Team,
Based on requests, I have put together a short list of what is possible with the IM solution for source-of-records and/or downstream endpoints/applications with regards to web services.
*** ***
Review options for managing Web Services to/from CA IM:
There are five (5) options, where Option 3 and 4 are the most common, followed by Option 2.
Note: Most Cloud Applications will have their own ETL (extract/transform/load) modules to be used onsite to enrich data or determine use-case/sub-use-case(s).
These ETL module will use a PULL process from the cloud’s app web services, either manual or via scheduled tasks.
Details on options below w/ recommendations:
**** ****
Transactional Process(es):
Option 1: Assumes SOR (source-of-record) SME resource is able to build/tie a web service submission (SOAP/XML) to a task in SOR; and No ETL module is required. [Require SNOW SME/developer skill set to build SOAP calls to be PUSHED to another solution.]
Data Flow Example: SOR (Workday/ServiceNow/etc.) -> Web Services (HTTPS/SOAP) transaction defined in SOR to PUSH -> CA Identity Manger (TEWS – Web Services enabled for each task) -> CA IM Business Rules (if needed)
Scheduled Process(es): (see PDF for example)
Option 2: Assumes no web service is create in the SOR, but a middle-ware component of ETL is used. [May require developer skill set for ETL module to call a Web Service module]
Data Flow Example: SOR (Workday/ServiceNow/etc.) -> ETL (PULL via Scheduler Tool - extract-transform-load module/provided by vendor or created by customer or services/ used to enrich data or identify use-case) -> Custom Java/CLI Web Service Module --> CA Identity Manger (TEWS – Web Services enabled for each task) -> CA IM Business Rules (if needed)
Option 3: Assumes no web service is create in the SOR, but a middle-ware component of ETL is used and CA IM Bulk Loader Client (pre-built java module to Web Services) [No developer skill set expected]
Data Flow Example: SOR (Workday/ServiceNow/etc.) -> ETL (PULL via Scheduler Tool- extract-transform-load module/provided by vendor or created by customer or services/ used to enrich data or identify use-case) -> CA IM BLC (pre-built java module to TEWS) -> CA Identity Manger (TEWS – Web Services enabled for each task) -> CA IM Business Rules (if needed)
IM is SOR, not the cloud app:
Option 4: Assumes IM is the source of truth/record (SOR) for EMPLOYEE/CONTRACTORS [IM would create and manage access + call ServiceNow if needed for other access]
Data Flow Example: Delegated Admin (Manual/Browser) -> CA IM User Console -> IM Create User or Modify User Tasks -> Submission -> Two Data Pathway -> Automated to managed endpoints (on-prem/cloud) & CA NIM Module -> Create/Manage Tickets in Service Now
[CA NIM = CA Normalized Incident Management. A module included under the CA Identity Suite license for use with ticket systems.]
Option 5: Assumes IM is the source of truth/record (SOR) for EMPLOYEE/CONTRACTORS [IM would create and manage access + ServiceNow is a cloud endpoint]
Data Flow Example: Delegated Admin (Manual/Browser) -> CA IM User Console -> IM Create User or Modify User Tasks -> Submission -> Automated to managed endpoints (on-prem/cloud) -> CA API Gateway (Layer7) -> REST Web Service Configuration to Service Now -> Create/Manage Tickets in Service Now
[CA API Gateway. A module included under the CA identity Suite license for use with Cloud Web Services]
###### ####
Example of calling IM TEWS (SOAP) via a CLI (Powershell)
https://communities.ca.com/thread/241751474
Example of using IM BLC (A pre-built module using IM TEWS)
https://communities.ca.com/thread/241744971
Knowledge Transfer of Web Services: SOAPUI, a 3rd party tool, that is useful for knowledge transfer & addressing the learning curve of using web services.
https://www.soapui.org/
IM/SNOW Example:
- If option 1 is chosen as the design, then assign a SNOW SME/Developer to the project team for eighty (80) hours.
- Goal:
- IM Architects would exposed the IM Tasks, and provide the Web Service WSDL
- Customer Network team would expose the IM solution via a secure web access control solution, e.g. SSO/SM
- SNOW SME would update the SNOW solution to call a remote web service
- Body of the remote service call would include variables and the exact IM task name.
- Process would capture the IM transaction ID for any submitted request.
- SNOW SME would update the SNOW solution to include a verification check, to call the IM VST (view submitted task) with the transaction ID.
- Process would record success/failure.
Comments are welcome. Any other options being used in the field?
See example PDF with a Cloud SOR.
Cheers,
A.