Search This Blog

Sunday, June 21, 2020

Frequently asked questions in IAM job interview

Below are list of questions asked these days in IAM interview. Normally, the interview process depends on what product specialization you have mentioned in you resume. Here i am trying to cover most general questions including Sailpoint, Okta, Forgerock, Ping, Oracle.

General -
  • What is identity and access management (IAM) ?
  • What is cloud identity management and tell us some example ?
  • What is SSO ? Have you done SSO integration by using any product ?
  • What is role based IAM model and how you can implement it by using any IAM product ?
  • What is identity or digital identity ? Explain with example ?
  • What is authentication ?
  • What is authorization ?
  • What is difference between authentication and authorization ?
Sailpoint IIQ -
  • Which product you have worked on and on which version ?
  • What is identity governance in Sailpoint ?
  • What all capabilities IIQ provides ?
  • What are IIQ default urls ?
  • What is life-cycle manager ?
  • What is compliance manager ?
  • Do you have any experience in IdentityNow ? what is major difference between IIQ and IDN?
  • What all types of OOTB role available in Sailpoint IIQ ?
  • Does IIQ supports approval ?
  • What is workflow ?
  • What is a provisioning plan ?
  • How to create custom workflow ? High level steps.
  • Could you please explain password management in Sailpoint  ?
  • What is the default admin username in IIQ?
OKTA -
  • How much experience do you have in OKTA implementation ?
  • What all OKTA products are in market ?
  • What is MFA ?
  • Explain OKTA universal directory and use ?
  • What is single sign on ?
  • What is SAML ?
  • What is difference between SAML, WS-FED, and OIDC ?
  • What is use of OKTA Browser plugin ?
  • Explain life cycle management in OKTA ?
  • What is the use Okta Integration Network ?
  • What all factor types available in OKTA ?
  • DO you know what is Trust.okta.com ?
Forgerock -
  • What all products Forgerock provides ?
  • What is Single Sign-On(SSO)?
  • What is the difference between authentication and authorization
  • What is OpenAM?
  • What is OpenIDM?
  • What Is SAML?
  • How OpenAM authorization works ?
  • What is Refresh Token?
  • How to onboard an application in OpenIDM?
  • High level - How to protect to web page using OpenAM?
  • What is user authentication and how it works ?
  • What all protocal OpenAM supports ?
  • Can i install OPenIDM without any external directory and DB ? If yes then where it stores the data ?
  • What is the default session cookie name in OpenAM?
  • How many types of cookies generated by OpenAM?
  • What is a Policy Agents ?
  • What is the default admin username in OpenAM?
  • What are the Agents supported by OpenAM?
  • What is SAML Metadata URL in OpenAM?
  • What is Refresh Token lifetime and scopes?
  • What are the OAuth2/OIDC endpoints?

Stay tuned will add more questions for each products.



Posted by at No comments:
Labels: , , , ,

Saturday, June 20, 2020

Difference between Identity and Access Management(IAM) vs Consumer/Customer Identity and Access Management(CIAM)

This is a very typical question asked and searched on the web most of the time - what is the difference between IAM and CIAM. Below are the few points which can clarify this -
  • IAM is typically used for employees where as CIAM is typically used for external users like Consumers or customers.
  • In IAM typically users are registered by employee on boarding process but in CIAM in most of the scenario its self registration.
  • IAM is typically bound in closed company network where as CIAM is typically public facing.
  • In IAM, identity data is collected to monitor and control the access where as in CIAM its typically transnational, marketing, advertisement etc.
  • Also, IAM is typically more restrictive as its used to access the internal resource where as CIAM is more flexible.

These two shares alot of similarities and this is the reason people are more confused. If we list out the capabilities both have common -

  • Single Sign on
  • User/Customer Life cycle management
  • Authorization
  • MFA
  • Password management
  • Federation etc.

Best tool present for IAM and CIAM -  Sailpoint IIQ, OKTA, Forgerock, Ping, Oracle etc.. All these tools can be utilized for both IAM and CIAM.


Posted by at No comments:
Labels: , , , ,

Friday, June 19, 2020

Sailpoint - New installation of Accelerator Pack 8.1 on Fresh IIQ 8.1

Approach-1(Installing IIQ and Accelerator Pack Together)

