IM can have many permissions\entitlements defined in it (such as Provisioning Roles or Groups). If ID-Portal is used, this will probably be used for Access Requesting. This means that the permissions in IM will all have to appear in the ID-Portal Entitlements Tree.
In a high-volume environment (50k+ permissions in IM) maintaining this data consistently in both products will be a considerable overhead.
The aim is to define the items once, but have them appear consistently in both tools.
There are 2 possible ways of approaching this:
This proposal is to define the items in IM, and push the data into IP.
It is possible to define a transformation-process to map IM-Permissions to IP-Permissions – so this can be automated for a large-volume environment. The aim of this document is to provide a proposed mapping.
However, these things to be noted:
The steps in the transformation would be:
The item-types would be the IP items (there are 7):
See attached documents for proposed mapping, detailed mapping and an example.
Thank you for sharing this tip with the community Richard!
Managing Permissions Data in both IM and IP
I have been looking for this information. This should be part of the Product Documentation.