CA Identity Portal 14.2
Customer use case....
Beside request access for employee himself. User can request access for their "Service Account".
Firstly, employee already have an account for himself in target application.(which employee have no problem manage his Access via Identity Portal).
Now the situation become complicated, when user is allow to request additional account, which is "service account" in the same target application.
After that, employee is also allow to Manage access on this service account on same target application.
Note: Employee is allow to request "Create Service Account", "Modify Access for Service Account" and "Delete Service account".
Q) Can Identity Portal handle multiple account that belong to the same person/employee during Manage Access ?
Q) With the above use case, can Identity Portal handle it ? or we have to use Identity Manager portal ?
Yes, the identity suite can handle one user to multiple accounts (even on the same endpoint). You only need to make sure of a unique ID in the account template for each account.
e.g. user gil can have a gil account on AD as well as a gil-service account on the same AD.
My concern is on "Manage Access".If a CorpUser have multiple accounts mapped on same target system.
When this user make request, how does we know whether his is make request for which account for "gil" or "gil-service" ?
Will identity portal prompt which account to the "Access" will apply to ?
There are two approaches you can take:
I think option 1 is safer, if you have a set number of service accounts. If a user can have an arbitrary number of accounts, then option 2 might be the way to go.
Thanks for the advice, Gil.