Posted on April 2, 2023 at 11:00 PM
IBM Security Identity Manager (ISIM) is a popular IAM system. It has been around for a
while. Many organizations have more than one instance of ISIM.
Some others have different IAM systems from multiple vendors. There arises a need to provision to
ISIM from another ISIM instance or another IAM system.
In this blog post we will present a simple way to develop an ISIM connector to onboard an ISIM as an
application.
The following diagram shows the basic concept
ISIM is bundled with Tivoli Directory Integrator (TDI) also known as Security Directory Integrator.
TDI comes with multiple connectors, including an LDAP server connector and ISIM DSML2 connector.
The source IAM system could be SailPoint, RSA, ISIM or any other vendor product. All these systems
come with an LDAP connector.
The basic idea here is to write LDAP server assembly line(AL) running on TDI. This AL will act as an
LDAP server.
It will receive LDAP commands from the source IAM and provison/deprovision to target ISIM using the
DSML2 to connector
With a little bit of Javascript it will be easy to implement, create, delete, modify and search
functions in the TDI assembly line.