CA IdentityMinder Integration Guide › Integration Concepts › Connectivity Use Cases › Mixed Universe with Custom Endpoints - Example 1

Mixed Universe with Custom Endpoints - Example 1

Goal

You have a newly installed CA IdentityMinder 12.5 SP8 (or later) deployment with only a limited number of endpoints managed through the CA IAM Connector Server. You also have a number of custom or third-party systems that support an LDAP or JDBC connection. You want to implement CA GovernanceMinder to perform certification on the privileges across the organization and use your new CA IAM Connector Server connectors.

Environment Description

You have an Active Directory server, two UNIX servers, three Oracle databases, and two custom systems that use an LDAP or SQL interface. You have a newly installed CA IdentityMinder deployment, in which only one UNIX server and two Oracle databases are already defined and managed. It is assumed that the implementation team has developed dynamic connectors for the custom or third-party systems, using Connector Xpress.

Note: When developing the dynamic connector using Connector Xpress, each attribute has a new flag named Interesting for Compliance. The attributes with this flag represent privileges that must be certified in CA GovernanceMinder. For more information, see the Extended Metadata Properties section of the Connector Xpress Guide.

Process

1. Install CA GovernanceMinder.
2. After the new dynamic connector is ready, use Connector Xpress to push its definition to the CA IAM Connector Server installed with CA GovernanceMinder.
3. In the CA GovernanceMinder Portal, go to Administration, Connector Server Management.
4. Define the Active Directory server and the unmanaged UNIX and Oracle endpoints in the CA IAM Connector Server.
5. In the universe, go to the Connectivity tab.
6. Define a connector to CA IdentityMinder. Select the managed UNIX and Oracle endpoints and set this connector as the primary (As Users) connector.
7. Define connectors for the unmanaged endpoints, including the dynamic connector, by choosing the CA IAM Connector Server and, in each connector, choosing the correct endpoint.
8. Run all the import connectors at once through a multi-import job.

   All unmanaged endpoint data, including the dynamic connector data, is imported through the CA IAM Connector Server connectors. All managed endpoint data is imported through the CA IdentityMinder connectors. The selected endpoint permissions are modeled as resources and the provisioning roles and account templates are mapped to roles.

Note the following:

• Export is supported in this scenario only for the endpoints managed by CA IdentityMinder. The other endpoints must be provisioned manually.
• CA GovernanceMinder correlation is invoked on unmanaged endpoint accounts. The CA IdentityMinder users appear as CA GovernanceMinder users, whereas all endpoint users appear as CA GovernanceMinder accounts.