CA Identity Manager Implementation Guide - CA Technologies

More documents

Recommendations

Info

Develop a Deployment PlanSynchronize Global Users with the Identity Manager User StoreAfter you import users into the Provisioning Server, you can use the followingmethods to add those users to the Identity Manager user store:■Inbound SynchronizationInbound Synchronization keeps Identity Manager users up to date withchanges that occur in the Provisioning Directory. Changes in the ProvisioningDirectory include those made using Provisioning Manager or systems withconnectors to the Provisioning Server.Note the following when using inbound synchronization to import users:– In the Identity Manager Management Console, you can customize howthe attributes from the inbound request are mapped to attributes in theIdentity Manager task.Note: For more information, see the Administration Guide.– Consider which Provisioning Server changes require synchronizationwith the corporate user store. Synchronizing a large number of changesmay impact performance and scalability.■Provisioning Roles and Account TemplatesThe Provisioning Server can manage accounts in the Identity Manager userstore using provisioning roles and account templates. This requires that amanaged endpoint, which points to the Identity Manager user store has beenacquired and the appropriate account templates and roles exist. In this case,global users created through one of the options described in Import UsersThrough the Provisioning Server (see page 56) can be assigned aprovisioning role that creates the user account in the Identity Manager userstore.Develop a Deployment PlanWhen planning a large implementation, you should deploy CA Identity Managerfunctionality in stages. The following deployment order allows you to gainsignificant value from CA Identity Manager quickly, evaluate the changing needsof your implementation over time, and carefully construct your environment forbest performance and scalability:■■■Self-service and password managementIdentity policiesWorkflow approvals58 Implementation Guide
Develop a Deployment Plan■■Delegated administration for user, group, and organization objectsDelegated administration for role administrationAfter each deployment stage, be sure to evaluate performance and makeadjustments before proceeding to the next stage. Optimizing Identity Manager(see page 69) provides information on performance, tuning, and scalability.Deploy Self-Service and Password ManagementDeploy self-service tasks and password management before deploying otherIdentity Manager features for the following reasons:■■■Self-service tasks and password management are easy to deploy andprovide significant value quickly.These features are independent of the delegated administration model andcan be reconfigured as needed to address changing business needs.These features typically generate the highest volume of tasks that IdentityManager processes on a regular basis. Because of this, they provide a way totest the scalabilty of your implementation before you deploy additionalfeatures.To deploy self-service tasks, you complete the following steps:1. Configure the self-registration task.This is a public task, which is enabled by default during installation. Toconfigure this task, you add or remove fields from the defaultself-registration task, as needed.2. Deploy the Self Manager role.The member rule for this role should be configured to apply to all users, orshould include a member rule that automatically assigns the role to newusers. For example, you can create a member rule that assigns the SelfManager role to all full-time employees. When a user self-registers, IdentityManager can set the employee type to full-time (by using a logical attributehandler, or business task handler). The user meets the criteria in themember rule and receives the Self Manager role automatically.Note: When you configure member rules for the Self Manager role, do notallow administrators to add or remove role members. Since the role isassigned automatically, there is no need for an administrator to explicitlyassign the role.Chapter 4: Planning Your Implementation 59
Page 1 and 2:
CA Identity ManagerImplementation G
Page 3:
CA Product ReferencesThis document
Page 7 and 8: Task Processing and Performance ...
Page 9 and 10: Chapter 1: Managing Identities andA
Page 11 and 12: Admin Roles for User Account Manage
Page 13 and 14: Admin Roles for User Account Manage
Page 15 and 16: Password ManagementThe account temp
Page 17 and 18: CA RCM Integration■■Notificatio
Page 19: CA Enterprise Log Manager Integrati
Page 22 and 23: Complying with Business PoliciesThe
Page 24 and 25: Complying with Business PoliciesRep
Page 26 and 27: Transforming Data in the User Store
Page 28 and 29: Approving Business ChangesBusiness
Page 31 and 32: Chapter 3: Identity ManagerArchitec
Page 33 and 34: Identity Manager ComponentsFor exam
Page 35 and 36: Identity Manager ComponentsWhen you
Page 37 and 38: Identity Manager ComponentsCertain
Page 39 and 40: Identity Manager ComponentsWorkPoin
Page 41: Sample CA Identity Manager Installa
Page 44 and 45: Decide What to ManageHow to Configu
Page 46 and 47: Decide What to ManageAccount Templa
Page 48 and 49: Determine Audit RequirementsYou vie
Page 50 and 51: Decide User Store RequirementsCapab
Page 52 and 53: Decide Hardware RequirementsDecide
Page 54 and 55: Choose a Method to Import UsersAddi
Page 56 and 57: Choose a Method to Import UsersExec
Page 60 and 61: Develop a Deployment PlanTo deploy
Page 62 and 63: Develop a Deployment PlanEnvironmen
Page 65 and 66: Chapter 5: Integrating with SiteMin
Page 67: Password Policies with SiteMinderCA
Page 70 and 71: Role OptimizationsRole Optimization
Page 72 and 73: Role OptimizationsObjectTypeBaseObj
Page 74 and 75: Role Optimizations■■Tune the us
Page 76 and 77: Role OptimizationsTo limit the numb
Page 78 and 79: Task Optimizations■A user accesse
Page 80 and 81: Task OptimizationsRelationship Tabs
Page 82 and 83: Task OptimizationsGuidelines for Op
Page 84 and 85: Guidelines for Group Member\Adminis
Page 86 and 87: Identity Policy Optimizations■An
Page 88 and 89: Identity Policy OptimizationsLimit
Page 90 and 91: Tuning for Provisioning ComponentsC
Page 92 and 93: Runtime Components TuningIdentity M
Page 94 and 95: Runtime Components TuningTuning JMS
Page 97 and 98: Chapter 7: Creating a Disaster Reco
Page 99 and 100: Define Disaster Recovery Requiremen
Page 101 and 102: Develop Backup PlansMulti-Site Conn
Page 103 and 104: Develop Restore ProceduresComponent
Page 105 and 106: Develop Restore ProceduresRestore C
Page 107 and 108: Test the Recovery PlanTest the Fail
Page 109 and 110:
Chapter 8: Transitioning From eTrus
Page 111 and 112:
eTrust Admin Management Interfacese
Page 113 and 114:
Batch Processing in Identity Manage
Page 115:
Next Steps■etautilYou use the eta
Page 118 and 119:
How Role Evaluation Affects Perform
show all

CA Identity Manager Implementation Guide - CA Technologies

Create successful ePaper yourself

Delete template?

Save as template?