Administration Guide › CA Role & Compliance Manager Integration › How CA Identity Manager and CA RCM Communicate

How CA Identity Manager and CA RCM Communicate

When CA Identity Manager and CA RCM integrate, the following communication takes place.

1. A CA RCM administrator configures the CA Identity Manager connector to acquire data from the Provisioning Server.
2. CA RCM uses the data from CA Identity Manager to build a role model and role engineers adjust the role model, as needed, in CA RCM.
3. Once the role model is finalized, role engineers export the results to apply the role model to the Identity Manager data directly.

   The data is sent to CA Identity Manager using the Java Identity and Access Management (JIAM) API.

   This may result in CA RCM completing the following actions in CA Identity Manager:

   • Creating, modifying, or deleting provisioning roles and account templates
   • Adding or removing account templates from provisioning roles
   • Adding or removing users from provisioning roles

   For example, CA RCM analyzes the Identity Manager role model and notices that there is a new group of users that all have the same privileges in an endpoint. CA RCM creates a new account template for that endpoint in CA Identity Manager, associates that account template with a provisioning role and assigns the provisioning role to users.

   CA Identity Manager records these changes in the task persistence database, where they can be viewed in the View Submitted Tasks task.

4. CA RCM uses the Task Execution Web Service (TEWS) to reset the role owners for any new provisioning roles.

The following illustration demonstrates the flow of communication.

A different process occurs (in addition to the process mentioned above) when support for Smart Provisioning is enabled.

1. When Identity Manager administrators create or modify a user, or assign provisioning roles, they request a list of suggested roles or validate changes for compliance or pattern violations.
2. CA Identity Manager sends the request to the CA RCM Server.
3. The CA RCM Server evaluates the request against the existing role model, and returns the list of suggested roles, or compliance or validation messages to CA Identity Manager.