Identity migration system apparatus and method

US 7,895,332 B2
Filed: 10/29/2007
Issued: 02/22/2011
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method to centralize identity management, the method comprising:

retrieving locally managed user identities for a plurality of users of Unix from at least one server;

merging with one or more computer processors the locally managed user identities for the plurality of users of Unix with centrally managed identities associated with a plurality of users of Active Directory according to a plurality of rules wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains;

performing an identity conflict check of the merged locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities;

when conflicts are identified, unmerging the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities;

when conflicts do not exist, creating an identity map with one or more computer processors that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities;

communicating the identity map to the at least one server; and

migrating the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map;

reassigning resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities; and

storing rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources.

View all claims

26 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity migration agent operating on a local identity server and/or user computer retrieves locally managed identities for an identity migration server. The migration server merges the locally managed identities with centrally managed identities according to a plurality of rules, and creates an identity map that maps the locally managed identities to the centrally managed identities. The migration server communicates the identity map to the identity migration agent that reassigns resources of the locally managed identities to the centrally managed identities in accordance with the identity map. In certain embodiments, the migration server performs identity conflict checks and directs resource assignment rollback operations in response to a user request.

315 Citations

13 Claims

1. A method to centralize identity management, the method comprising:
- retrieving locally managed user identities for a plurality of users of Unix from at least one server;
  
  merging with one or more computer processors the locally managed user identities for the plurality of users of Unix with centrally managed identities associated with a plurality of users of Active Directory according to a plurality of rules wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains;
  
  performing an identity conflict check of the merged locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities;
  
  when conflicts are identified, unmerging the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities;
  
  when conflicts do not exist, creating an identity map with one or more computer processors that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities;
  
  communicating the identity map to the at least one server; and
  
  migrating the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map;
  
  reassigning resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities; and
  
  storing rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the locally managed user identities comprise at least one identity group that comprises at least one user identity and at least one related user identity.
  - 3. The method of claim 1, wherein at least one of the centrally managed user identities comprises a pre-existing centrally managed user identity.
  - 4. The method of claim 1, wherein the locally managed user identities and the centrally managed user identities correspond to distinct platforms.
  - 5. The method of claim 1, further comprising storing the locally managed user identities in a centralized identity data store to facilitate merging the locally managed user identities with the centrally managed user identities.

6. An apparatus to centralize identity management, the apparatus comprising:
- a communication module configured to receive locally managed user identities for a plurality of users of Unix from at least one migration agent;
  
  an identity merge module implemented on one more computer processors, the identity merge module configured to merge locally managed user identities for a plurality of user of Unix with centrally managed user identities associated with a plurality of users of Active Director according to a plurality of rules wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains;
  
  an identity check module implemented in one or more computer processors, the identity check module configured to perform an identity conflict check of the merged locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities;
  
  when conflicts are identified, unmerging the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities;
  
  an identity map module implemented in one or more computer processors, the identity map module configured to create, when conflicts do not exist, an identity map that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities;
  
  the communication module configured to communicate the identity map to the at least one migration agent, wherein the migration agent is configured to migrate the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map and reassign resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities, wherein the migration agent is further configured to store rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The apparatus of claim 6, wherein the locally managed user identities comprise at least one identity group that comprises at least one user identity and at least one related user identity.
  - 8. The apparatus of claim 6, wherein at least one of the centrally managed user identities comprises a pre-existing centrally managed user identity.
  - 9. The apparatus of claim 6, wherein the locally managed user identities and the centrally managed user identities correspond to distinct platforms.
  - 10. The apparatus of claim 6, further comprising a centrally managed identity data store configured to store the locally managed user identities to facilitate merging the locally managed user identities with centrally managed user identities.
  - 11. The apparatus of claim 6, further comprising a scheduling module configured to enable scheduling one or more identity management operations.
  - 12. The apparatus of claim 6, wherein the identity merge module is further configured to unmerge the locally managed user identities from the centrally managed user identities in response to receiving an unmerge request.

13. A non-transitory computer readable storage medium comprising a program of machine-readable instructions executable by a digital processing apparatus to perform operations to centralize user identity management, the operations comprising:
- retrieving locally managed user identities for a plurality of user of Unix from at least one server;
  
  merging the locally managed user identities for the plurality of users of Unix with centrally managed user identities associated with a plurality of users of Active Directory according to a plurality of rules;
  
  wherein the merged locally managed user identities and the centrally managed user identities comprise unique identities and at least a plurality of non-unique identities, the non-unique identities comprising user identities that have the same identifier for at least two different users from two distinct domains;
  
  performing an identity conflict check of the merqed locally managed user identities and the centrally managed user identities to identify conflicts associated with the non-unique identities;
  
  when conflicts are identified, unmerqinq the merged locally managed user identities causing the conflicts from the centrally managed user identities prior to migrating the merged locally managed user identities to the centrally managed user identities;
  
  when conflicts do not exist, creating an identity map that maps the merged locally managed user identities associated with Unix to the centrally managed user identities associated with Active Directory prior to migrating the merged locally managed user identities to the centrally managed user identities;
  
  communicating the identity map to the at least one server; and
  
  migrating the merged locally managed user identities associated with Unix to the centrally located user identities associated with Active Directory based on the identity map;
  
  reassigning resources of the merged locally managed user identities to the centrally managed user identities in accordance with the identity map, wherein the resources comprise at least administrative privileges for the locally managed user identities; and
  
  storing rollback information to enable rollback of the migration of the merged locally managed user identities from the centrally managed user identities and rollback of the reassigned resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Vanyukhin, Nikolay, Shevnin, Oleg, Korotich, Alexey
Primary Examiner(s)
Backer; Firmin
Assistant Examiner(s)
ALGIBHAH, HAMZA N

Application Number

US11/926,512
Publication Number

US 20080104250A1
Time in Patent Office

1,212 Days
Field of Search

709/226
US Class Current

709/226
CPC Class Codes

G06F 16/214   Database migration support

H04L 41/0873   Checking configuration conf...

H04L 41/12   Discovery or management of ...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Identity migration system apparatus and method

First Claim

26 Assignments

0 Petitions

Accused Products

Abstract

315 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Identity migration system apparatus and method

First Claim

26 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

315 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links