Symantec IGA

Hi

  I am trying to create an custom resource (example:Laptop or meeting room), which endpoint type dropdown list to be selected in CA IM user console or how to add custom resource in CA IM.Also have to create a workflow for that custom resource and after the approval,custom resource should be provisioned for that mentioned action.

  Please suggest if you use any other terminology in CA instead of custom/disconnected resource.also share the documents/views regarding this issue.

Best Regards,

Kirupakaran

Hi Kirupakaran,

It is not clear to me whether you intend to automatically provision from Identity Manager to the Asset Management system or whether you want to store the user's asset information locally in CA IM.

If you want to store the user & asset relationship information locally, typically, we use a user's multi-valued attribute to store information about such physical assets. You can put anything into a multi-valued attribute: the asset type, the serial number, etc. Obviously, you may also decide to manage the physical assets information via a CSV connector (put the information into a CSV file) or a JDBC connector (if you set up a database for storing information about assets and relationships between assets and users).

Many customers just want us to allow a user to request access to a physical asset from portal but then open a service desk ticket that goes to someone for manual provisioning and asset information management.

Do you also have Identity Portal or just Identity Manager? That influences what's the best way to set up such access requests and approvals.

KR
Russi

Hi Russi

     Thanks for your update.

We are just using Identity Manager 12.6.8.Our requirement is that,user can request access to a physical asset/Resources from IM console but then open a service desk ticket after the manager approval workflow and once the approval is done task should be considered as provisioned and stored in asset management system which could be excel sheet or database table.

Please share the possibility of the mentioned scenario.Docs/Ideas regarding this will be much helpful.

Best Regards

Kirupakaran

Hi Russi

      As you mentioned,Please assist with how to create a multivalued user attribute to store physical assets which a user can select and request.

Also share your idea on:After manager approval workflow how to manage the physical assets information via a CSV connector or a JDBC connector.please share if you know any docs regaring this.awaiting your reply.

Best Regards

Kirupakaran

Hello Kirupakaran,

Sorry I am traveling for business until Friday and have little access to internet and CA communities. 

When using CA Identity Portal, the whole access request process becomes much easier and it is out of the box. Since you do not have Identity Portal and only use CA Identity Manager 12.6.8 then you will need to create your own process and forms for requesting access. 

The flow would be the following, a user requests access by submitting an IM task (for example modify user task for self, or you may also decide to use services in IM), this task will have an approval workflow associated with it either at the task or the event level depending on your needs, the task or the associated events will also trigger a policy xpress policy when a specific condition takes place to open a service desk ticket. similarly, you can trigger a policy xpress policy or an identity policy at a task or event level or when a specific user attribute is changed to assign a provisioning role or to write directly an entry into your JDBC or CSV endpoint.

- you can take a look at self-subscribing services in Identity Manager here: Define the Service Profile - CA Identity Manager - 12.6.8 - CA Technologies Documentation 

- to add multi-valued attributes, you first need to extend the schema of your user store (whatever user store you are using, unless you have unused multi-valued attributes) then update Identity Manager corporate user store directory mappings.

LDAP User Store Management - CA Identity Manager - 12.6.8 - CA Technologies Documentation 

- Depending on the service desk being used, there's an out of the box NIM connector - see the documentation here:    Service Desk Integration - CA Identity Manager - 12.6.8 - CA Technologies Documentation    you will find the samples [installation_home]\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\PolicyXpress\NimIntegration directory.

- To create a CSV connector or acJDBC connector you need to use Connector xPress - see the documentation here: 

Flat File Connector - CA Identity Management & Governance Connectors - CA Technologies Documentation 

Dynamic Connectors (Connector Xpress) - CA Identity Management & Governance Connectors - CA Technologies Documentation 

Hope this helps

KR
Russi

Hi Russi

     Thanks for your update,it was very helpful for getting a action view on the task.

Task i am trying to do.Please Correct me if there is any mistake in the below mentioned process:

             I am trying to create and acquire endpoint from connector xpress with data source 'JDBC' which is said to be as custom resource(disconnected resource). so that from user console i can request access for that custom resource which should trigger worflow and finally saved in the mentioned database table. 

            I can able to create a new 'service' for requesting access, still how to map that custom resource to the created service.how do we find the custom resource while selecting task in IM? please give a brief which will be helpful.

Best Regards

Kirupakaran

Hi Russi

     Please share your update for the below mentioned query so it will be helpful in completing the task.Awaiting your reply

Best Regards

Kirupakaran

Hi, I have not been accessing CA Communities for a week, first I was traveling abroad for work and then we had Easter holidays. If your questions / requests are urgent, you should open a ticket with CA Support. Otherwise, myself or our peers make our best effort to respond based on our availability.

As I mentioned above, there are several ways to implement your requirement. Below I am just describing one way based on what you seem to have already configured:

1. It seems you have set up self subscribing services to request access to the physical assets. You can configure a screen that appears to users when they request access to services. Configure an attribute with a drop-down list here to allow the user to select whatever asset they need or configure the screens based on whatever information you want to collect from each user during the service request. For example,  see the screenshot below:

2. You can trigger a policy xpress policy on the event AddServiceToUserEvent or you can configure fulfillment actions for the Service itself as shown on the below 2 screens:

Policy xpress:

Service fulfillment actions:

3. in the action of these policy xpress or service fullfilment policy xpress you can perform all the desired actions such as opening a service desk ticket (check out IdentityManager/IAM_Suite/IdentityManager/tools/samples/PolicyXpress/NIMIntegration for a sample service and actions for NIMintegration. I believe this example does something very similar to what you are trying to achieve.

4. As a policy xpress action or a service fulfillment action you can also assign a provisioning role to this user to provision the user's asset information to SQL Server database you created for tracking asset information. Alternatively, you can execute SQL queries from policy xpress to update the SQL Server tables directly.

I hope this helps,

KR
Russi

Hi Russi

   Thanks for your update and it was very helpful.I am finding difficulty in finding documents for the above mentioned flow.

Please share me the possible CA documents for the mentioned tasks so that it would be helpful and i could process the flow:

1.How to configure a screen that appears to users when they request access to services. Configure an attribute with a drop-down list. 

2.How to create policy xpress policy on the event AddServiceToUserEvent

3.NIMintegration

4.How to assign a provisioning role to this user to provision the user's asset information to SQL Server database you created for tracking asset information.

Awaiting your reply.

Best Regards

Kirupakaran 

+919884568818

Hi Russi

   Waiting for your updates on documents which would be very helpful.

BR

Kirupakaran

Hi.Is there any chance of adding a default workflow to the created service like workflow available in admin task(two stage approval workflow).

Thanks

Kirupakaran