Community Tip - Did you get an answer that solved your problem? Please mark it as an Accepted Solution so others with the same problem can find the answer easily. X
Is there anyway we can integrate Integrity with a non AD identity management services?
Thank you
Binesh Kumar
Barry Wehmiller
Solved! Go to Solution.
Hello Binesh Kumar,
Thanks for asking this question. It comes up through normal channels, but often not until organizations need it now.
You're almost correct. We specifically only support SSO with Windows Kerberos (AD). There are numerous feature requests to support other single-sign on authentications, and other identity management services, but they have not been implemented. Requests for implementation reflect demand, and so have some impact on what gets implemented. Anyone interested in other sign-on possibilities, please contact Support to have your organization added to the appropriate feature(s).
Regards,
Kael
Hello Binesh Kumar,
Thanks for asking this question. It comes up through normal channels, but often not until organizations need it now.
You're almost correct. We specifically only support SSO with Windows Kerberos (AD). There are numerous feature requests to support other single-sign on authentications, and other identity management services, but they have not been implemented. Requests for implementation reflect demand, and so have some impact on what gets implemented. Anyone interested in other sign-on possibilities, please contact Support to have your organization added to the appropriate feature(s).
Regards,
Kael
Thank you Kael.
We are looking at an identity solution now. We are looking at this now - Identity & Access Management Solutions | NetIQ
One more thing is , we are not able to get a report from Integrity that shows the users who haven't logged in like 90 days, do you know how to get this information?
Thank you
Binesh Kumar
Barry Wehmiller.
Hi Binesh Kumar,
Interesting. Please make sure you mention that particular solution in your request.
You should also call in to have your organization associated with CS91906. You need to open a case with Support for that as well. It's not currently possible.
Regards,
Kael
Thank you, Kael.
I went through the CS and it looks like there an option using PSM. Looking at the "All Actions by Users" > Splittings Column, I think we can use in conjunction with excel functions to get this information out. I will test this option and update you.
Thank you for all your help
Binesh Kumar
Barry Wehmiller
Binesh,
Here is what we experienced using those reports in PSM. We used the concept of identifying active users based on last 90 days login. We compared server.log login messages with PSM generated list and they do not match, on a day where there are 70 users logged in as per server.log, PSM reported 0 users logged in. Most other days matched with what we saw in logs so it's inconsistent. Issue seems to the related to collector - server connectivity but we didn't narrow down a root cause.
-Vallabai
Thank you, Vallabai. That makes sense, given that we have a consistent connection between PSM Server and Integrity, we should see accurate results.
Thank you
Binesh Kumar
Barry Wehmiller
Yes, this will work. In order to get the 'negative' list of users (those who did not login during that 90 day timeframe), you will need to compare that list of users from PSM against the entire list of users in the Integrity system:
aa users > userlist.txt
You can put that second list into Excel as well, remove duplicates, and you should be left with those users who have not performed a login.