rreid Respected Contributor.
Respected Contributor.
638 views

CPRS for additional drivers

I've toyed around with the CPRS feature of 4.7 and it is sooo much improved over the earlier PCRS. According to the release notes:

"Permission Collection Reconciliation Services (PCRS) is simplified for Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers. This implementation is known as Controlled Permission Reconciliation Services (CPRS). "

Are we to assume it will be available for more drivers? Is there a target for when it may be available? I'm specifically looking for it in the Azure AD/O365 Driver. It will make life much easier for a 50,000 user migration to O365. PCRS works but is problematic. Also, the 4.7 version of the Identity Applications is the first one I am able to expose the dashboard to general users. In the past users have been limited to Landing and SSPR because I found that the earlier versions have had a poor UI and limited customization on the dashboard. 4.7 has made big steps.
Labels (1)
6 Replies
Knowledge Partner
Knowledge Partner

Re: CPRS for additional drivers

rreid wrote:

>
> I've toyed around with the CPRS feature of 4.7 and it is sooo much
> improved over the earlier PCRS. According to the release notes:
>
> "Permission Collection Reconciliation Services (PCRS) is simplified for
> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
> This implementation is known as Controlled Permission Reconciliation
> Services (CPRS). "
>
> Are we to assume it will be available for more drivers? Is there a
> target for when it may be available? I'm specifically looking for it in
> the Azure AD/O365 Driver.


What I would love to see is a generic package and a cool solution explaining
how to adapt CPRS to your target system.

> It will make life much easier for a 50,000
> user migration to O365. PCRS works but is problematic.


Very problematic

> Also, the 4.7
> version of the Identity Applications is the first one I am able to
> expose the dashboard to general users. In the past users have been
> limited to Landing and SSPR because I found that the earlier versions
> have had a poor UI and limited customization on the dashboard. 4.7 has
> made big steps.


Positive feedback.

--
If you find this post helpful, and are viewing this using the web, please show
your appreciation by clicking on the star below
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: CPRS for additional drivers

On 4/18/2018 11:10 AM, Alex McHugh wrote:
> rreid wrote:
>
>>
>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>> improved over the earlier PCRS. According to the release notes:
>>
>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>> This implementation is known as Controlled Permission Reconciliation
>> Services (CPRS). "
>>
>> Are we to assume it will be available for more drivers? Is there a
>> target for when it may be available? I'm specifically looking for it in
>> the Azure AD/O365 Driver.

>
> What I would love to see is a generic package and a cool solution explaining
> how to adapt CPRS to your target system.


It looks to me like almost none of CPRS is in the packages. I.e. Not
policy. Rather it is built into the shims.

The use of the side band channel for Entitlement Refresh queries does
not seem exposed to policy yet. (I am hoping for an extension in dxWire
or the like so we can call into it, like we can call into injecting a
query into other drivers.)

0 Likes
Knowledge Partner
Knowledge Partner

Re: CPRS for additional drivers

Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
> On 4/18/2018 11:10 AM, Alex McHugh wrote:
>> rreid wrote:
>>
>>>
>>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>>> improved over the earlier PCRS. According to the release notes:
>>>
>>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>>> This implementation is known as Controlled Permission Reconciliation
>>> Services (CPRS). "
>>>
>>> Are we to assume it will be available for more drivers? Is there a
>>> target for when it may be available? I'm specifically looking for it in
>>> the Azure AD/O365 Driver.

>>
>> What I would love to see is a generic package and a cool solution explaining
>> how to adapt CPRS to your target system.

>
> It looks to me like almost none of CPRS is in the packages. I.e. Not
> policy. Rather it is built into the shims.
>


OK so the shim needs to support side band query. (I forget the correct
term)

> The use of the side band channel for Entitlement Refresh queries does
> not seem exposed to policy yet. (I am hoping for an extension in dxWire
> or the like so we can call into it, like we can call into injecting a
> query into other drivers.)
>


More likely to be exposed via extended ldap call than via JClient/dxwire.



Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: CPRS for additional drivers

On 4/18/2018 1:42 PM, Alex McHugh wrote:
> Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
>> On 4/18/2018 11:10 AM, Alex McHugh wrote:
>>> rreid wrote:
>>>
>>>>
>>>> I've toyed around with the CPRS feature of 4.7 and it is sooo much
>>>> improved over the earlier PCRS. According to the release notes:
>>>>
>>>> "Permission Collection Reconciliation Services (PCRS) is simplified for
>>>> Active Directory, Multi-Domain Active Directory (MDAD) and LDAP drivers.
>>>> This implementation is known as Controlled Permission Reconciliation
>>>> Services (CPRS). "
>>>>
>>>> Are we to assume it will be available for more drivers? Is there a
>>>> target for when it may be available? I'm specifically looking for it in
>>>> the Azure AD/O365 Driver.
>>>
>>> What I would love to see is a generic package and a cool solution explaining
>>> how to adapt CPRS to your target system.

>>
>> It looks to me like almost none of CPRS is in the packages. I.e. Not
>> policy. Rather it is built into the shims.
>>

>
> OK so the shim needs to support side band query. (I forget the correct
> term)


Me too. I forget the proper name as well.

>> The use of the side band channel for Entitlement Refresh queries does
>> not seem exposed to policy yet. (I am hoping for an extension in dxWire
>> or the like so we can call into it, like we can call into injecting a
>> query into other drivers.)
>>

>
> More likely to be exposed via extended ldap call than via JClient/dxwire.


Agreed, but dxwire might expose an interface to that, at a higher level.

I do not care, so long as it is exposed. 🙂 In a useful fashion. This
is different from out of band queing as well.



0 Likes
Knowledge Partner
Knowledge Partner

Re: CPRS for additional drivers

This might help answer some of our questions.

https://www.netiq.com/communities/cool-solutions/cprs-controlled-permission-reconciliation-service-understanding-feature-whats-new-advantage-usage/
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: CPRS for additional drivers

On 4/19/2018 4:00 AM, Alex McHugh wrote:
> This might help answer some of our questions.
>
> https://www.netiq.com/communities/cool-solutions/cprs-controlled-permission-reconciliation-service-understanding-feature-whats-new-advantage-usage/


Thanks, that is helpful. Sort of. Opens up more questions than answers
really.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.