Configuration Guide › Connecting to Endpoint Systems › CA IAM Connector Server Connectivity Use Cases › Mixed Universe with Role Modeling

Mixed Universe with Role Modeling

Goal

You have an existing CA IdentityMinder 12.5 SP8 (or later) deployment with a significant number of endpoints managed through the CA IAM Connector Server. You want to implement CA GovernanceMinder to perform certification on the privileges across the organization using the CA IAM Connector Server connectors, and also perform privilege cleanup and role modeling.

Environment Description

You have an Active Directory server, two UNIX servers, three Oracle databases, and a RACF managed Mainframe. You have an existing CA IdentityMinder deployment where all seven endpoints are defined and managed.

Note: This scenario is unique, as CA GovernanceMinder interfaces with RACF in two different ways, using two different connectors. When retrieving CA IdentityMinder data, the native CA IdentityMinder RACF connector is used, but when working with CA GovernanceMinder, the CA GovernanceMinder-specific CA IAM Connector Server connector is used.

Process

1. Install CA GovernanceMinder.
2. In CA GovernanceMinder, create two universes, for example, "Org" and "RACF".
3. In the universe "Org", perform the following steps:
   1. Go to the Connectivity tab and define a connector to CA IdentityMinder.
   2. After providing CA IdentityMinder connection details, select all endpoints or use the "all" wildcard.
   3. Run the import.

      All data is imported through CA IdentityMinder connectors. The selected endpoint permissions are modeled as resources, and provisioning roles and account templates are modeled as roles.

4. For the universe "RACF", perform the following steps:
   1. In the CA GovernanceMinder portal, go to Administration, Connector Server Management.
   2. Define the Top Secret endpoint in the CA IAM Connector Server. In this scenario, you are using the CA GovernanceMinder-specific Top Secret connector and not the one included with CA IdentityMinder.
   3. In the universe, go to the Connectivity tab.
   4. Define a connector. Select the CA GovernanceMinder CA IAM Connector Server and specify the Top Secret endpoint. Within it, map Top Secret groups to CA GovernanceMinder roles and map data sources as CA GovernanceMinder resources.
   5. Run the import.

      All data is imported through the CA IAM Connector Server connector that is specific for CA GovernanceMinder. The resources and roles appear as mapped.

Note the following:

• Export is fully supported in the "Org" universe. Export is not supported in the "RACF" universe, as there is no support by the connector.
• CA GovernanceMinder correlation is not invoked. In the "Org" universe, CA IdentityMinder is relied on to provide the associations between users and accounts, whereas in the "RACF" universe, correlation is not relevant because it contains only one source.