Blog
dxqueue
At WedaCon Informationstechnologien GmbH, we specialize in Identity and Access Management (IAM), helping organizations get their IAM systems fully under control. Managing Micro Focus Identity Manager (IDM) can be tricky. Ensuring that every new user, group, or attribute update reaches all connected systems reliably often requires careful planning and custom scripting. That’s where a tool like dxqueue come in, giving administrators and developers a way to safely inject, replay, or test DX/XDS events in driver queues.
November 5, 2025
How WedaCon Simplifies IIQ Development with Maven
Managing identities, access, and workflows in a modern enterprise isn’t easy and neither is building the software that supports it. SailPoint IdentityIQ (IIQ) provides a powerful but complex framework for IAM. Its internal build processes rely on Apache Ant, a flexible yet manual system. For growing teams or large deployments, this can mean repetitive tasks, scattered dependencies, and occasional surprises when deploying plugins or patches or adding/updating depedencies. Another build tool is Maven: a tool that promises automation, consistency, and easier dependency management. But Maven is not a silver bullet which comes without its own challenges, especially when applied to a proprietary system like IIQ.
October 20, 2025
SSH Tunnel Manager
Connecting securely to internal systems often requires manual SSH tunneling and multiple key-based authentications. Administrators and developers need to remember hostnames, ports and type long commands each time they work with databases, web services, etc. This is time-consuming, error-prone, and exposes operational risks. The WedaCon SSH Tunnel Manager changes that: by providing a secure CLI interface and stage-based configurations, it makes accessing internal services faster, safer, and easier. The Case In typical corporate environments, accessing internal services involves manually creating SSH tunnels via manually execute commands:
October 20, 2025
Capabilities Crawler
At WedaCon Informationstechnologien GmbH, we specialize in Identity and Access Management (IAM), helping organizations unlock the full potential of SailPoint IdentityIQ (IIQ). Beyond core platform capabilities, we assist clients in creating tailored solutions to their needs. One area that often causes friction for IIQ teams is understanding where entitlements are actually used. While IIQ’s UI lists the SpRights in the system, it does not provide insight into where these rights are checked in the application code. This gap can make audits, testing, and compliance reviews error-prone.
October 17, 2025
WedaCon Generic File Upload
A governance platform like SailPoint IdentityIQ is at the core of identity management in many organizations. But many onboarding or provisioning processes still rely on manually uploading CSV or Excel files to a server. This involves SSH access, manual file placement, and operational risk. The WedaCon Generic Uploader plugin changes that: by providing a secure web interface and automating the task launch, it makes IdentityIQ file processing safer, faster, and easier.
October 2, 2025
WedaCon Refresh Plugin
While SailPoint IdentityIQ (IIQ) is a powerful platform for identity and access management, one functionality it lacks out of the box is the ability to refresh or aggregate a single identity on demand. By default, IIQ is optimized for bulk operations, which can be slow or cumbersome when only one identity needs updating. At WedaCon Informationstechnologien GmbH, we recognized this gap and developed a custom IIQ plugin, enabling tailored, on-demand operations for individual identities. This plugin gives administrators and external systems immediate, precise, and auditable control over identity refresh and aggregation.
September 23, 2025
Unlocking the Full Potential of SailPoint IdentityIQ with Custom Plugins
At WedaCon Informationstechnologien GmbH, we specialize in Identity and Access Management (IAM), helping organizations maximize the power of SailPoint IdentityIQ (IIQ). Over the years, we’ve seen many companies struggle to extend IIQ’s functionality in a maintainable, scalable way, especially when relying solely on built-in BeanShell scripting for custom logic. While BeanShell scripting allows administrators to embed custom logic directly into workflows, rules, and tasks, it comes with significant limitations. At WedaCon, we help organizations move beyond these constraints by designing and implementing robust, maintainable IIQ plugins.
September 17, 2025
Visualize and Edit Your IdentityIQ Schemas with the WedaCon DBML Editor
At WedaCon Informationstechnologien GmbH, we spend a lot of time helping organizations get the most out of SailPoint IdentityIQ. Its flexibility is unmatched, but that flexibility often comes at a price: complex, XML-heavy configurations that are difficult to read, navigate, and visualize. In our recent post, we introduced our DBML Converter, which translates XML files like IdentityIQ ObjectConfig files into DBML (Database Markup Language) so schemas can be visualized instantly. But conversion is just the first step.
