CA Identity Manager Implementation Guide - CA Technologies

More documents

Recommendations

Info

Chapter 2: Addressing Business NeedsThis section contains the following topics:Processing Business Changes (see page 21)Complying with Business Policies (see page 22)Enforcing Segregation of Duties Requirements (see page 25)Transforming Data in the User Store (see page 26)Applying Custom Business Logic (see page 27)Approving Business Changes (see page 28)Processing Business ChangesYou can automate the processing of certain identity management tasks by usingidentity policies. An identity policy is a set of business changes that occurs whena user meets a certain condition or rule. You can use identity policy sets to:■■■Automate certain identity management tasks, such as assigning roles andgroup membership, allocating resources, or modifying user profileattributes.Enforce segregation of duties (see page 25). For example, you can create anidentity policy set that prohibits members of the Check Signer role fromhaving the Check Approver role, and restricts anyone in the company fromwriting a check over $10,000.Enforce compliance. For example, you can audit users who have a certaintitle and make more than $100,000.Identity policies that enforce compliance are called compliance policies.The business changes associated with an identity policy include:■■■Assigning or revoking roles, including provisioning roles (when CA IdentityManager includes provisioning)Assigning or revoking group membershipUpdating attributes in a user profileFor example, a company may create an identity policy which states that all VicePresidents belong to the Country Club Member group and have the role SalaryApprover. When a user’s title changes to Vice President and that user issynchronized with the identity policy, CA Identity Manager adds the user to theappropriate group and role. When a Vice President is promoted to CEO, she nolonger meets the condition in the Vice President identity policy so the changesapplied by that policy are revoked, and new changes based on the CEO policy areapplied.Chapter 2: Addressing Business Needs 21
Page 1 and 2: CA Identity ManagerImplementation G
Page 3: CA Product ReferencesThis document
Page 7 and 8: Task Processing and Performance ...
Page 9 and 10: Chapter 1: Managing Identities andA
Page 11 and 12: Admin Roles for User Account Manage
Page 13 and 14: Admin Roles for User Account Manage
Page 15 and 16: Password ManagementThe account temp
Page 17 and 18: CA RCM Integration■■Notificatio
Page 19: CA Enterprise Log Manager Integrati
Page 23 and 24: Complying with Business PoliciesCA
Page 25 and 26: Enforcing Segregation of Duties Req
Page 27 and 28: Applying Custom Business LogicApply
Page 29: Approving Business ChangesIn CA Ide
Page 32 and 33: Identity Manager ComponentsUser Sto
Page 34 and 35: Identity Manager ComponentsIn this
Page 36 and 37: Identity Manager ComponentsJava Con
Page 38 and 39: Identity Manager ComponentsConnecto
Page 40 and 41: Sample CA Identity Manager Installa
Page 43 and 44: Chapter 4: Planning YourImplementat
Page 45 and 46: Decide What to ManageProvisioning A
Page 47 and 48: Determine Audit Requirements3. Conf
Page 49 and 50: Decide User Store RequirementsCA Au
Page 51 and 52: Select Components to InstallSelect
Page 53 and 54: Decide Hardware RequirementsInterme
Page 55 and 56: Choose a Method to Import UsersImpo
Page 57 and 58: Choose a Method to Import UsersMeth
Page 59 and 60: Develop a Deployment Plan■■Dele
Page 61 and 62: Develop a Deployment PlanNote the f
Page 63: Develop a Deployment PlanNote the f
Page 66 and 67: SiteMinder AuthenticationAdvanced P
Page 69 and 70: Chapter 6: Optimizing Identity Mana
Page 71 and 72:
Role Optimizations3. Identity Manag
Page 73 and 74:
Role OptimizationsOptimize Role Pol
Page 75 and 76:
Role OptimizationsIn this example,
Page 77 and 78:
Task OptimizationsNote: The policy
Page 79 and 80:
Task OptimizationsTo determine the
Page 81 and 82:
Task OptimizationsTask Processing a
Page 83 and 84:
Guidelines for Group Member\Adminis
Page 85 and 86:
Identity Policy OptimizationsIdenti
Page 87 and 88:
Identity Policy OptimizationsDesign
Page 89 and 90:
User Store TuningUser Store TuningU
Page 91 and 92:
Runtime Components TuningRuntime Co
Page 93 and 94:
Runtime Components TuningJMS Messag
Page 95:
Runtime Components Tuning■JBoss T
Page 98 and 99:
How to Plan for Disaster RecoveryHo
Page 100 and 101:
Design a Redundant ArchitectureAlte
Page 102 and 103:
Develop Backup PlansComponent Descr
Page 104 and 105:
Develop Restore ProceduresRestore t
Page 106 and 107:
Document the Recovery PlanDocument
Page 108 and 109:
Provide Disaster Recovery TrainingP
Page 110 and 111:
Business Changes in Identity Manage
Page 112 and 113:
eTrust Admin Management InterfacesI
Page 114 and 115:
Deprecated Provisioning SDKs and Ut
Page 117 and 118:
IndexAAccount Synchronization • 4
Page 119:
SiteMinder Integration • 65Synchr
show all

CA Identity Manager Implementation Guide - CA Technologies

Create successful ePaper yourself

Delete template?

Save as template?