Anonymous_User Absent Member.
Absent Member.
741 views

Access Review and IDM integration


Hi

Has anyone had a chance to integrate the Access Review1.1 with IDM 4.5
using the Access Review driver in production or a test/PoC kind of
environment?
We are exploring the possibility of doing this and want to understand if
there are any specific things to keep in mind, apart from the standard
documentation that is available.

-Rohit


--
rohit_pandey
------------------------------------------------------------------------
rohit_pandey's Profile: https://forums.netiq.com/member.php?userid=9842
View this thread: https://forums.netiq.com/showthread.php?t=53700

0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: Access Review and IDM integration

On 6/17/2015 1:24 AM, rohit pandey wrote:
>
> Hi
>
> Has anyone had a chance to integrate the Access Review1.1 with IDM 4.5
> using the Access Review driver in production or a test/PoC kind of
> environment?
> We are exploring the possibility of doing this and want to understand if
> there are any specific things to keep in mind, apart from the standard
> documentation that is available.


I am curious what benefits the driver provides. What API's it talks.
Why this is different than reaching out via LDAP or SOAP and making the
changes determined. (I.e. AR decides some role needs to be revoked,
SOAP call to UA to revoke it. Does the driver replace this now?)



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Review and IDM integration


Yeah. I agree. And that was the reason I asked this question in the
forums.
But in our case, the plan is to have identities, permissions, groups etc
to be collected from various data sources(applications). And then have
AR integrated with the IDM using the AR driver.
Then configure it (which we need to test out in a lab). So this way we
should be able to get identities and resources created in the IDM which
might not be directly integrated with the IDM at that point.
We can then also use the UA bit to have access request mechanisms in
place. The request fulfillment might not be automated with a driver and
all but still it will give us a way to track the requests even for
applications that are not integrated in IDM. And then this will be
available for Access Reviews.

I know that this is complex. But from the AR and AR driver documentation
I can make out that this should be possible. Trying to find some people
who might have tried this out.

-Rohit


--
rohit_pandey
------------------------------------------------------------------------
rohit_pandey's Profile: https://forums.netiq.com/member.php?userid=9842
View this thread: https://forums.netiq.com/showthread.php?t=53700

0 Likes
Knowledge Partner
Knowledge Partner

Re: Access Review and IDM integration

On 6/18/2015 5:46 AM, rohit pandey wrote:
>
> Yeah. I agree. And that was the reason I asked this question in the
> forums.
> But in our case, the plan is to have identities, permissions, groups etc
> to be collected from various data sources(applications). And then have
> AR integrated with the IDM using the AR driver.
> Then configure it (which we need to test out in a lab). So this way we
> should be able to get identities and resources created in the IDM which
> might not be directly integrated with the IDM at that point.
> We can then also use the UA bit to have access request mechanisms in
> place. The request fulfillment might not be automated with a driver and
> all but still it will give us a way to track the requests even for
> applications that are not integrated in IDM. And then this will be
> available for Access Reviews.
>
> I know that this is complex. But from the AR and AR driver documentation
> I can make out that this should be possible. Trying to find some people
> who might have tried this out.


Your model of Roles/Resources for manual/non-connected systems is one we
have used many times. If it becomes importangt it is an empty box to be
filled in later with a driver.

Not tried what you are suggesting, but it sounds reasonable.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.