Sun Microsystems' Sun Java System Identity Manager 7.0 Product Review - Information Security Magazine

Sun Microsystems' Sun Java System Identity Manager 7.0 Product Review

IDENTITY MANAGEMENT


Sun Java System Identity Manager 7.0
REVIEWED BY BRAD CAUSEY

Sun Microsystems
Price: $50 per user

@exb

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.
@exe

Sun Microsytems' latest ID management solution unifies its user provisioning and auditing products, providing an impressive level of integration and functionality in a single package. Sun Java System Identity Manager 7.0 is a complete solution that allows an enterprise to use a single console for a multitude of ID management tasks, including role delegation, password synchronization, automated provisioning and compliance auditing.


Configuration/ManagementB  
Setup was somewhat lengthy, although not difficult; a minimum installation required a dedicated server, JRE, JDK, Tomcat and MySQL. Large enterprises will need robust hardware and software components (all major databases and application servers are supported). The documentation is thorough and well written.

User data sources are added via agentless connectors. Among the supported sources, which Sun calls resources, are RSA products, BlackBerry Enterprise Server, Remedy, PeopleSoft, Siebel and all database servers. Supported resources can be added in a few simple steps, and others can be accessed through generic connectors, or custom built through the API. Sun has integrated SPML to allow for nearly any type of integration, including Web applications, which generally present a huge challenge because of their distributed nature.

Most of the common primary identity stores, such as Active Directory, require that at least one Sun Identity Manager Gateway be installed. The Gateways make Identity Manager very scalable; you add as many Gateway servers as you need.


Policy ControlA  
Policy and audit is where Identity Manager really shines. By integrating fully functional auditing capabilities into the standard interface, it allows you to provision a new user for Active Directory, RACF and Oracle, and compare the access given to current policies. If there are any violations, provisioning is automatically escalated for approval based on a process you define. You can even periodically audit existing identities for policy violations.

Delegation of duties reduces cumbersome management overhead.


EffectivenessA  
Sun has done an impressive job in furnishing a comprehensive ID management solution for the large enterprise, providing fast and effective linking of users to identities. In addition to the great administration features, it handles user interaction very well. Users can easily log in to Identity Manager to handle password resets and requests for resource access. Automatic resource discovery allows a simpler approach to adding and configuring identity stores, while ID consolidation helps link various user accounts throughout the enterprise. Information from ID stores can be reconciled, eliminating inconsistencies and reducing errors.


ReportingA  
Identity Manager handles all major reporting functions--getting the data, formatting and moving it--remarkably well. Clicking on the reports tab in the management interface provides access to canned reports, and you can also easily create very flexible custom reports.

Reports can be scheduled, cloned, downloaded or emailed in PDF or CSV format, or viewed in real time in a custom-built dashboard.


Verdict
Sun Java System Identity Manager excels with agentless connectors, scalability and amazing auditing.


Testing methodology: Our lab included two Active Directory domains and one OpenLDAP tree. User accounts were enumerated from various sources, including MySQL and SQL Server, Web applications, and various client-server applications. User roles such as administrators, power users and end users were created to test access controls.

This was first published in March 2007