Skip to main content

Technical Brief
from Zigabyte Australia

Migrating Identity with Expertise

Transition at scale and complexity from One Identity to SailPoint IIQ.  

"“.. our level of customization without programmatic access points coupled with unsupported MUR, made this one of the most daunting undertakings we needed to achieve. To say ‘we succeeded’ in the time we did, has a more than pleasing ring …”"
Zigabyte Australia Tech Brief - Engagement Brief

The customer is a major telecom company, (over 80,000 employees), and their goal was to transition a large Research Team, migrating Q1IM users (Persons), Roles and Custom Target Systems, to a SailPoint IIQ Identity Cubes, Entitlements/ Roles(bundles) and Applications (connectors). The challenges faced:

  1. The customer has many Custom Target Systems in Q1IM with no programmatic access points such as REST or SOAP Api's.
  2. The deeply customized ITShop had baked-in provisioning processes, rather than utilizing workflows within Q1IM.
  3. Multiple authoritative sources (master user records) that were no longer supported by each vendor (Older versions of AD / Sun LDAP)
Zigabyte Australia Tech Brief - Problem Solution

Our Principal Consultants recommended OOTB SailPoint IIQ functionality to duplicate custom code in the Q1IM ITShop and utilize SailPoint IIQ's native/OOTB XML import mechanisms to import user/role data sets from Q1IM. The solution team included a C#/OI/IIQ developer, an internal DevOps / DB administrator, and ITShop developer. As a work plan our team:

  1. Analyzed each custom attribute in Q1IM and duplicated it as Extended attributes in various SailPoint IIQ objects.
  2. Dumped the content of these outdated authoritative sources into CSV/Text files. Wrote a custom C#/LINQ console application that would map each attribute to XML documents then batch read these files and insert them via "LCM Batch request" or if its simpler/faster "PowerShell/IIQ Console commands" to SailPoint IIQ.
  3. For the Custom Target Systems without API, we wrote another C# console application utilizing Selenium web driver to web scrap the data into XML files and then use XSLT transforms so that they can be imported into SailPoint IIQ. 
  4. For the customized ITShop, we analyzed the provisioning process and duplicated it via customized Tasks, Rules and Workflows (Bean shell development work).
  5. With the same C# / Selenium console application that extracted the CTS Data set. We reversed the process and targeting SailPoint IIQ to test the provisioning process and verify that each Identity/Account where created properly.  
PointZ Tech Brief - Problem Solution

The expertise and in-depth knowledge of both One Identity and SailPoint, along with an advanced ability in coding ensured the work was completed within a 9-month time frame, well within the customers' expectations. The customer was further assisted to successfully complete their transition in the first business quarter of the next year.

PointZ Technologies

The solution team included a C#/OI/IIQ developer, an internal DevOps / DB administrator, and ITShop developer.

Software

  • One Identity, SailPoint, C#, VB