Symantec IGA

Hi All,

I have a use case which i have not been able to resolve.

I have integrated CA IG with CA IDM. I have connected my endpoints with CA IG. I am using CA IDM only to store all user data and entitlements. CA IDM is not going to send any update (Provision/Deprovision) to end point accounts. CA IG is going to certify those entitlements.

I am planning to create a separate provisioning role and account template for corresponding Endpoint Groups for instance AD Security Group in CA IDM. In that case if an endpoint has 100 Security Groups, then i have to create 100 provisioning roles and account template in CA IDM.

The endpoints connected to CA IDM is AD and Salesforce.

Problem is how will i figure out which Prov role i have to assign to a user for that group. Is there any way to do that in CA IDM.

Please advise.

Thanks in advance.

Nishant

One method of doing this is to use the IG client tool.

Use the "Discover Characteristic Roles" method.

Select "Resource Attribute".  The default range will be all attributes.  

Set the minimums to 1  (and maximum=1).

This will create one role per AD Group.  You can rename these as needed.

When you export these to IM, the Roles will be Created, the Account Templates will be created, and the Users will be linked to the roles.  

You could also create a Kettle process to do the same thing.  

Hi Ricky,

Thanks for your response. 

Does the configuration using IG client tool works with other endpoints like SAP and Salesforce as well. I have to work with these endpoints also. CA IDM is connected with SAP and Salesforce.

Please advise.

Nishant

Hi Nishant,

Yes it should work for both SAP and sales force.

Thanks,

Yogitha