Hello,
I have IDM, IG, AD in my lab and I would like to review or at least report all permissions per user which are not assigned by IDM and they are assign directly in the target application only.
Reconciliation itself will be a next step.
Is something like that possible? Have you done something like that and can you share details how to achieve this "review"?
At this moment, I integrated IDM and AD separately in IG. Identities are coming from IDM only, I have 2 application sources - IDM and AD, hopefully with properly mapped attributes.
I've been told that a IG report "Reconciliation - CSV" might be what I want. But the report is always empty because the table reconciliation_perm_v is empty too. I have no clue how this works.
One of my idea is to create roles in IG 1:1 with roles in IDM and then somehow report permission which are not coming from roles...
If you can share you experience, it would be great.
Regards,
Milan