Identity migration system apparatus and method
First Claim
1. A method to centralize identity management, the method comprising:
- retrieving locally managed user identities for a plurality of users of Unix from at least one server;
merging with one or more computer processors the locally managed user identities for the plurality of users of Unix with centrally managed identities associated with a plurality of users of Active Directory according to a plurality of rules wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains;
performing an identity conflict check of the merged locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities;
when conflicts are identified, unmerging the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities;
when conflicts do not exist, creating an identity map with one or more computer processors that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities;
communicating the identity map to the at least one server; and
migrating the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map;
reassigning resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities; and
storing rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources.
26 Assignments
0 Petitions
Accused Products
Abstract
An identity migration agent operating on a local identity server and/or user computer retrieves locally managed identities for an identity migration server. The migration server merges the locally managed identities with centrally managed identities according to a plurality of rules, and creates an identity map that maps the locally managed identities to the centrally managed identities. The migration server communicates the identity map to the identity migration agent that reassigns resources of the locally managed identities to the centrally managed identities in accordance with the identity map. In certain embodiments, the migration server performs identity conflict checks and directs resource assignment rollback operations in response to a user request.
-
Citations
13 Claims
-
1. A method to centralize identity management, the method comprising:
-
retrieving locally managed user identities for a plurality of users of Unix from at least one server; merging with one or more computer processors the locally managed user identities for the plurality of users of Unix with centrally managed identities associated with a plurality of users of Active Directory according to a plurality of rules wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains; performing an identity conflict check of the merged locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities; when conflicts are identified, unmerging the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities; when conflicts do not exist, creating an identity map with one or more computer processors that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities; communicating the identity map to the at least one server; and migrating the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map; reassigning resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities; and storing rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus to centralize identity management, the apparatus comprising:
-
a communication module configured to receive locally managed user identities for a plurality of users of Unix from at least one migration agent; an identity merge module implemented on one more computer processors, the identity merge module configured to merge locally managed user identities for a plurality of user of Unix with centrally managed user identities associated with a plurality of users of Active Director according to a plurality of rules wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains; an identity check module implemented in one or more computer processors, the identity check module configured to perform an identity conflict check of the merged locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities; when conflicts are identified, unmerging the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities; an identity map module implemented in one or more computer processors, the identity map module configured to create, when conflicts do not exist, an identity map that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities; the communication module configured to communicate the identity map to the at least one migration agent, wherein the migration agent is configured to migrate the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map and reassign resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities, wherein the migration agent is further configured to store rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium comprising a program of machine-readable instructions executable by a digital processing apparatus to perform operations to centralize user identity management, the operations comprising:
-
retrieving locally managed user identities for a plurality of user of Unix from at least one server; merging the locally managed user identities for the plurality of users of Unix with centrally managed user identities associated with a plurality of users of Active Directory according to a plurality of rules; wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains; performing an identity conflict check of the merqed locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities; when conflicts are identified, unmerqinq the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities; when conflicts do not exist, creating an identity map that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities; communicating the identity map to the at least one server; and migrating the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map; reassigning resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities; and storing rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources.
-
Specification