rreid

Commodore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-17
20:47
848 views
CPRS for additional drivers
I've toyed around with the CPRS feature of 4.7 and it is sooo much improved over the earlier PCRS. According to the release notes:
"Permission Collection Reconciliation Services (PCRS) is simplified for Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers. This implementation is known as Controlled Permission Reconciliation Services (CPRS). "
Are we to assume it will be available for more drivers? Is there a target for when it may be available? I'm specifically looking for it in the Azure AD/O365 Driver. It will make life much easier for a 50,000 user migration to O365. PCRS works but is problematic. Also, the 4.7 version of the Identity Applications is the first one I am able to expose the dashboard to general users. In the past users have been limited to Landing and SSPR because I found that the earlier versions have had a poor UI and limited customization on the dashboard. 4.7 has made big steps.
"Permission Collection Reconciliation Services (PCRS) is simplified for Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers. This implementation is known as Controlled Permission Reconciliation Services (CPRS). "
Are we to assume it will be available for more drivers? Is there a target for when it may be available? I'm specifically looking for it in the Azure AD/O365 Driver. It will make life much easier for a 50,000 user migration to O365. PCRS works but is problematic. Also, the 4.7 version of the Identity Applications is the first one I am able to expose the dashboard to general users. In the past users have been limited to Landing and SSPR because I found that the earlier versions have had a poor UI and limited customization on the dashboard. 4.7 has made big steps.
6 Replies


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-18
16:10
rreid wrote:
>
> I've toyed around with the CPRS feature of 4.7 and it is sooo much
> improved over the earlier PCRS. According to the release notes:
>
> "Permission Collection Reconciliation Services (PCRS) is simplified for
> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
> This implementation is known as Controlled Permission Reconciliation
> Services (CPRS). "
>
> Are we to assume it will be available for more drivers? Is there a
> target for when it may be available? I'm specifically looking for it in
> the Azure AD/O365 Driver.
What I would love to see is a generic package and a cool solution explaining
how to adapt CPRS to your target system.
> It will make life much easier for a 50,000
> user migration to O365. PCRS works but is problematic.
Very problematic
> Also, the 4.7
> version of the Identity Applications is the first one I am able to
> expose the dashboard to general users. In the past users have been
> limited to Landing and SSPR because I found that the earlier versions
> have had a poor UI and limited customization on the dashboard. 4.7 has
> made big steps.
Positive feedback.
--
If you find this post helpful, and are viewing this using the web, please show
your appreciation by clicking on the star below
>
> I've toyed around with the CPRS feature of 4.7 and it is sooo much
> improved over the earlier PCRS. According to the release notes:
>
> "Permission Collection Reconciliation Services (PCRS) is simplified for
> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
> This implementation is known as Controlled Permission Reconciliation
> Services (CPRS). "
>
> Are we to assume it will be available for more drivers? Is there a
> target for when it may be available? I'm specifically looking for it in
> the Azure AD/O365 Driver.
What I would love to see is a generic package and a cool solution explaining
how to adapt CPRS to your target system.
> It will make life much easier for a 50,000
> user migration to O365. PCRS works but is problematic.
Very problematic
> Also, the 4.7
> version of the Identity Applications is the first one I am able to
> expose the dashboard to general users. In the past users have been
> limited to Landing and SSPR because I found that the earlier versions
> have had a poor UI and limited customization on the dashboard. 4.7 has
> made big steps.
Positive feedback.
--
If you find this post helpful, and are viewing this using the web, please show
your appreciation by clicking on the star below
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-18
16:32
On 4/18/2018 11:10 AM, Alex McHugh wrote:
> rreid wrote:
>
>>
>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>> improved over the earlier PCRS. According to the release notes:
>>
>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>> This implementation is known as Controlled Permission Reconciliation
>> Services (CPRS). "
>>
>> Are we to assume it will be available for more drivers? Is there a
>> target for when it may be available? I'm specifically looking for it in
>> the Azure AD/O365 Driver.
>
> What I would love to see is a generic package and a cool solution explaining
> how to adapt CPRS to your target system.
It looks to me like almost none of CPRS is in the packages. I.e. Not
policy. Rather it is built into the shims.
The use of the side band channel for Entitlement Refresh queries does
not seem exposed to policy yet. (I am hoping for an extension in dxWire
or the like so we can call into it, like we can call into injecting a
query into other drivers.)
> rreid wrote:
>
>>
>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>> improved over the earlier PCRS. According to the release notes:
>>
>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>> This implementation is known as Controlled Permission Reconciliation
>> Services (CPRS). "
>>
>> Are we to assume it will be available for more drivers? Is there a
>> target for when it may be available? I'm specifically looking for it in
>> the Azure AD/O365 Driver.
>
> What I would love to see is a generic package and a cool solution explaining
> how to adapt CPRS to your target system.
It looks to me like almost none of CPRS is in the packages. I.e. Not
policy. Rather it is built into the shims.
The use of the side band channel for Entitlement Refresh queries does
not seem exposed to policy yet. (I am hoping for an extension in dxWire
or the like so we can call into it, like we can call into injecting a
query into other drivers.)