Steps-
  • Download “identityiq-8.1.zip” and unzip the file in local machine
  • Create a directory identityiq inside the apache folder “C:\Sailpoint\home\apache-tomcat-9.0.36\webapps”
  • Copy the identityiq.war file unzipped in step 1 to “C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq”
  • Run the below command to unwar the war file. - As i am doing it on windows environment- Convert war in zip and then unzip it. If it linux enviroment user - un -xvf identityiq.war
  • Download the Accelerator Pack 8.1 zip file from Sailpoint Compass.
  • Extract the Accelerator Pack zip file to a temp folder like C:\Sailpoint\Software\Accelerator_Pack. Please do not extract directly in Sailpoint installation directory.
  • Update the Hibernate configuration files in your IdentityIQ installation directory
    Note - If you are doing it on fresh installation where extended attributes are not setup then copy and overwrite all the files else merge the files.
  • As this is new installation, you can copy all the *.hbm.xml files from the unzipped Accelerator Pack location’s C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\classes\sailpoint\object\ folder to the [IdentityIQ_HOME]\WEB-INF\classes\sailpoint\object\ folder, and overwrite the existing ones.
  • If you wish to add custom attributes like department, costCenter or location, add the custom attributes in hbm.xml file.
  • As this is new installation, you can copy C:\Sailpoint\Software\Accelerator_Pck\WEB-INF\lib\AcceleratorPack.jar to [IdentityIQ_HOME]\WEB-INF\lib
  • As this is new installation, you can copy all files and subfolders under C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\config\ to [IdentityIQ_HOME]\WEB-INF\config\
  • As this is new installation, you can copy all files under C:\Sailpoint\Software\Accelerator_Pck\images\icons\ to [IdentityIQ_HOME]\images\icons\
  • Copy C:\Sailpoint\Software\Accelerator_Pck\web\define\applications\IdentityIQLoopback.xhtml to [IdentityIQ_HOME]\define\applications\
  • Open the Accelerator Pack custom properties file: C:\Sailpoint\Software\Accelerator_Pck\web\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties, copy the whole content and append it to the file to IdentityIQ custom properties file: [IdentityIQ_HOME]\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties.
  • Create the database schema follow below 3 steps
  • Open cmd and navigate to C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\bin
  • Execute "iiq schema" to create the schema


  • Create the database table using the above schema
  • Go to the C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\database and run appropiate file by using database client (used MYSQL Workbench) - C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\database\create_identityiq_tables.mysql
  • Update Database Settings that IdentityIQ will use to connect to its repository  - C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\classes\iiq.properties
  • By default identityiq will be used as usename and password for identityiq schema.
  • Note - Change the default dataSource.password and encrypt it by using IIQ encrypt utility.
  • Launch the IdentityIQ console by running the iiq console command from the identityiq_home\WEB-INF\bin directory.   iiq console and then run the below command to import init.xml and init-lcm.xml.
  • import init.xml
  • init-lcm.xml 
  • import init-acceleratorpack.xml
  • quit
  • Note - Import the default IdentityIQ objects to init and init-lcm in the system can be done via UI as well.
    • import init.xml
    • init-lcm.xml 
    • import init-acceleratorpack.xml
           


  • Use Spadmin credential to login. Dont forgot to change the password for spadmin
  • For verification whether its installed or not  - Go to Administrative Tasks > Installed Accelerator Pack  and check the quick links. Also you can go to Debug pages in Configuration Objects -> System Configuration and verifying that this line is there:
    <entry key="acceleratorPackVersion" value="8.1"/>

           

           

Approach-2 (Installing IIQ and Accelerator Pack Separatly)

Prerequisite -
  • Shutdown iiq servers
  • Full backup of database.
  • Back up all the Hibernate configuration files in the [IdentityIQ_Home]\WEB-INF\classes\sailpoint\object\
Steps -
  • Download the Accelerator Pack 8.1 zip file from Sailpoint Compass.
  • Extract the Accelerator Pack zip file to a temp folder like C:\Sailpoint\Software\Accelerator_Pack. Please do not extract directly in Sailpoint installation directory.
  • If the servers are running then stop the application server.
  • Update the Hibernate configuration files in your IdentityIQ installation directory
    Note - If you are doing it on fresh installation where extended attributes are not setup then copy and overwrite all the files else merge the files.
  • As this is new installation, you can copy all the *.hbm.xml files from the unzipped Accelerator Pack location’s C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\classes\sailpoint\object\ folder to the [IdentityIQ_HOME]\WEB-INF\classes\sailpoint\object\ folder, and overwrite the existing ones.
  • As this is new installation, you can copy C:\Sailpoint\Software\Accelerator_Pck\WEB-INF\lib\AcceleratorPack.jar to [IdentityIQ_HOME]\WEB-INF\lib
  • As this is new installation, you can copy all files and subfolders under C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\config\ to [IdentityIQ_HOME]\WEB-INF\config\
  • As this is new installation, you can copy all files under C:\Sailpoint\Software\Accelerator_Pck\images\icons\ to [IdentityIQ_HOME]\images\icons\
  • Copy C:\Sailpoint\Software\Accelerator_Pck\web\define\applications\IdentityIQLoopback.xhtml to [IdentityIQ_HOME]\define\applications\
  • Open the Accelerator Pack custom properties file: C:\Sailpoint\Software\Accelerator_Pck\web\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties, copy the whole content and append it to the file to IdentityIQ custom properties file: [IdentityIQ_HOME]\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties.
  • Extend your database schema using the IdentityIQ console: Open cmd and go to C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\ and run  iiq extendedSchema
  • Update script and comment out all alter table identityiq and create index statements from all extended attributes as those will already be created by IIQ fresh installation.
  • Open your database client MYSQL workbench and run the script add_identityiq_extensions.mysql
  • Note- If you see "Error Code: 1060. Duplicate column name 'extended1'" type issue then you may need to modify the script remove all alter table identityiq and create index statements from all extended attributes
  • Open the iiq console and run the command
    --> import init-acceleratorpack.xml
  • For verification whether its installed or not  - Go to Administrative Tasks > Installed Accelerator Pack  and check the quick links. Also you can go to Debug pages in Configuration Objects -> System Configuration and verifying that this line is there:
  • <entry key="acceleratorPackVersion" value="8.1"/>


     
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)