September 17, 2025
Turning SailPoint ObjectConfig into Database Diagrams with DBML
SailPoint IdentityIQ is one of the most powerful identity governance platforms on the market. But anyone who has worked with it knows that its configuration files can be difficult to navigate. The ObjectConfig format may contain everything you need, but in practice it is verbose, XML-heavy, and nearly impossible to visualize at a glance. This post explores the challenge of visualizing SailPoint ObjectConfigs and presents our lightweight, automated converter that translates them into DBML, a format that can instantly generate database diagrams. Even better, those DBML files can be opened in our custom DBML editor (more on that here) for enhanced collaboration.
September 15, 2025
SailPoint IdentityIQ Docker Environment
Deploying SailPoint IdentityIQ has traditionally been a meticulous, server-by-server process, demanding careful manual configuration and constant vigilance to maintain consistency. This complexity can slow down projects, introduce errors, and make scaling a significant challenge. This post introduces a streamlined, containerized deployment strategy that transforms IdentityIQ into a modern, agile, and resilient platform for any environment.
September 15, 2025
Qlinker: Your Shortcut to IdentityIQ Productivity
A governance platform like SailPoint IdentityIQ is at the core of identity security in many organizations. But anyone who has worked with it knows that navigation often takes multiple clicks and deep menu paths slowing user experience down. The WedaCon Quicklinker plugin changes that: by centralizing and simplifying navigation with Quicklinks, it makes IdentityIQ faster and easier to use. The Case In standard IdentityIQ, reaching common tasks like creating a new identity, reviewing approvals, or accessing external links like for switching between the classic and modern UI often requires multiple steps. Quicklinks exist in the system, but they are buried in menus and inconsistently exposed. Users either have to memorize paths or IT needs to provide custom documentation. This slows adoption, increases support requests, and makes administrators spend more time on “click work” instead of governance.
September 15, 2025
Secretshare - How to Share Sensitive Information Securely
Sensitive data, from passwords to confidential logs, is frequently shared through unencrypted channels like email, creating significant security risks. This habit exposes organizations to potential breaches and compliance failures. This article introduces a self-hosted, secure alternative that empowers your teams to collaborate safely without compromising convenience or control. The Case In today’s fast-paced digital environment, sharing information quickly is essential. However, the convenience of tools like email or public pastebins often comes at a steep price: security. When employees share credentials, API keys, or private code snippets through these channels, the data is left vulnerable and unencrypted. This practice creates a blind spot in your security posture, risking accidental leaks, unauthorized access, and non-compliance with regulations like GDPR and HIPAA. A single mistake on a public platform can lead to a major data breach, damaging your organization’s reputation and bottom line. The core problem is the lack of a simple, secure, and controlled method for sharing temporary, sensitive text.
September 14, 2025
LDAP Automation in Vaultwarden with the Bitwarden Directory Connector
A strong password manager is essential for corporate security, with solutions like Bitwarden leading the way. For organizations desiring more control, the self-hostable alternative, Vaultwarden, is a compelling choice. This post explores the common enterprise challenges with Vaultwarden’s out-of-the-box LDAP integration and presents a robust, automated solution. The Case For any administrator who has managed it, the reality of Vaultwarden’s native LDAP integration quickly becomes clear: it often creates more work than it saves. While it allows users to log in with their company credentials, it stops there. There is no automatic creation of new users, no syncing of groups or profile updates, and no easy way to filter who gets access. This forces IT teams into a cycle of manual, repetitive tasks just to keep the user list accurate. This administrative burden doesn’t scale, introduces the risk of human error, and ultimately prevents the organization from realizing the full security and efficiency benefits of a centralized password manager.
September 14, 2025
SailPoint IdentityIQ capabilities and sprights matrix
The Case In SailPoint IdentityIQ, authorizations are controlled using ‘capabilities’ and ‘sprights’. SailPoint itself offers an (regulary) updated version and matrix explaining which capability is assigned to sprights, see SailPoint Compass for reference (SailPoint Compass Access required). The document mentioned above is very helpful to get an overview on the authorizations ‘out of the box’, but to achieve the same for an already running, implemented and actively operated instance is not that straight forward.