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-18
18:42
Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
> On 4/18/2018 11:10 AM, Alex McHugh wrote:
>> rreid wrote:
>>
>>>
>>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>>> improved over the earlier PCRS. According to the release notes:
>>>
>>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>>> This implementation is known as Controlled Permission Reconciliation
>>> Services (CPRS). "
>>>
>>> Are we to assume it will be available for more drivers? Is there a
>>> target for when it may be available? I'm specifically looking for it in
>>> the Azure AD/O365 Driver.
>>
>> What I would love to see is a generic package and a cool solution explaining
>> how to adapt CPRS to your target system.
>
> It looks to me like almost none of CPRS is in the packages. I.e. Not
> policy. Rather it is built into the shims.
>
OK so the shim needs to support side band query. (I forget the correct
term)
> The use of the side band channel for Entitlement Refresh queries does
> not seem exposed to policy yet. (I am hoping for an extension in dxWire
> or the like so we can call into it, like we can call into injecting a
> query into other drivers.)
>
More likely to be exposed via extended ldap call than via JClient/dxwire.
> On 4/18/2018 11:10 AM, Alex McHugh wrote:
>> rreid wrote:
>>
>>>
>>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>>> improved over the earlier PCRS. According to the release notes:
>>>
>>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>>> This implementation is known as Controlled Permission Reconciliation
>>> Services (CPRS). "
>>>
>>> Are we to assume it will be available for more drivers? Is there a
>>> target for when it may be available? I'm specifically looking for it in
>>> the Azure AD/O365 Driver.
>>
>> What I would love to see is a generic package and a cool solution explaining
>> how to adapt CPRS to your target system.
>
> It looks to me like almost none of CPRS is in the packages. I.e. Not
> policy. Rather it is built into the shims.
>
OK so the shim needs to support side band query. (I forget the correct
term)
> The use of the side band channel for Entitlement Refresh queries does
> not seem exposed to policy yet. (I am hoping for an extension in dxWire
> or the like so we can call into it, like we can call into injecting a
> query into other drivers.)
>
More likely to be exposed via extended ldap call than via JClient/dxwire.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-18
20:22
On 4/18/2018 1:42 PM, Alex McHugh wrote:
> Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
>> On 4/18/2018 11:10 AM, Alex McHugh wrote:
>>> rreid wrote:
>>>
>>>>
>>>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>>>> improved over the earlier PCRS. According to the release notes:
>>>>
>>>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>>>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>>>> This implementation is known as Controlled Permission Reconciliation
>>>> Services (CPRS). "
>>>>
>>>> Are we to assume it will be available for more drivers? Is there a
>>>> target for when it may be available? I'm specifically looking for it in
>>>> the Azure AD/O365 Driver.
>>>
>>> What I would love to see is a generic package and a cool solution explaining
>>> how to adapt CPRS to your target system.
>>
>> It looks to me like almost none of CPRS is in the packages. I.e. Not
>> policy. Rather it is built into the shims.
>>
>
> OK so the shim needs to support side band query. (I forget the correct
> term)
Me too. I forget the proper name as well.
>> The use of the side band channel for Entitlement Refresh queries does
>> not seem exposed to policy yet. (I am hoping for an extension in dxWire
>> or the like so we can call into it, like we can call into injecting a
>> query into other drivers.)
>>
>
> More likely to be exposed via extended ldap call than via JClient/dxwire.
Agreed, but dxwire might expose an interface to that, at a higher level.
I do not care, so long as it is exposed. 🙂 In a useful fashion. This
is different from out of band queing as well.
> Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
>> On 4/18/2018 11:10 AM, Alex McHugh wrote:
>>> rreid wrote:
>>>
>>>>
>>>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>>>> improved over the earlier PCRS. According to the release notes:
>>>>
>>>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>>>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>>>> This implementation is known as Controlled Permission Reconciliation
>>>> Services (CPRS). "
>>>>
>>>> Are we to assume it will be available for more drivers? Is there a
>>>> target for when it may be available? I'm specifically looking for it in
>>>> the Azure AD/O365 Driver.
>>>
>>> What I would love to see is a generic package and a cool solution explaining
>>> how to adapt CPRS to your target system.
>>
>> It looks to me like almost none of CPRS is in the packages. I.e. Not
>> policy. Rather it is built into the shims.
>>
>
> OK so the shim needs to support side band query. (I forget the correct
> term)
Me too. I forget the proper name as well.
>> The use of the side band channel for Entitlement Refresh queries does
>> not seem exposed to policy yet. (I am hoping for an extension in dxWire
>> or the like so we can call into it, like we can call into injecting a
>> query into other drivers.)
>>
>
> More likely to be exposed via extended ldap call than via JClient/dxwire.
Agreed, but dxwire might expose an interface to that, at a higher level.
I do not care, so long as it is exposed. 🙂 In a useful fashion. This
is different from out of band queing as well.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-19
09:00
This might help answer some of our questions.
https://www.netiq.com/communities/cool-solutions/cprs-controlled-permission-reconciliation-service-understanding-feature-whats-new-advantage-usage/
https://www.netiq.com/communities/cool-solutions/cprs-controlled-permission-reconciliation-service-understanding-feature-whats-new-advantage-usage/
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-04-19
10:44
On 4/19/2018 4:00 AM, Alex McHugh wrote:
> This might help answer some of our questions.
>
> https://www.netiq.com/communities/cool-solutions/cprs-controlled-permission-reconciliation-service-understanding-feature-whats-new-advantage-usage/
Thanks, that is helpful. Sort of. Opens up more questions than answers
really.
> This might help answer some of our questions.
>
> https://www.netiq.com/communities/cool-solutions/cprs-controlled-permission-reconciliation-service-understanding-feature-whats-new-advantage-usage/
Thanks, that is helpful. Sort of. Opens up more questions than answers
really.