Based on documentation, CA Identity Portal main identity can come from CA IM or IG.
Let said first phase implementation, we install with Identity Portal together with IG first. Then users will login Identity Portal based on the users from IG,correct ?
On Second phase implementation, we installed & configured with IM. The Identity Portal Main connector switch from IG to IM. Then Identity Portal users login is now based on users from IM ? is this a workable approach ?
We have this idea, is because we want to implement access/account review first. After that we implement with access & account provisioning.
I don't see any issues with this approach, but you will have some migration work to do when switching to IM based authentication in the second phase. If possible try to figure out what the UserID will be in the IM system and use the same value for the IG authentication. This might mean that you won't use the standard AD authentication mechanism for IG since that requires that the domain be specified in the LoginID field. If IM will authenticate against an LDAP source, then have IG authenticate against the same. This will make your switch trivial.
Thanks for the feedback.