSO environment up and running, Integrated applications with CA SSO and CA Access Gateway, Performed Unit Testing, Migrated between different environments and prepared Documentation.
  • Single Handedly Installed and configured SSO environment using silent(unattended) installation.
  • Configured Custom Authentication scheme to support OTP based multi factor authentication.
  • Configured Custom authentication scheme using Open ID Template. Protected client application using Open ID.
  • Protected applications using CA Access Gateway: Configured Virtual Hosts, Proxy Rules, Imported Backend applications’ SSL certificate in CA Access Gateway etc.
  • Configured CA SSO Domains and applications.
  • Integrated CA Identity Manager with CA SSO.
    • Configured internal links to access CA IDM.
    • Protected CA IDM Internal Link with Windows Native Authentication to facilitate direct access from user’s own machine.
    • Protected CA IDM Internal link using Form Based Authentication to facilitate access outside user’s own machine.
  • Migrated configuration from one environment to another.
  • Performed Unit Testing.

 

 

 

Project:           Telecom Company
Client:              Telstra
Location:        Melbourne, Australia
Technology:   Oracle Identity Manager

Description: The Retail Identity and Access (RIDA) initiative has been initiated to centralize and improve the management of partner’s user identities and their access to external facing  applications. To enable these capabilities new technology is being deployed consisting of Oracle Identity Manager.

Deliveries:

Technical:

  • Developed various Pre Process, Post Process, Pre Update, Post Update event handlers and scheduled jobs
  • Developed CustomUserNamePolicy to automate UserId creation.
  • Developed various custom Notifications-creating new events, creating templates, event handlers to trigger templates.
  • Developed Email validation For  New User  Activation  and Email Modification of existing users
  • Manage OIM Integration with various applications such as Siebel, OID, Retail Live.
  • Developed Generic Live connector for initial load to reconcile users from flat file.
  • Developed custom connector Position to provision secondary position in Siebel.
  • Implemented screen customizations using Managed Beans

Project: Sailpoint IDM
Client: Hotel Chain
Location: United States
Technology: SailPoint IIQ

Hotel Chain Group comprises of four IBUs. Developed IDM solution for customer which
manage users’ life cycle, entitlements, workflows for its employees and contractors across all these IBUs.

Deliveries: 

Technical

  • Requirement Gathering and Analysis, Solution Design.
  • Installed and Configured SailPoint IIQ
  • Created custom Quick links.
  • Created Custom Workflows, approval levels, approval forms.
  • Created Rules to manage Work Items, Access Requests, Provisioning Rules etc.
  • Configured User Provisioning, Group Provisioning, Aggregation with LDAP, JDBC, delimited file.
  • Extended Identity Attributes, Customized UI with extended attributes
  • Configured Role Mining and different roles such as IT Role, Business Roles etc
  • Configured standard, group based and population based certifications.
  • Configured Account Policies, Role SOD Policies and Entitlement SOD policies
  • Implemented Business Logic using Life Cycle Events, Business Processes.