September 10, 2025
Securing AI Agents: How Model Context Protocol Transforms IAM
The modern enterprise is a complex ecosystem of interconnected systems, applications, and data. As organizations accelerate their digital transformation journey, the demands on Identity and Access Management (IAM) have never been greater. IAM is no longer just about user provisioning; it’s about securing every digital interaction, ensuring compliance, and providing a seamless, efficient experience for users and administrators alike. At WedaCon Informationstechnologien GmbH, we specialize in navigating this complexity, delivering robust and intelligent IAM solutions that form the bedrock of secure digital operations.
September 9, 2025
Digital Summit Nord-Westfalen 2025
Die globalen Disruptionen sorgen auch für die IT-Verantwortlichen der nord-westfälischen Wirtschaft für völlig neue Herausforderungen. Der Digital Summit Nord-Westfalen 2025 bringt am 23. September 2025 im IHK-Bildungszentrum in Münster rund 200 IT-Expert*innen, Entscheider*innen und Innovator*innen zusammen. Im Fokus stehen die Digitale Souveränität der Geschäftsmodelle, die Resilienz der IT-Infrastrukturen in Krisenzeiten und der zukünftige Einsatz von Künstlicher Intelligenz als strategischen Erfolgsfaktor. Was heißt das genau? Digitale Geschäftsmodelle: Souveränität erreichen und sichern Über Jahrzehnte haben sich Unternehmen in Europa und damit auch in unserer Region in Abhängigkeit von IT-Dienstleistern aus den USA gebracht, die als stabile und innovative Partner bekannt sind. Heute stellt sich die Frage, wie verlässlich die Leistungen zur Verfügung stehen können, wenn politischer Druck entsteht oder ein transatlantischer Handelskrieg ausbrechen würde.
September 2, 2025
YIAM© QuarterDeck AuditLogger
Flexible Audit Log Forwarding for SailPoint IdentityIQ Audit transparency is a key requirement in enterprise Identity Governance programs. SailPoint IdentityIQ captures detailed audit trails in its internal database, but getting these events into modern SIEM systems like Microsoft Sentinel, Splunk, or Elastic remains a challenge, especially when direct database access is limited or not allowed. To address this, we introduce the YIAM© QuarterDeck AuditLogger. This IdentityIQ plugin is designed to streamline the delivery of audit events to external systems using log4j2.
June 24, 2025
Query Your Graph with Natural Language
Ever wished you could just ask your database questions in plain English instead of crafting complex Cypher queries? With our new Proof of Concept, that’s now possible. We’ve integrated Neo4j, Ollama, and OpenWebUI into a single, streamlined experience, letting you query your graph database with nothing but natural language. The Stack Behind the Magic This project brings together: Neo4j – a powerful graph database engine Ollama – your local LLM runtime, running models like Qwen, Llama or Mistral efficiently Model Context Protocol (MCP) – a new open protocol to allow models to use external tools Open WebUI – an intuitive interface for interacting with your LLMs and tools All components are containerized using Docker, and the setup process takes only a few moments.
May 5, 2025
Schema Extensions and Sync Options Entra-DS and Entra-ID
Background Extending the schema in Directory Services is crucial for organizations seeking to enhance their identity and access management capabilities. The default schema may not always accommodate unique business requirements or emerging technologies. By extending the schema, organizations can introduce custom attributes and classes, enabling more granular control over user identities, groups, and resources. This flexibility allows for better alignment with specific operational needs, improved data management, and enhanced security protocols.
April 10, 2025
Welcome to the New WedaCon Blog!
At WedaCon we are always looking for ways to enhance our expertise in Identity and Access Management and provide valuable content to our audience. Our blog has been a valuable resource for key insights in IAM and other related topics, but until now, it has been a static website with limited flexibility and efficiency. The latest changes of our blog bring a range of benefits that will make it more dynamic and efficient. Let’s dive into the changes we’ve made, why we made them, and what you can expect from us moving forward.
March 26, 2025
IAM Software Development
Identity and access management (IAM) is a critical component of modern software systems, ensuring that only authorized users have access to sensitive data and resources. In recent years, there has been an increasing focus on developing IAM solutions that are flexible, scalable, and secure, leveraging emerging technologies and development methodologies. This article provides an overview of current trends and best practices in IAM software development, with a focus on the use of programming languages such as Java, Ecmascript, Typescript, and Python, as well as XML handling and architectures such as microservices and Java application servers.
