CPRS for additional drivers

I've toyed around with the CPRS feature of 4.7 and it is sooo much improved over the earlier PCRS. According to the release notes:

"Permission Collection Reconciliation Services (PCRS) is simplified for Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers. This implementation is known as Controlled Permission Reconciliation Services (CPRS). "

Are we to assume it will be available for more drivers? Is there a target for when it may be available? I'm specifically looking for it in the Azure AD/O365 Driver. It will make life much easier for a 50,000 user migration to O365. PCRS works but is problematic. Also, the 4.7 version of the Identity Applications is the first one I am able to expose the dashboard to general users. In the past users have been limited to Landing and SSPR because I found that the earlier versions have had a poor UI and limited customization on the dashboard. 4.7 has made big steps.
Parents
  • rreid wrote:

    >
    > I've toyed around with the CPRS feature of 4.7 and it is sooo much
    > improved over the earlier PCRS. According to the release notes:
    >
    > "Permission Collection Reconciliation Services (PCRS) is simplified for
    > Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
    > This implementation is known as Controlled Permission Reconciliation
    > Services (CPRS). "
    >
    > Are we to assume it will be available for more drivers? Is there a
    > target for when it may be available? I'm specifically looking for it in
    > the Azure AD/O365 Driver.


    What I would love to see is a generic package and a cool solution explaining
    how to adapt CPRS to your target system.

    > It will make life much easier for a 50,000
    > user migration to O365. PCRS works but is problematic.


    Very problematic

    > Also, the 4.7
    > version of the Identity Applications is the first one I am able to
    > expose the dashboard to general users. In the past users have been
    > limited to Landing and SSPR because I found that the earlier versions
    > have had a poor UI and limited customization on the dashboard. 4.7 has
    > made big steps.


    Positive feedback.

    --
    If you find this post helpful, and are viewing this using the web, please show
    your appreciation by clicking on the star below
Reply
  • rreid wrote:

    >
    > I've toyed around with the CPRS feature of 4.7 and it is sooo much
    > improved over the earlier PCRS. According to the release notes:
    >
    > "Permission Collection Reconciliation Services (PCRS) is simplified for
    > Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
    > This implementation is known as Controlled Permission Reconciliation
    > Services (CPRS). "
    >
    > Are we to assume it will be available for more drivers? Is there a
    > target for when it may be available? I'm specifically looking for it in
    > the Azure AD/O365 Driver.


    What I would love to see is a generic package and a cool solution explaining
    how to adapt CPRS to your target system.

    > It will make life much easier for a 50,000
    > user migration to O365. PCRS works but is problematic.


    Very problematic

    > Also, the 4.7
    > version of the Identity Applications is the first one I am able to
    > expose the dashboard to general users. In the past users have been
    > limited to Landing and SSPR because I found that the earlier versions
    > have had a poor UI and limited customization on the dashboard. 4.7 has
    > made big steps.


    Positive feedback.

    --
    If you find this post helpful, and are viewing this using the web, please show
    your appreciation by clicking on the star below
Children
  • On 4/18/2018 11:10 AM, Alex McHugh wrote:
    > rreid wrote:
    >
    >>
    >> I've toyed around with the CPRS feature of 4.7 and it is sooo much
    >> improved over the earlier PCRS. According to the release notes:
    >>
    >> "Permission Collection Reconciliation Services (PCRS) is simplified for
    >> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
    >> This implementation is known as Controlled Permission Reconciliation
    >> Services (CPRS). "
    >>
    >> Are we to assume it will be available for more drivers? Is there a
    >> target for when it may be available? I'm specifically looking for it in
    >> the Azure AD/O365 Driver.

    >
    > What I would love to see is a generic package and a cool solution explaining
    > how to adapt CPRS to your target system.


    It looks to me like almost none of CPRS is in the packages. I.e. Not
    policy. Rather it is built into the shims.

    The use of the side band channel for Entitlement Refresh queries does
    not seem exposed to policy yet. (I am hoping for an extension in dxWire
    or the like so we can call into it, like we can call into injecting a
    query into other drivers.)

  • Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
    > On 4/18/2018 11:10 AM, Alex McHugh wrote:
    >> rreid wrote:
    >>
    >>>
    >>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
    >>> improved over the earlier PCRS. According to the release notes:
    >>>
    >>> "Permission Collection Reconciliation Services (PCRS) is simplified for
    >>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
    >>> This implementation is known as Controlled Permission Reconciliation
    >>> Services (CPRS). "
    >>>
    >>> Are we to assume it will be available for more drivers? Is there a
    >>> target for when it may be available? I'm specifically looking for it in
    >>> the Azure AD/O365 Driver.

    >>
    >> What I would love to see is a generic package and a cool solution explaining
    >> how to adapt CPRS to your target system.

    >
    > It looks to me like almost none of CPRS is in the packages. I.e. Not
    > policy. Rather it is built into the shims.
    >


    OK so the shim needs to support side band query. (I forget the correct
    term)

    > The use of the side band channel for Entitlement Refresh queries does
    > not seem exposed to policy yet. (I am hoping for an extension in dxWire
    > or the like so we can call into it, like we can call into injecting a
    > query into other drivers.)
    >


    More likely to be exposed via extended ldap call than via JClient/dxwire.



  • On 4/18/2018 1:42 PM, Alex McHugh wrote:
    > Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
    >> On 4/18/2018 11:10 AM, Alex McHugh wrote:
    >>> rreid wrote:
    >>>
    >>>>
    >>>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
    >>>> improved over the earlier PCRS. According to the release notes:
    >>>>
    >>>> "Permission Collection Reconciliation Services (PCRS) is simplified for
    >>>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
    >>>> This implementation is known as Controlled Permission Reconciliation
    >>>> Services (CPRS). "
    >>>>
    >>>> Are we to assume it will be available for more drivers? Is there a
    >>>> target for when it may be available? I'm specifically looking for it in
    >>>> the Azure AD/O365 Driver.
    >>>
    >>> What I would love to see is a generic package and a cool solution explaining
    >>> how to adapt CPRS to your target system.

    >>
    >> It looks to me like almost none of CPRS is in the packages. I.e. Not
    >> policy. Rather it is built into the shims.
    >>

    >
    > OK so the shim needs to support side band query. (I forget the correct
    > term)


    Me too. I forget the proper name as well.

    >> The use of the side band channel for Entitlement Refresh queries does
    >> not seem exposed to policy yet. (I am hoping for an extension in dxWire
    >> or the like so we can call into it, like we can call into injecting a
    >> query into other drivers.)
    >>

    >
    > More likely to be exposed via extended ldap call than via JClient/dxwire.


    Agreed, but dxwire might expose an interface to that, at a higher level.

    I do not care, so long as it is exposed. :) In a useful fashion. This
    is different from out of band queing as well.



  • On 4/19/2018 4:00 AM, Alex McHugh wrote:
    > This might help answer some of our questions.
    >
    > https://www.netiq.com/communities/cool-solutions/cprs-controlled-permission-reconciliation-service-understanding-feature-whats-new-advantage-usage/


    Thanks, that is helpful. Sort of. Opens up more questions than answers
    really.