Integrate the Managed Endpoint in Identity Management

For the details about the following steps, search for the following topics based on the CA product:

• For CA CloudMinder and Identity Management 12.6 releases, search for Integrating the Endpoint in the CA CloudMinder bookshelf or search for Integrating Managed Endpoints in the Identity Management bookshelf.
• For CA Identity Manager 12.5 releases, search for Managed Endpoint Accounts in the CA Identity Manager bookshelf.

Follow these steps:

1. Navigate to the connectors download page, then open the attribute list for this endpoint type.

   This HTML page lists every endpoint attribute that the connector works with. Use this information in the following steps.

2. Set up the connector:
   1. Import the role definition file.
   2. (CA CloudMinder only) Create a role to manage the endpoint.
   3. Create correlation rules. Skip this step if you plan to migrate data.
   4. (CA CloudMinder only) Configure email notification for the endpoint.
3. Add the endpoint to the environment. In the Endpoint tab, complete the following mandatory fields:

   Endpoint Name

   Specifies the name of the new CA Top Secret endpoint. The endpoint name is the name that appears in the Provisioning Manager. Commas and semi-colons are not allowed.

   Mainframe LDAP IP Address/Machine Name

   Specifies the mainframe LDAP IP Address or machine name of the CA Top Secret.

   Mainframe LDAP Port

   Specifies the Listen Port for the Security Integrator running on the CA Top Secret.

   Use Server-Side SSL

   When checked, specifies that the server's SSL is used.

   Note: Ensure that you have imported the SSL certificate to Provisioning Server.

   Mainframe LDAP DN Suffix

   Specifies valid suffixes that are configured for the current CA LDAP Server operations in im naming mode. (See the chapter titled, "CATSS_DN Backend" in the CA LDAP Server for z/OS Administrator Guide for more information on naming mode.)

   Proxy Admin ID

   Allows you to specify an ID that is used to issue the password modifications that are requested through the workflow. This provides users with the ability to change or reset their passwords if their password has expired and they cannot be authenticated to the system.

   Proxy Admin Password

   The password to the Proxy Admin ID on the CA Top Secret endpoint.

   When you complete the fields on the Endpoint tab, use the information in the Endpoint section of the attribute list. You can find the details on the Download page.

4. Create an explore and correlate definition. Do not include the correlation if you plan to migrate data.

   Important! If you plan to migrate data from the plug-in connector, explore but do not correlate. Correlation of the new endpoint can introduce new associations that conflict with the correlation rules of the old endpoint.

5. Explore and correlate the endpoint.

   Note: If your explore-and-correlate definition does not include correlation, this step explores only.

Connect to the Endpoint in CA GovernanceMinder through Identity Management

This procedure is for the CA GovernanceMinder administrator.

Use this method for a CA GovernanceMinder installation that is associated with a Identity Management installation. In this situation, connect CA GovernanceMinder to Identity Management. CA GovernanceMinder immediately has access to the endpoints that Identity Management connects to.

Follow these steps:

1. Ensure that Identity Management can successfully connect to the endpoint, using the instructions in Connect to the Endpoint in Identity Management.
2. Set up the connection to Identity Management. For instructions, search for Integrating CA GovernanceMinder and CA IdentityMinder in the CA GovernanceMinder bookshelf.

   Note: When you come to the setting up mapping between endpoint objects and CA GovernanceMinder resources, we recommend that you use the template that comes with the connector. However you can set up custom mapping for the endpoint.

3. Run an import.

   All endpoint data is imported into CA GovernanceMinder. The selected endpoint permissions are modeled as resources, while provisioning roles and account templates are modeled as roles.

The connection process is complete. The CA GovernanceMinder administrators can now set up a schedule for running the connector job. The role engineers can now use CA GovernanceMinder to model and update roles in the data from the endpoint.