IDM 4.5 What is in the box - ngage · Single Sign On Self service User provisioning Password...

© NetIQ - All Rights Reserved

IDM 4.5What is in the box

© nGage - All Rights Reserved

Agenda

2

● What is Identity Management● IDM Family● Integrated installer● IDM Engine● Drivers● Applications: User Application (/IDMProv)● Applications: Home Provisioning Desktop (/landing /dash)● Applications: Role Administration (/rra)● Applications: Identity Reporting (/IDMRPT)● Applications: Self Service Password Reset (/sspr)● EAS● Tools: Designer● Tools: Analyzer● Tools: Validator

Indentity Manager


Identity Management

HR ERP

PBX

DirectoryMail

OperatingSystem

Database Identity Vault


Identity Management


Identity Management

AuthorisationIdentification

Authentication

Single Sign On Self service

User provisioning

Password Synchronisation

Risk Management

Role based management

Corporate Identity

Federated Identity

Information Store

Access management & control

Compliancy

Attestation

Auditing

Information Consistency

Governance

Regulations & Law

WorkFlow (Businessflow)

Cloud

Claim – Context Based


Identity Management

The Other Stuff● Print credits● Card Access● File Storage Management● Selfservice requests


Why Identity Management

Automated processes (f.e. (de)provisoning)l Self Servicel Auditing


Why Identity Management

ApplicationsDirectories

OS and File Systems

DatabasesTelephone & Access

Help Desk Cloud en SaaS

Business Managers

Employees External employees

Clients-Suppliers

Work-flow Systeem

Identity Vault

White Pages/ Self-Service/ Wachtwoord

beheer

Business Resource aanvraag

Rol-gebaseerd en gedelegeerd

user beheer

Goedkeurings Work-flow

Web Services

Main Components

Connectoren

Gevanceerde rapportage

Identity Information Warehouse

Compliance Content

Open APIs Deployment en Mgmt

Tools

Real-time Data integriteit

Rol en Policy Mapping

RBAC Model


Identity Management Family

Novell Compliance Management Platform

Monitoring and Auditing Compliancy, Access Management

Novell Identity Manager 4.5Advanced Edition

Novell Identity Manager 4.5Standard Edition

RBAC, Rolemanagement, Reporting & Auditing

Real-time identity and password managementDevelopment tools


Identity Management Family


LET'S GO IN !


Architecture

Integrated installer



● When to use● Pros & Cons

IDM Engine


IDM Engine

● Hosts drivers● Event based actions● Time based actions● Redundant


IDM Drivers


IDM Drivers 1999


IDM Drivers 2016


IDM Drivers● DB2● Informix● JDBC (General)● MySQL● Oracle● Postgres● MS SQL● SyBase● ADS/ADAM● Critical Path● eDirectory (2)● IBM Directory● Iplanet● LDAP● NetScape● HP/UX● Linux● RedHat

● NIS● Oracle Directory● SecureWay● SUN Directory● SUN One● GroupWise● Notes● Exchange (AD)● Banner● Blackboard● Google Apps● PUM● Oracle EBS (3)● PeopleSoft● Remedy● SalesForce● Solaris● Suse-Linux

● SAP (6)● Sentinel● Sharepoint● SIF● Active Identity● Honeywell● IAS● PACS/Honeywell● ACF/2● I5/OS● RACF● TopSecret● JMS Mess Bus● AIX● Debian● FreeBSD● Access Review● DCS/MSG

● Entitlements● ID Provider● Loopback/Null● Manual Task● Scripting● State Machine● Workorder● Delimited Text● Generic File● Generic App● HTTP Service● REST Server● SOAP Server● User Application● Roles Service● Custom

Applications


OSP● One SSO Provider ● Integrated into SSPR / User Application / HPD● eDirectory integration: NMAS-SAML


SSPR● Password change● Password reset● User reset● Self Registration● User activation● User creation● My Profile● Peoplesearch● Helpdesk


SSPR


User Application ● Portal to house: ● Identity Services● Workflows● Role Requests & approvals● Role management

● But also

● Web Services Interfaces for ● Provisioning● Roles● Metrics● Passwords● VDX● Password Management


User Application


User Application for role management


Home Provisioning Desktop


HPD


Roles


Roles

Each resource is mapped to an entitlement.– A resource definition can have no more than one entitlement bound to it.– A resource definition can be bound to the same entitlement more than once, with different entitlement parameters for eachresource.

NOTE: The Entitlements table continues to provide the ability to add, edit, and remove entitlements. However, users are encouraged to begin associating Entitlements to resources instead of roles because resources are the new intermediate objects that encapsulate Entitlements. The Resources table is a read-only list of resources associated with a role.

• Resource Model – Detailed Relationship


Role Management


Identity Reporting


EAS & Sentinel


Designer● Off line development of IDM Drivers● Point and Click interface● Based on Eclipse, extendable with plugins● Code emulation● Code migration● SVN Plugin


Designer


Designer● Package manager


Designer


Analyzer

Data analyses: Mandatory !Connect to live systemsCompare data sourcesMetrics


Analyzer


Analyzer

62

Identify data integration pointsDetermine condition of dataPrepare data for deploymentEnsure unique identifier for each systemCombine data sourcesCreate clean instance of dataKeep the data in compliance

REPORT MONITOR


Purpose: Identify data integration points• Schema Discovery

– Understand the schema in each system you are connecting to in preparation for schema mapping.

• Data Discovery– Understand the Data– Configure the connections to the data store

Step 1: Discovery

63


Purpose: Identify data integration points• Import

– Flat file– Application specific (LDAP, etc.) – IDM Drivers (IDS) – Import

Designer configuration• Data Browser - Spreadsheet type tool

– Filter, Sort

Step 1: Discovery

64


Purpose: Identify data integration points• Import process allows you customize the search scope.

Step 1: Discovery

65


Purpose: Identify data integration points• Import process allows you customize the search scope.

Step 1: Discovery

66


Purpose: Determine condition of data• Schema Mapping

– match the schema– between the application

• and the identity vault

Step 2: Analyze

67


• Purpose: Determine condition of data• Data Inspector (from Data Browser)

– Visual Data Inspection– Flag – non-conforming – Data

• Data Analysis

Step 2: Analyze

68


Purpose: Determine condition of data• Schema Mapping

– match the schema– between the application

• and the identity vault

Step 2: Analyze

69


• Purpose: Prepare data for deployment• Simple Data Cleaning

– Within Data Browser– Add / Delete / Modify– Multi-value support

Step 3: Clean Data

70


• Update to Applications (or export to flat file)

Step 3: Clean Data

Green is showing update on missing value (missing eMail).

Tan/Olive is showing values changed.

71


Purpose: Ensure unique identifier for each system

Step 4: Matching

72


Unit testing with Validator / IDM Unit

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

Copyright © 2015 NetIQ Corporation. All rights reserved.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States.

IDM 4.5 What is in the box - ngage · Single Sign On Self service User provisioning Password...

Documents

Transcript of IDM 4.5 What is in the box - ngage · Single Sign On Self service User provisioning Password...