Thor thunders over user provisioning tasks

Up there with authentication and authorization, account provisioning is one of the big three components in any identity management  scheme. In our Clear Choice test of Thor Technologies' latest version of Xellerate Identity Manager (8.01), we found that the platform provides flexible account provisioning across a multitude of products and technologies, supporting even the most complex of workflows.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Up there with authentication and authorization, account provisioning is one of the big three components in any identity management  scheme. In our Clear Choice test of Thor Technologies' latest version of Xellerate Identity Manager (8.01), we found that the platform provides flexible account provisioning across a multitude of products and technologies, supporting even the most complex of workflows.

At its most basic level, provisioning software helps automate the creation of user accounts. The processes and workflows a company uses to create, assign, approve, and audit user accounts all can be managed through this type of software.

Workflows can be configured to automatically create Active Directory, PeopleSoft and Lightweight Directory Access Protocol (LDAP) accounts for new employees from one administrator screen once some basic information about the new user is entered. This greatly improves efficiency by drastically shortening the amount of time it takes to create new accounts or modify current user groups. The provisioning process also can include approvals, such as requiring manager approval before the new user accounts are created, making a central provisioning server key for audit compliance.

Xellerate's architecture comprises the Xellerate Server, an administrative console and a database. The Xellerate Server is the central component of the product, providing the intelligence to implement the configured processes and workflows. It enables the integration with external resources such as LDAP, Web services and custom applications . The administration console includes a Java console application, a Web front-end accessible through a browser, or a custom application built on the API. The database, usually Oracle, but SQL Server also is supported, contains all the processes.

Xellerate is very flexible, supporting simple and complex account maintenance workflows. This flexibility lets organizations implement provisioning around current processes.

Integration support is provided through resource adapters - pieces of code that run inside the server - for a number of enterprise products, including SAP, PeopleSoft and Active Directory. The resource adapters let the Xellerate Server communicate and control how applications create accounts or modify attributes of current accounts. These resource adapters could just be directly writing user information to an LDAP database or making a specific user account function call through an API to make the change. Custom resource adapters can be developed for nearly any application using Thor's developer kit.

We installed Xellerate on a Windows 2000 Advanced Server running Jboss - an open source Java 2 Platform Enterprise Edition application server - and Oracle as the database back end (see How We Did It ). We integrated with Active Directory, Exchange Server 2000, and a SunOne LDAP server.

Xellerate is a complex product with a relatively steep learning curve, although it is pretty intuitive once you understand the basics. We would like to see some configuration wizards help with the integration and creation for new users.