IDM 4.5 What is in the box - ngage · Single Sign On Self service User provisioning Password...
Transcript of IDM 4.5 What is in the box - ngage · Single Sign On Self service User provisioning Password...
© NetIQ - All Rights Reserved
IDM 4.5What is in the box
© nGage - All Rights Reserved
Agenda
2
● What is Identity Management● IDM Family● Integrated installer● IDM Engine● Drivers● Applications: User Application (/IDMProv)● Applications: Home Provisioning Desktop (/landing /dash)● Applications: Role Administration (/rra)● Applications: Identity Reporting (/IDMRPT)● Applications: Self Service Password Reset (/sspr)● EAS● Tools: Designer● Tools: Analyzer● Tools: Validator
Indentity Manager
© nGage - All Rights Reserved
Identity Management
HR ERP
PBX
DirectoryMail
OperatingSystem
Database Identity Vault
© nGage - All Rights Reserved
Identity Management
© nGage - All Rights Reserved
Identity Management
AuthorisationIdentification
Authentication
Single Sign On Self service
User provisioning
Password Synchronisation
Risk Management
Role based management
Corporate Identity
Federated Identity
Information Store
Access management & control
Compliancy
Attestation
Auditing
Information Consistency
Governance
Regulations & Law
WorkFlow (Businessflow)
Cloud
Claim – Context Based
© nGage - All Rights Reserved
Identity Management
The Other Stuff● Print credits● Card Access● File Storage Management● Selfservice requests
© nGage - All Rights Reserved
Why Identity Management
Automated processes (f.e. (de)provisoning)l Self Servicel Auditing
© nGage - All Rights Reserved
Why Identity Management
ApplicationsDirectories
OS and File Systems
DatabasesTelephone & Access
Help Desk Cloud en SaaS
Business Managers
Employees External employees
Clients-Suppliers
Work-flow Systeem
Identity Vault
White Pages/ Self-Service/ Wachtwoord
beheer
Business Resource aanvraag
Rol-gebaseerd en gedelegeerd
user beheer
Goedkeurings Work-flow
Web Services
Main Components
Connectoren
Gevanceerde rapportage
Identity Information Warehouse
Compliance Content
Open APIs Deployment en Mgmt
Tools
Real-time Data integriteit
Rol en Policy Mapping
RBAC Model
© nGage - All Rights Reserved
Identity Management Family
Novell Compliance Management Platform
Monitoring and Auditing Compliancy, Access Management
Novell Identity Manager 4.5Advanced Edition
Novell Identity Manager 4.5Standard Edition
RBAC, Rolemanagement, Reporting & Auditing
Real-time identity and password managementDevelopment tools
© nGage - All Rights Reserved
Identity Management Family
© nGage - All Rights Reserved
LET'S GO IN !
© nGage - All Rights Reserved
© nGage - All Rights Reserved
Architecture
Integrated installer
© nGage - All Rights Reserved
Integrated installer
● When to use● Pros & Cons
© nGage - All Rights Reserved
Integrated installer
© nGage - All Rights Reserved
Integrated installer
© nGage - All Rights Reserved
Integrated installer
IDM Engine
© nGage - All Rights Reserved
IDM Engine
● Hosts drivers● Event based actions● Time based actions● Redundant
© nGage - All Rights Reserved
IDM Drivers
© nGage - All Rights Reserved
IDM Drivers 1999
© nGage - All Rights Reserved
IDM Drivers 2016
© nGage - All Rights Reserved
IDM Drivers● DB2● Informix● JDBC (General)● MySQL● Oracle● Postgres● MS SQL● SyBase● ADS/ADAM● Critical Path● eDirectory (2)● IBM Directory● Iplanet● LDAP● NetScape● HP/UX● Linux● RedHat
● NIS● Oracle Directory● SecureWay● SUN Directory● SUN One● GroupWise● Notes● Exchange (AD)● Banner● Blackboard● Google Apps● PUM● Oracle EBS (3)● PeopleSoft● Remedy● SalesForce● Solaris● Suse-Linux
● SAP (6)● Sentinel● Sharepoint● SIF● Active Identity● Honeywell● IAS● PACS/Honeywell● ACF/2● I5/OS● RACF● TopSecret● JMS Mess Bus● AIX● Debian● FreeBSD● Access Review● DCS/MSG
● Entitlements● ID Provider● Loopback/Null● Manual Task● Scripting● State Machine● Workorder● Delimited Text● Generic File● Generic App● HTTP Service● REST Server● SOAP Server● User Application● Roles Service● Custom
Applications
© nGage - All Rights Reserved
OSP● One SSO Provider ● Integrated into SSPR / User Application / HPD● eDirectory integration: NMAS-SAML
© nGage - All Rights Reserved
SSPR● Password change● Password reset● User reset● Self Registration● User activation● User creation● My Profile● Peoplesearch● Helpdesk
© nGage - All Rights Reserved
SSPR
© nGage - All Rights Reserved
SSPR
© nGage - All Rights Reserved
SSPR
© nGage - All Rights Reserved
SSPR
© nGage - All Rights Reserved
User Application ● Portal to house: ● Identity Services● Workflows● Role Requests & approvals● Role management
● But also
● Web Services Interfaces for ● Provisioning● Roles● Metrics● Passwords● VDX● Password Management
© nGage - All Rights Reserved
User Application
© nGage - All Rights Reserved
User Application
© nGage - All Rights Reserved
User Application
© nGage - All Rights Reserved
User Application
© nGage - All Rights Reserved
User Application for role management
© nGage - All Rights Reserved
Home Provisioning Desktop
© nGage - All Rights Reserved
HPD
© nGage - All Rights Reserved
HPD
© nGage - All Rights Reserved
HPD
© nGage - All Rights Reserved
Roles
© nGage - All Rights Reserved
Roles
Each resource is mapped to an entitlement.– A resource definition can have no more than one entitlement bound to it.– A resource definition can be bound to the same entitlement more than once, with different entitlement parameters for eachresource.
