Okta has some choice words about ADFS in this recent post. I always felt that if you can’t say anything nice… don’t blog about it.
Jackson Shaw points out that the operative four letter word is FREE.
Claiming your product is better than a free product is a losing argument. A better approach is to make a product that co-exists with, and extends, a free product.
That’s where VIS and VIS Fedaration come in. ADFS is a great tool for a lot of enterprises. But for some enterprises it needs a little help. The OptimalIdM products work side by side with ADFS and AD and extend their capabilities.
[Full disclosure: I am an employee of OptimalIdM]
I recently saw two polar opposite recommendations; one from Jeff Atwood begging you to not write code; and one from Radovan Semančík suggesting that the only practical software to use is open source software that you can fix as needed.
Obviously Radovan’s approach is not a scalable one. While there are a lot of terrible software products out there, especially in the enterprise space, there are also a lot of good ones that just work. Limiting yourself to coding solutions is a waste of time that most companies won’t pay for. Also Radovan’s solution limits you to open source solutions implemented in a language you are familiar with.
At the same time there are some problems that just need a coding solution, or are best solved that way.
For enterprise solution I am going to thread the path between Jeff’s Scylla and Radovan’s Charybdis by posing these questions:
- How much coding should be expected to implement an enterprise solution?
- How can you find enterprise solutions the works well enough you don’t need the source code or extensive customizations?
An enterprise solution that requires you to write code or scripts to do basic functionality is not well designed, in my opinion. Coding or scripting should only be required wheen the functionality needed is unique to a specific deployment (or too uncommon enough to be a main feature of the product). This is a core philosophy at OptimalIdM as well. Although the VIS virtual directory does support .NET plug-ins, most of our customers never need one. When we have seen the need for plug-ins in the past we looked for a common feature that could be added to the product.
So not having to write code one measure an enterprise solution’s quality. Here are some others:
Ease of install – they say you only get one chance to make a good first impression and install time is it for enterprise software. If your vendor is telling you that you need consulting hours just to install the software, it’s not going to get better from there.
Ease of use – requiring training to use enterprise software is a bad sign. Did you have to have training to use your browser or word processor? Enterprise software should be like that.
Stability – once installed and configured the software should just work. Baby-sitting should not be required. And if you really need two weeks of work or the source code to figure out why your solution stopped working, you made a poor vendor choice.
So go ahead and write code, but only when you have to.
OptimalIdM has announce support for Microsoft WIF (you can get more info here). What they have done is pretty interesting. The have created an STS that front ends their Virtual Directory. This allows a single STS to be used to issue claims against multiple identity stores.
Of course the main use case here is the multiple AD forest scenario, but it could also support disparate identity stores such as other LDAP directories, databases, etc.
[Full disclosure: I have done consulting work for OptimalIdm in the past.]
Posted in AD, Identity, Identity Bus, Standards, Virtual Directory
Tagged AD, ADFS, Federation, Identity, OptimalIdM, Virtual Directory, WIF
OptimalIdM just announced their latest offering, the Virtual Identity Server for Enterprise Group Management. This product solves a very specific pain point for many enterprises: synchronizing user membership in AD groups based on external identity information. Their product integrates with Microsoft ILM and is also available as stand-alone service.
I am going let my inner comic book geek out for a moment. In both DC and Marvel Comics there was an archer super hero (Green Arrow and Hawkeye respectively). These heroes not only had the ability to hit any target with unerring accuracy, they also had a quiver of specialty arrows that met specific needs. Arrows that delivered an electric shock, spread entangling nets, exploded, whatever was needed.
OptimalIdM seems to be turning into the Green Arrow/Hawkeye of IdM Vendors. In addition to their Virtual Directory, they have been busy rolling out a cool quiver of point solution arrows. You need AD group membership management, they have an arrow for that. You need to deploy SharePoint across multiple siloed forests, they have an arrow for that. Need to deploy an application that requires AD schema extensions your AD group won’t put in, they have an arrow for that too.
Afterall, who really needs the Hulk when a less destructive solution is at hand.
[Full Disclosure – the founders of OptimalIdM are former coworkers of mine at OpenNetwork Technologies.]