April 1, 2023
Knowledge Transfer Principles
Challenge Information Technology is a complex topic. Life itself is another complex topic. And living and breathing for Information Technology is even more complex. To survive in today’s multiplexed world, you need a good and solid understanding of the processes, opportunities and pitfalls surrounding you not only in the IT-Sector, but also when dealing with the ‘soft’ facts and skill (some call it OSI-Modell Layer 8).
April 1, 2023
Principles Of Decentralized Identity Management
I had the great honor to present on the ‘Blockchain ID Innovation Night’, which took place just before the European Identity & Cloud Conference in Munich. According to the ‚call for speakers‘ send out in February, the organizer (KuppingerCole) was not looking for ‘pitches’, but for a ‘slam-style event where you try to entertain and convince the crowd that the world will be a better place with your contribution‘ at the same time. Well, I think the world is a better place since I presented, at least for me.
April 1, 2023
Recognized Leader in IAM
WedaCon recognized as member of Top 10 Identity and Access Management Consulting/ Services Companies in Europe 2019 A strong and secure access management system has been one of the main pillars of a company’s security infrastructure ever since. ‘By offering the best technological services and with several success stories to their credit, these service providers are constantly proving their worth in the field of identity and access management services.’
April 1, 2023
Relational LDAP Services
Challenge Lightweight Directory Services are somewhat strict. They have a schema, which you have to follow. And they are read optimized, so perfect for access control and identity management. But they lack a function that is available on databases: they are not relational, which means you have to have all required attributes and information on one object you will query. Sure, you can do more than one query, but nearly all systems using LDAP require you to deliver all information they request in ONE call.
April 1, 2023
Relationship Notation Language
Within its paper on ‚Refining the Design principles of Identity Relationship Management‘, the Kantara Workgroup for Identity Relationship Management (IRM) defined the criteria a system should follow to enable representation and management of identity relationships. In the course of its exploration, two things have become apparent: The need for a type of ‚Relationship Manager‘ and a Relationship ‚Notation‘ Language. The document you are reading right now gives a first introduction and view on the topic of a ‚notation‘ language, and is one of the contributions from WedaCon to the mentioned workgroup. While concentrating on this, we will also see a few links and mentions of the functionality of a ‚relationship manager‘.
April 1, 2023
Security Levels based on SmartCard Login
Challenge How to protect sensitive data (HR, innovations, whatever) in a highly complex, worldwide acting company? The challenge here was to establish a completely secured environment for specific teams inside the enterprise, while allowing them to use the enterprise global IT Structure as much the same way as the rest of the participants do. Design The Design was based on a security levels, and to reach the highest access and security level, the individual seeking access to sensitive data had to use a smartcard to login (2-Factor Authentication). Once reaching this security level, the user was able to access the secured data, but was not able to write (store) information to any device that had a lower security level.
April 1, 2023
Semantic Entity Relations
It requires a consistent re-orientation and adjustment of current technologies and methods to meet the upcoming challenges of Identity Management. With this White Paper we would like to introduce the latest development of our Entity Relationship Management system. The system’s new feature consistently manages and displays all types of entities and their connections to each other based on semantic and ontological approaches. Introduction Identity and Access Management (IAM) and the ‘sister-discipline’ Identity Access Governance (IAG) are an integral part of the IT infrastructure in medium and large businesses. These systems manage internal user accounts for employees, system administrators and partners. Increasingly, access rights and accounts of customers and suppliers are considered in an IAM compliant view as well.
April 1, 2023
The Case for Knowledge
Information Technology is a complex topic. Life itself is another complex topic. And living and breathing for Information Technology is even more complex. To survive in today’s multiplexed world, you need a good and solid understanding of the processes, opportunities and pitfalls surrounding you not only in the IT-Sector, but also when dealing with the ‘soft’ facts and skills (some call it OSI-Modell Layer 8). The Case When we started our business, one of our main business area was ‘Training’. Nearly all of our staff were either ‘Microsoft Certified Trainer’ or ‘Novell Certified Instructor’ (it was May 2001), plus some other certifications in Project Management and Data Security to instruct others in the usage of decent technologies. Some had both of the top Instructor Certifications available those days. So we know how to transport knowledge, its even in our name: ‘Weda’ is sanskrit and simply means ‘Knowledge’.
