Hi Oleg,
thanks for your interesting mail.
Il 27/01/2016 09:12, Oleg Suslov ha scritto:
Hi All!
Is it possible to get best practice for typical middle range organization?
It means:
·My organisation have about 5000 employees now
With this amount of users should be sufficient a single installation
mode to achieve your requirements with good performance, but if you want
also an high availability environment you need to install a cluster.
·Active Directory as a storage of authentication and authorization
information (Identity Store)
You only have to configure an Active Directory resource with the Active
Directory bundle [1] [2] to link the Syncope core with your AD.
·HR system (“1C”, Russian standard for HR systems)
Here two choices:
*) You have to configure an HR resource using the DB bundle [3];
*) You have to configure an HR resource with a custom connector (to
develop from scratch) based on, for example, the REST layer of the HR
system (if it has one).
I want to get more step by step recommendation, how to implement
Syncope as Provisioning Engine and Identity management.
At list:
·Automatic create accounts in Active Directory for new employees
You can still follow [2] to achieve your requirements.
·Automatic grant permission depending on the position and division of
employee
Can you provide more details about this requirement? Because I don't
understand which kind of grant you have to manage, anyway the idea is to
use the Syncope role to check the position and division.
·Approval process to grant additional permision
Maybe last ML discussion [4] could help you in this case. Remember to
read also [5].
·Audit & Report to find exception in access management process
Syncope provides a complete and exhaustive tool to manage the reports
and the audit, but also in this case, I need more information. What do
you mean with access management process?
One of my problem is documentation is not actual.
For example I read how to configure Active Directory resource
(https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+an+Active+Directory+resource),
but there is no “Resources tab” in my Syncope stand (version 2.0.0-M1).
You are right, because the 2.0.0-M1 release is NOT production ready. We
are working to close the last console issues and writing the
documentation to align the latter with the 2.0.0 release.
My suggestion is: the 2.0.0 release is a wonderful one because it has
several new features [6], so if you have time to wait the new release
and you need something provided by the 2.0.0 and not provided by the 1.2
you can wait.
But, IMHO, I think you can already achieve every your requirements with
the 1.2 version and the actual documentation.
Can someone help me, pls?
I hope I was helpful but, as I wrote above, I would like to have more
information about your requirements and your environment to be more useful.
Regards,
Massi
[1] https://github.com/Tirasa/ConnIdADBundle
[2] http://blog.tirasa.net/configure-active-directory-external-resource.html
[3] https://github.com/Tirasa/ConnIdDBBundle
[4] http://www.mail-archive.com/[email protected]/msg01363.html
[5] http://blog.tirasa.net/approval-process-syncope.html
[6]
http://syncope.tirasa.net/news/apache-syncope-2.0-resource-management.html
Best regards,
Oleg Suslov
Head of Audit and Control Information Systems Team
Information Security Department
Lamoda | Letnikovskaya 10, bldg. 5 | Moscow | Russia
+7(495) 640-80-65, Ext. 3241
+7(915) 022-84-82
Skype:oleg.suslov
www.lamoda.ru <http://www.lamoda.ru/>
Download our FREE App!
http://i59.tinypic.com/5n6q7n.jpg
<http://app.adjust.io/vsrgp5?deep_link=lamoda://ru&fallback=http://www.lamoda.ru/apps/?utm_source=nl&utm_medium=em&utm_campaign=external_mails>http://i59.tinypic.com/1608l75.jpg
<http://app.adjust.io/buqyv2?deep_link=lamoda://ru&fallback=http://www.lamoda.ru/apps/?utm_source=nl&utm_medium=em&utm_campaign=external_mails>
__________________________________________________________________________
CONFIDENTIALITY NOTICE: The information contained in the present
message (including any information contained in attachments herein)
may be confidential and privileged. It may be read, copied and used
only by the intended recipient. If you have received it in error
please contact the sender (by return e-mail) immediately and delete
this message. Any unauthorized use or dissemination of this message in
whole or in parts is strictly prohibited. Print this message only if
sharp necessary.
УВЕДОМЛЕНИЕ О КОНФИДЕНЦИАЛЬНОСТИ: Информация, содержащаяся в настоящем
сообщении (включая любое вложение) может быть конфиденциальной и
охраняться действующим законодательством. Сообщение может быть
прочитано, скопировано и использовано исключительно лицом, которому
сообщение предназначается. Если Вы получили настоящее сообщение по
ошибке, пожалуйста, незамедлительно сообщите об этом отправителю
(ответным письмом по электронной почте). Любое несанкционированное
использование или распространение информации, содержащейся в настоящем
сообщении в целом или в части, строго запрещены. Не распечатывайте
настоящее сообщение, если в этом нет крайней необходимости.
--
Massimiliano Perrone
Tel +39 393 9121310
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
"L'apprendere molte cose non insegna l'intelligenza"
(Eraclito)
