SaaS Identity Provisioning use case


On one of the previous blog posts by Ross, “To ESB or Not to ESB“, he did a great job in outlining the two basic integration architectures: “Enterprise Service Bus” and “Hub and Spoke”. Included in the Blog is a good overview of the benefits and considerations that are relevant for each architectural choice.

A key implementation consideration for SOA enabled architecture such as An ESB is the capability to maintain pace with the integration needs of the organization.
The reason this is important is that we live in very dynamic IT world where business needs and system can change with the next bright idea. If your organization responds too slowly, then you are putting your organization at risk by not being able to compete effectively in the market place.

To truly be competitive, your organization must adapt to the ever changing, and complex world of technology integration. The reality is that  you no longer have months to design and additional months to deliver integration services to the organization.

In the real world there is a good chance that you have an existing Identity Management System already deployed. It is also quite likely it’s either a hub and spoke implementation or a system that has not been updated in quite some time.

So how do you maintain and extend an existing identity management system?  What are the basic choices you have for managing your current environment and, extending it into an SOA enabled architecture?

If you have come to this “fork” in the road then there are two obvious choices available.

  1. Rip and Replace the existing solution
  2. Continue to add on to your proprietary hub and spoke solution

Both of these choices will work but they are not ideal for any number of reasons (Expense, Time to Delivery, Continuing investment in Legacy environment).  So what are the alternatives and how can I use SOA concepts to maintain services and support the organizations growth:

“How can I maintain and extend my current environment in an SOA enabled environment”?

There is a readily available answer for this question and in this blog we will present a real life demonstration of how this can be accomplished.

In the next part of the blog we are going to walk through a real life example of using a SOA enabled (hybrid approach) to provisioning and de-provisioning cloud SAAS accounts.


The scenario that is being presented is that the organization has an existing Hub and Spoke identity provisioning implementation using Novell’s Identity Manager. There is also a need and a desire to implement a SOA enabled provisioning and de-provisioning system.

Note: While the demo showing integration capabilities with Novell Identity Manager , there is no specific limitation that requires any of the Novell Identity Manager components.

The SOA provisioning and de-provisioning system

The provisioning and de-provisioning scenario we are going to demonstrate is based on the scenario that  an organization has an existing identity management implementation that needs to control accounts on  two large SAAS(Software as a Service) and Netsuite.


The components used in the demonstration are as follows components:

  • Novell’s eDirectory (LDAP)
  • Novell’s Identity Manager
  • GreyTower Connector for Novell’s IDM (JMS)
  • GreyTower Provisioning System (Built w/ OEM Mule)
  • Apache

The integration videos shown below demonstrate how an organization can use role based access to provision and de-provision user accounts with a SOA enabled system.

The following videos will demonstrate the capability to manage accounts in both SAAS services by simply assign users to roles by using a standard  administrative tool called iManager.

This first video  in this series will  demonstrate creating an  account  in and

[yframe url=’’]

The second video in this series demonstrates  provisioning and de-provisioning users in

[yframe url=’’]

The Third Video in this series demonstrates provisioning and de-provisioning multiple accounts in

[yframe url=’’]

The Fourth Video in this series demonstrates provisioning, de-provisioning and authenticating to and services.

[yframe url=’’]

Guest post from William Brant, CEO at Directory Services, Inc., a MuleSoft partner.

Directory Services, Inc. is a leader in the development of Identity Integration solutions. William developed and founded the Grey Tower Project, a key tool for creating open source Identity Management Solutions. He later expanded GreyTower to include SOA and ESB functionality to any IDM Platform, which is now the foundation of the Enterprise GreyTower family of products. William continues to champion the development of key Identity centric solutions, and is the main voice of bringing SOA and IDM together as compelling identity solution set.

We'd love to hear your opinion on this post