M-Tech Simplifies Discovery of User IDs Across Disparate Systems
February 24, 2004 Alex Woodie
One of the trouble spots when implementing identity management systems is user ID discovery. It takes a lot of work to sort out the different user IDs that people use to access disparate systems. M-Tech Information Technology has a new product that automates much of this user ID discovery process, while providing an upgrade path to its full ID-Synch user provisioning system. M-Tech is also developing new OS/400-specific capabilities in its P-Synch password synchronization software.
Identity Management Suite Version 3.0, launched earlier this month, includes two new components, ID-Discover and ID-Access, as well as the two core components, P-Synch and ID-Synch. Version 3.0 also includes a new release of ID-Synch, while P-Synch has a minor patch upgrade.
ID-Discover can alleviate a fair amount of uncertainty before an implementation of the full user provisioning software, ID-Synch, according to M-Tech’s senior product manager, Bruce MacDonald. “One of the main things organizations need to overcome in implementing a user provisioning system is the disparate names in use across the target systems,” MacDonald says. One system could use JSmith, one might JS123, while another refers to JohnSM. “They’re all referring to John Smith, but there’s never been the meta-data layer for that one person.”
ID-Discover is a Web-based component of the existing ID-Synch product, available separately and at a reduced price, compared with ID-Synch. It allows an organization to get started with user provisioning by discovering all user IDs being used, including those used to access OS/400 servers. The software can be used by the users themselves or by the systems administrator, and also reports on access privileges and “orphaned” accounts. “It makes it very easy to correlate the IDs and manage them as an entity, instead of having 15 user IDs across the systems,” MacDonald says.
ID-Access, which also works with ID-Synch, brings completely new functionality to the IDM suite. ID-Access shows users what level of access privileges they need to access certain documents. For example, users may find they need “write” access to open a certain document; whereas other documents may only require “read” privileges. At this point, ID-Access only supports Windows shares and Active Directory, but there’s no reason why it couldn’t support other platforms, such as OS/400, if there’s customer demand, MacDonald says.
M-Tech has supported OS/400 with its password and user management software for some time, and a sizable number of its 400 P-Synch users–which provides password synchronization for 4 million users–require access to OS/400 applications. M-Tech provides two methods for accessing OS/400 passwords and provisioning users on AS/400s and iSeries: one that installs Client Access on the central Windows-based P-Synch or ID-Synch server, and one by using Telnet software. Most M-Tech customers choose to use the Client Access method, which is easier.
The Calgary, Alberta, company is currently working to enhance password synchronization on the iSeries, per a customer request, MacDonald says. Currently, OS/400 servers can only function as a target for password changes; whereas Windows and Unix systems can function as an instigator of password changes. The enhancement will allow password changes made on OS/400 systems to be propagated to other systems in the P-Synch network. This change is expected to be made generally available in a minor release of P-Synch early in the second quarter.
M-Tech’s IDM 3.0 is available now. The company did not disclose pricing. For more information, go to www.mtechit.com.