April 1, 2023
Why HR 4.0 might not work for you
The magical version ‘4.0’ is something we stumble over in 2016 each and everywhere people talk about ‘disruptive’ technologies, changes and new approaches. Whether its HR 4.0, Industry 4.0 or Web 4.0, the basic goals do not differ much, which is the reason for us to use the term ‘Idea 4.0’ throughout this document for the matter of ease and readability. So what exactly does ‘Idea 4.0’ mean, and how did the previous visions and expectations for versions 2.0 and 3.0 look like? And even more important: Where do we stand now in the implementation of the previous versions, and does Idea 4.0 require a full or even partial implementation of versions 2.0 and 3.0 as a prerequisite ? Is there even a ‘Cross-Update’ path directly from 1.0 to 4.0?
April 1, 2023
YIAM SCIMGateway©
Identity Access Management and Governance, the management of digital entities and their lifecycle across different silos, requires standard communication channels to and from those silos and services. Many identity management tools and solutions do lack a standard communication channel, resulting in a bunch of proprietary or specialized interfaces and connectors, each with its specific requirements and limitations. Furthermore, connectivity to off-premise services, partner interfaces, non-standard or simply plain old and unsupported target systems can become tedious.
April 1, 2023
YIAM© QuarterDeck StageSync
Cross Environment Sync Identity and Access Management (IAM) teams often face the daunting challenge of maintaining consistency and security across multiple development environments. Ensuring that IAM/ IAG artefacts are accurately synchronized between stages like DEV, Production, Quality, and Test is crucial yet complex. Manual processes can lead to errors and security gaps, while disparate tools and configurations add to the complexity. This necessitates a robust solution that can automate and streamline IAM synchronization, reducing risks and enhancing overall efficiency.
April 1, 2023
YIAMKiosk© Password Self Service
Reduce your HelpDesk Costs! Forgotten passwords and their recovery cause substantial costs for companies worldwide every day. Not only the IT department, which has to reset the passwords needs to be considered here, but also the amount of lost working time for employees. This is where WedaCon‘s YIAMKiosk® starts. As a portal providing self-service YIAMKiosk® clears the way for your users in a simple, yet safe way to reset their forgotten passwords on their own and without any intervention by the IT Department.
April 1, 2023
YIAMSuite©
Smart Identity Relationship Management Identity- and Access Management (IAM) Systems are part of IT Strategy in midsize and large businesses for many years now. While features of these systems previously focus on employees and partners, the ,Internet of Things‘, the new EU General Data Protection Regulation and digitization challenges in a new additional way: Disruption even here! Modern IAM systems must encounter these challenges with innovative concepts. Additionally to the administration of Identities, there is a new requirement to manage all those elements and ,Things‘ that might have a relation to the managed person.
April 1, 2023
YIAM Transliteration©
Identity Access Management and Governance, the management of digital entities and their lifecycle across different silos, requires standard communication channels to and from those silos and services. Many identity management tools and solutions do lack a standard communication channel, resulting in a bunch of proprietary or specialized interfaces and connectors, each with its specific requirements and limitations, and most often implemented as a monolith application which lacks scaling on an architectural level.
April 1, 2023
YIAMConnect©
Standardize your processes! ‘Privacy by Design‘ is just one of many demands on IT systems and processes each organization must meet in May 2018 at the latest, as the transitional period for the implementation of the EU General Data Protection Regulation (EU- GDPR) comes to an end. The 2-year period to implement the regulation requires companies and organizations to revise their processes for managing personal data and many other related processes and possibly adapt.
April 1, 2023
About Relationships
Identity Management is and always was ‘Relationship Management’ as well. Identities (=Users) do have relations, and those relations define the ‘inner’ meanings, roles and authorizations of them. In 2008, we at WedaCon started to consequently handle those ‘related’ objects with the same technologies, ideas and concepts as we do with the identities within our projects. Since then, we call it ‘Entity Management’. During the past years, we realized that those relations became the most powerful and usable part of the systems we designed and managed for our customers. Therefor, today we name it ‘Entity Relationship Management’.
April 1, 2023