CA IdentityMinder Integration Guide › Integration Concepts › Connectivity Use Cases › Mixed Universe with Custom Endpoints - Example 2

Mixed Universe with Custom Endpoints - Example 2

Goal

You have a newly installed CA IdentityMinder 12.5 SP8 (or later) deployment with only a limited number of endpoints managed through the CA IAM Connector Server. You also have a number of custom or third-party systems that are accessed through Pentaho Data Integration (PDI). You want to implement CA GovernanceMinder to perform certification on the privileges across the organization and use your new CA IAM Connector Server connectors.

Environment Description

You have an Active Directory server, two UNIX servers, three Oracle databases, and two custom systems that expose proprietary interfaces (not LDAP or SQL). You have a newly installed CA IdentityMinder deployment, in which only one UNIX server and two Oracle databases are already defined and managed. It is assumed that the implementation team has developed PDI transformations for the custom applications using Pentaho Kettle.

Process

1. Install CA GovernanceMinder.
2. In the CA GovernanceMinder Portal, go to Administration, Connector Server Management.
3. Define the Active Directory server and the unmanaged UNIX and Oracle endpoints in the CA IAM Connector Server.
4. In the universe, go to the Connectivity tab.
5. Define a connector to CA IdentityMinder. Select the managed UNIX and Oracle endpoints and set this connector as the primary (As Users) connector.
6. Define connectors for the unmanaged endpoints, including the dynamic connector, by choosing the CA IAM Connector Server and, in each connector, choosing the correct endpoint.
7. Define two connectors for the custom systems by selecting the PDI connector. Fill in the appropriate parameters for this connector.
8. Run all the import connectors at once through a multi-import job.

   All unmanaged endpoint data, including the dynamic connector data, is imported through the CA IAM Connector Server connectors. All managed endpoint data is imported through the CA IdentityMinder connectors. All custom system data is imported by executing the provided solution.

   The selected endpoint permissions are modeled as resources and the provisioning roles and account templates are mapped to roles.

Note the following:

• Export is supported in this scenario only for the endpoints managed by CA IdentityMinder. The other endpoints must be provisioned manually.
• CA GovernanceMinder correlation is invoked on unmanaged endpoint accounts. The CA IdentityMinder users appear as CA GovernanceMinder users, whereas all endpoint users appear as CA GovernanceMinder accounts.