Role management - Applications RRS feed

  • Question

  • I am not sure this forum is the best place to post this question. We are looking for a role management application. We have FIM 2010 R2 as our idm. Senior mgmt team is more leaning towards Grouper.

    FIM, Bhold or Grouper - What's your opinion? Which is the best?

    Is there any other role management application?


    Thursday, January 29, 2015 9:02 PM

All replies

  • BHold is part of FIM now ....

    Borys Majewski, Identity Management Solutions Architect (Blog: IDArchitect.NET)

    Saturday, January 31, 2015 4:22 PM
  • It really depends on your requirements for role management. I've seen an excellent basic role management system developed with a flat SQL table and a custom FIM workflow: just name the role and list all the permissions or provisioning instructions associated with it in a row. You then just need a way to assign the various roles (and their permissions) to a user - some kind of attribute (job title, department, location etc) that is used as the basis of a SQL query. I've also designed and deployed systems with third party tools (including BHOLD).

    There are pros and cons to each approach, but it depends very much on what you are trying to achieve. If you need NIST-compliant RBAC and have already made the investment in FIM, then BHOLD seems a no-brainer (although has some implementation challenges). If you need to auto-assign AD groups to users, then use FIM (possibly augmented with a SQL lookup). I've never heard of Grouper, so can't comment.

    Omada was the other main RBAC solution for FIM, but it's been a while since I had hands-on with it, so don't know what the current functionality is.



    Monday, February 2, 2015 11:33 AM