Go-live pains

Every Identity Management project follows a familiar pattern: everything works perfectly in the test environment, meeting all customer requirements like a dream. Then comes the most dreaded day of the project – the production deployment. This is when both managers and IDM administrators get nervous and when you truly discover the difference between a mediocre and an exceptional IDM product.

The go-live phase reveals the true nature of your chosen solution. How flexible is it? How does it handle data inconsistencies? What breaks? How many users are affected? Can you complete the deployment with a few exceptions, or do you need to roll back everything, fix the issues, and start over – facing the embarrassing moment of telling your stakeholders, “Sorry, it didn’t work out”?

Let me paint you a picture from just two years ago. The process was incredibly cumbersome when deploying our most challenging target system – Active Directory/LDAP in midPoint. We had to clone the production AD (a task far more complex than it sounds), connect it to midPoint, recalculate organizational structures, roles, and users, and then compare the contents of both AD instances. After analyzing the results, we’d fix the data, adjust the configuration, and try again. We repeated this cycle 35 times with one client before feeling confident enough for the actual go-live. Even then, after a sleepless night, we found ourselves troubleshooting “unexpected issues” at 8 AM.

midPoint improves to help

But times have changed. Today’s midPoint introduces a game-changing feature – simulations. There is no longer a need for full deployments or AD cloning – you can preview exactly what will happen during the go-live phase. But what about those edge cases? The “forgotten” bad data? The VIP groups that can’t be modified? The ambiguous cases that need white-listing or black-listing? That’s where the new group synchronization methodology comes in.

The best part? You no longer need to dive into XML files, frantically adjusting tolerantValuePatterns, wrestling with regex, or modifying mapping conditions to handle exceptions. A single typo in these technical configurations won’t ruin your day anymore. Instead, you can simply mark these groups through an intuitive GUI using object marks or filters and move forward.

Knowledge is power

While Evolveum provides excellent webinars as an introduction to these features, we understand you might want to dive deeper. That’s why they’ve introduced a comprehensive self-paced e-learning program – midPoint deployment: Group Synchronizations. In just two days, you can master these new capabilities at your own pace. Even better – this training is entirely free if you’re an Evolveum partner.

It’s no coincidence that our senior IDM architect, Gusto, completed this seemingly straightforward but powerful training program first. After experiencing firsthand what midPoint’s new features can accomplish, he strongly recommends it to anyone who’s ever felt pre-deployment anxiety.

The days of dreading the go-live phase are behind us. With modern IDM solutions and proper training, what was once the most stressful part of IDM projects has become a manageable, even confident, process. Welcome to the new era of Identity Management deployments.