Here is how you can end-up with a Model configuration that is different from the Master:
Updates with Identity Governance through role modeling or the Auto-fix feature of audit finding such as out-of-pattern audit by HR, should always be applied to the Model configuration.
To push updated Identity Governance
data to Identity Manager
, you perform an export. The export process takes the differences between the Master and Model configurations, creates a DIFF file and sends those changes to Identity Manager
. Once CA Identity Manager
completes all the changes defined in the DIFF file, it sends a notification back to Identity Governance
. At that time, Identity Governance
updates the Master to reflect what is in the Model and Continuous Update keeps Identity Manager
and the Identity Governance
Master configuration synchronized.
Certification is typically run against the Model.
The question now, do you have Identity Governance integrated with Identity Manager, and are you doing any modeling or anything that would cause the Model configuration to be different from the Master?
P.S it is OK to run the certification against the Master but at least make sure you export the configuration from the Universe first.
Thanks!
Original Message:
Sent: 07-08-2020 09:49 AM
From: Yuan-Heng Lin
Subject: Details on Model Configuration - Governance
Hi Sai,
The model configuration is reflect to your campaign result. You can run certification on master instead of model by changing the certification template on "Select Configuration" field.
Best regards,
Frank
------------------------------
------------------------------
And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.
Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
Original Message:
Sent: 07-08-2020 09:38 AM
From: Sai Kumar Valluri
Subject: Details on Model Configuration - Governance
Hello Community Members,
We have seen Model configuration misses some resource-links once the campaign is launched. However, Master conf has all target endpoint links intact. We see some of the important links to be certified getting missed in Model.
As per documentation below is the only difference b/w master and model.
Is there any settings within IG to verify what is the evaluation criteria for creating Model configuration ?
Also, is it a good practice to run the certification on Master instead of Model ?
Thanks,
Sai