NOTE: The Entitlements table continues to provide the ability to add, edit, and remove entitlements. However, users are encouraged to begin associating Entitlements to resources instead of roles because resources are the new intermediate objects that encapsulate Entitlements. The Resources table is a read-only list of resources associated with a role.
• Resource Model – Detailed Relationship
© nGage - All Rights Reserved
Role Management
© nGage - All Rights Reserved
Role Management
© nGage - All Rights Reserved
Role Management
© nGage - All Rights Reserved
Identity Reporting
© nGage - All Rights Reserved
Identity Reporting
© nGage - All Rights Reserved
Identity Reporting
© nGage - All Rights Reserved
Identity Reporting
© nGage - All Rights Reserved
Identity Reporting
© nGage - All Rights Reserved
EAS & Sentinel
Tools
© nGage - All Rights Reserved
Designer● Off line development of IDM Drivers● Point and Click interface● Based on Eclipse, extendable with plugins● Code emulation● Code migration● SVN Plugin
© nGage - All Rights Reserved
Designer
© nGage - All Rights Reserved
Designer● Package manager
© nGage - All Rights Reserved
Designer
© nGage - All Rights Reserved
Analyzer
Data analyses: Mandatory !Connect to live systemsCompare data sourcesMetrics
© nGage - All Rights Reserved
Analyzer
© nGage - All Rights Reserved
Analyzer
© nGage - All Rights Reserved
Analyzer
62
Identify data integration pointsDetermine condition of dataPrepare data for deploymentEnsure unique identifier for each systemCombine data sourcesCreate clean instance of dataKeep the data in compliance
REPORT MONITOR
© nGage - All Rights Reserved
Purpose: Identify data integration points• Schema Discovery
– Understand the schema in each system you are connecting to in preparation for schema mapping.
• Data Discovery– Understand the Data– Configure the connections to the data store
Step 1: Discovery
63
© nGage - All Rights Reserved
Purpose: Identify data integration points• Import
– Flat file– Application specific (LDAP, etc.) – IDM Drivers (IDS) – Import
Designer configuration• Data Browser - Spreadsheet type tool
– Filter, Sort
Step 1: Discovery
64
© nGage - All Rights Reserved
Purpose: Identify data integration points• Import process allows you customize the search scope.
Step 1: Discovery
65
© nGage - All Rights Reserved
Purpose: Identify data integration points• Import process allows you customize the search scope.
Step 1: Discovery
66
© nGage - All Rights Reserved
Purpose: Determine condition of data• Schema Mapping
– match the schema– between the application
• and the identity vault
Step 2: Analyze
67
© nGage - All Rights Reserved
• Purpose: Determine condition of data• Data Inspector (from Data Browser)
– Visual Data Inspection– Flag – non-conforming – Data
• Data Analysis
Step 2: Analyze
68
© nGage - All Rights Reserved
Purpose: Determine condition of data• Schema Mapping
– match the schema– between the application
• and the identity vault
Step 2: Analyze
69
© nGage - All Rights Reserved
• Purpose: Prepare data for deployment• Simple Data Cleaning
– Within Data Browser– Add / Delete / Modify– Multi-value support
Step 3: Clean Data
70
© nGage - All Rights Reserved
• Update to Applications (or export to flat file)
Step 3: Clean Data
Green is showing update on missing value (missing eMail).
Tan/Olive is showing values changed.
71
© nGage - All Rights Reserved
Purpose: Ensure unique identifier for each system
Step 4: Matching
72
© nGage - All Rights Reserved
Unit testing with Validator / IDM Unit
© nGage - All Rights Reserved
Unit testing with Validator / IDM Unit
© nGage - All Rights Reserved
Unit testing with Validator / IDM Unit
© NetIQ - All Rights Reserved
© NetIQ - All Rights Reserved
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
Copyright © 2015 NetIQ Corporation. All rights reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States.