One of the things I’ve been investigating for the new Domino infrastructure rollout that I am heading up in my new job is ID management. Most places that I have worked at before have never really understood the importance of ID management. Certifier ID files and passwords and given out to whoever needs them, local helpdesk staff are shown how to create user id’s and id files get lost etc.
In Notes 4 the escrow agent was helpful and easy to implement, setup a user or group called ‘Escrow Agent’ and all ID files that are created would be sent to that user.
In R5 they expanded upon that with ‘ID Recovery’. Special information was embedded into the certifier ID file and then any ID’s created from that ID file would have the information passed on to them. On bit of this information was a user that would receive a copy of all ID files whenever they changed. There were problems with this, like users being able to cancel the send.
In ND6 they improved this yet again and it’s nearly getting to the stage where it is easy to deploy. The recovery information is now stored in the NAB, the end users don;t need to be sent the recovery info it is automatically picked up when they log in, the bit that sends the changed ID files to a central location now happens in the background.
So why do we still need ID Management systems. Well I think the answer is easy. It keeps the certifier ID files out of the local administrators hands, you have more control over how the users are setup and it assists with keeping SLA’s in a centrally managed system.
So far I have evaluated two ID Management systems, iDM from Centric and GSX ID Manager from GSX. Of the two systems I think iDM is the better, it is 100% notes based which I think is really important because the GSX application needs a small executable to be periodically run on the server to do the work. iDM also seems to have a lot more features in helping define who can request and authorise new ID creation and help ensure that any ID file that is created will conform to your standards for that office, country, region or even company.
I’m sure that there are more ID Management solutions out there and if you know of any more then please feel free to mention them in the comments so I can evaluate them also.
So, do you use ID management or do you hand out your certifier ID files?