CA Identity Manager Implementation Guide - CA Technologies

More documents

Recommendations

Info

Guidelines for Group Member\Administrator OptimizationsWhen you define the group object in the directory configuration file, you canspecify the type of groups that the user store supports. If yourimplementation does not support nested or dynamic groups, set the GroupType attribute as follows:GroupType = NONEThe setting NONE specifies support for standard groups.The default Group Type setting is ALL, which may impact performance.Note: For more information about well-known attributes and group types inthe directory configuration file, see the Configuration Guide.■Set the Provisioning Directory cache indices to improve GlobalGroupperformanceFor Identity Manager implementations that include a combined user storeand Provisioning Directory, GlobalGroup membership can be optimized forpolicy rule evaluation for roles and identity policies.To enable this optimization, you index the following attributes, which theProvisioning Server uses to resolve group membership, in the ProvisioningDirectory cache:eTIDeTPIDeTPIDThe unique object ID attribute. For group membership lookups, thevalue is a specific user or group involved in the lookup.The parent ID of the object used when searching for membershiprelationships.The child ID of the object used when searching for membershiprelationships.Additionally, add the following hash entries:eTSuperiorClassThe type of the parent object in a membership lookupeTSubordinateClassThe type of the child object in a membership lookupNote: For more information about the Provisioning Directory cache, see theInstallation Guide.84 Implementation Guide
Identity Policy OptimizationsIdentity Policy OptimizationsAn identity policy is a set of business changes that occurs when a user meets acertain condition or rule. These changes can include assigning or revoking roles,assigning or revoking group membership, and updating attributes in a userprofile.Identity Manager evaluates identity policies when user synchronization occurs.Identity policy performance is affected by the following:■■How the identity policies are configuredHow often user synchronization occursHow Users and Identity Policies Are SynchronizedWhen using identity policies, it is important to understand how CA IdentityManager evaluates and applies the policies to users. Without a thoroughunderstanding of the user synchronization process, you may configureidentity policy sets that yield unexpected results.The following procedure describes how CA Identity Manager evaluates andapplies identity policies:1. The user synchronization process begins:■■Automatically—You can configure CA Identity Managertasks toautomatically trigger user synchronizationManually—Use the Synchronize User task in the User Console tosynchronize a user.2. CA Identity Manager determines the set of identity policies that apply to auser.3. CA Identity Manager compares the set of identity policies that apply to a userwith the list of policies that have already been applied to that user.Note: The list of policies that have been applied to a user is stored in the%IDENTITY_POLICY% well-known attribute in the user profile. Forinformation on configuring this attribute, see the Configuration Guide.■■If an identity policy is on the list of applicable policies, and the policy hasnot been applied to the user previously, then CA Identity Manager addsthe policy to an allocation list.If an identity policy is on the list of applicable policies, the policy hasbeen previously applied to the user, and the Apply Once setting for thepolicy is disabled, CA Identity Manager adds the policy to a reallocationlist.Chapter 6: Optimizing Identity Manager 85
Page 1 and 2:
CA Identity ManagerImplementation G
Page 3:
CA Product ReferencesThis document
Page 7 and 8:
Task Processing and Performance ...
Page 9 and 10:
Chapter 1: Managing Identities andA
Page 11 and 12:
Admin Roles for User Account Manage
Page 13 and 14:
Admin Roles for User Account Manage
Page 15 and 16:
Password ManagementThe account temp
Page 17 and 18:
CA RCM Integration■■Notificatio
Page 19:
CA Enterprise Log Manager Integrati
Page 22 and 23:
Complying with Business PoliciesThe
Page 24 and 25:
Complying with Business PoliciesRep
Page 26 and 27:
Transforming Data in the User Store
Page 28 and 29:
Approving Business ChangesBusiness
Page 31 and 32:
Chapter 3: Identity ManagerArchitec
Page 33 and 34: Identity Manager ComponentsFor exam
Page 35 and 36: Identity Manager ComponentsWhen you
Page 37 and 38: Identity Manager ComponentsCertain
Page 39 and 40: Identity Manager ComponentsWorkPoin
Page 41: Sample CA Identity Manager Installa
Page 44 and 45: Decide What to ManageHow to Configu
Page 46 and 47: Decide What to ManageAccount Templa
Page 48 and 49: Determine Audit RequirementsYou vie
Page 50 and 51: Decide User Store RequirementsCapab
Page 52 and 53: Decide Hardware RequirementsDecide
Page 54 and 55: Choose a Method to Import UsersAddi
Page 56 and 57: Choose a Method to Import UsersExec
Page 58 and 59: Develop a Deployment PlanSynchroniz
Page 60 and 61: Develop a Deployment PlanTo deploy
Page 62 and 63: Develop a Deployment PlanEnvironmen
Page 65 and 66: Chapter 5: Integrating with SiteMin
Page 67: Password Policies with SiteMinderCA
Page 70 and 71: Role OptimizationsRole Optimization
Page 72 and 73: Role OptimizationsObjectTypeBaseObj
Page 74 and 75: Role Optimizations■■Tune the us
Page 76 and 77: Role OptimizationsTo limit the numb
Page 78 and 79: Task Optimizations■A user accesse
Page 80 and 81: Task OptimizationsRelationship Tabs
Page 82 and 83: Task OptimizationsGuidelines for Op
Page 86 and 87: Identity Policy Optimizations■An
Page 88 and 89: Identity Policy OptimizationsLimit
Page 90 and 91: Tuning for Provisioning ComponentsC
Page 92 and 93: Runtime Components TuningIdentity M
Page 94 and 95: Runtime Components TuningTuning JMS
Page 97 and 98: Chapter 7: Creating a Disaster Reco
Page 99 and 100: Define Disaster Recovery Requiremen
Page 101 and 102: Develop Backup PlansMulti-Site Conn
Page 103 and 104: Develop Restore ProceduresComponent
Page 105 and 106: Develop Restore ProceduresRestore C
Page 107 and 108: Test the Recovery PlanTest the Fail
Page 109 and 110: Chapter 8: Transitioning From eTrus
Page 111 and 112: eTrust Admin Management Interfacese
Page 113 and 114: Batch Processing in Identity Manage
Page 115: Next Steps■etautilYou use the eta
Page 118 and 119: How Role Evaluation Affects Perform
show all

CA Identity Manager Implementation Guide - CA Technologies

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?