Anonymous_User Absent Member.
Absent Member.
284 views

User account attestation process using custom workflow


Hi All,

For one of our client we are trying to place some short of user account
attestation functionality using Novell IDM framework(We are not using
AGS functionality for some reason).

Is it possible to achieve it using defining custom workflow?.

How we can track down which access has been already attested and which
one needs to be attested?

What changes needs to be made at e-Directory user object using workflow
to track down attestation process?


Any pointer would be great help!!!!!


Thanks in advance.

Regards
Hrishi


--
hrishikesh_pandey
------------------------------------------------------------------------
hrishikesh_pandey's Profile: https://forums.netiq.com/member.php?userid=1006
View this thread: https://forums.netiq.com/showthread.php?t=46346

Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: User account attestation process using custom workflow


Hi Hrishi,

I've some idea and I've been implemented custom attestation for one of
my customer few months ago. We cant implement robust attestation process
like Sailpoint or others but the below would be helpful for you start
something

1. Collect the application access details for each of the business
users in your eDir. Ex. A user whose unique id is 0010 and want to
attest his app1 & app2 then prepare the Xl sheet as below
userid app1 app2
0010 TRUE FALSE
means above user 0010 has the accessing app1 and he doesn't have any
access to app2.

2. Extend your eDir schema according to how many/what are the
application you are planing to attest through User App. After extension
user object should contains all these application attributes.
3.Through Java code /LDIF or CSV Driver load the respective application
access details to the eDir user objects (App1=TRUE,App2=FALSE etc).
4.create a no approval workflow and define all the application you want
to attest and represent via checkbox in the form.
5.the workflow will trigger periodically every three months/ whenever
there is department change for a user then manager will notified with
attestation process.
6. based on the managers decision you can update eDir values or perform
further actions.

Hope the above would be a good start for you!.

Cheers
Nirmalkumar Dhanaraj


--
idmuser
------------------------------------------------------------------------
idmuser's Profile: https://forums.netiq.com/member.php?userid=269
View this thread: https://forums.netiq.com/showthread.php?t=46346

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User account attestation process using custom workflow


Are you using entitlements/resources?

Mark


--
mdhazell
------------------------------------------------------------------------
mdhazell's Profile: https://forums.netiq.com/member.php?userid=471
View this thread: https://forums.netiq.com/showthread.php?t=46346

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User account attestation process using custom workflow


Thanks Nirmal and Mark for your quick reply.

We are currently showing account information(Custom attribute
multivalued attribute XXXaccess contained each systems name where
user has accounts ) to manager attestation form. lets say user having
10 account at 10 system i.e. AD,SAP,Oracle and LDAP system.

Our biggest challenge for now is , we are having 25+ system connected
with IDM and all attested account information needs to be flow inside
Reporting module.

Do we need to create Custom attribute or auxiliary class for each
system to store attestation information? What are information need to be
stored ?
How feasible this solution will be in future , when we need to add few
more new systems?

Regards
Hrishi


--
hrishikesh_pandey
------------------------------------------------------------------------
hrishikesh_pandey's Profile: https://forums.netiq.com/member.php?userid=1006
View this thread: https://forums.netiq.com/showthread.php?t=46346

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User account attestation process using custom workflow


Hi All,
I am still waiting for some inputs......


Regards
Hrishi


--
hrishikesh_pandey
------------------------------------------------------------------------
hrishikesh_pandey's Profile: https://forums.netiq.com/member.php?userid=1006
View this thread: https://forums.netiq.com/showthread.php?t=46346

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.