CA Identity Governance Configuration Guide › Connecting to Endpoint Systems › CA IAM Connector Server Connectivity Use Cases › Mixed Universe

Mixed Universe

Goal

You have a newly installed CA Identity Manager 12.5 SP8 (or later) deployment with only a limited number of endpoints managed through CA Identity Manager. You want to implement CA Identity Governance to perform certification on the privileges across the organization and use your new CA IAM Connector Server connectors.

Environment Description

You have an Active Directory server, two UNIX servers, three Oracle databases, and a RACF managed Mainframe. You have a newly installed CA Identity Manager system, in which only one UNIX server and two Oracle databases are defined and managed. Now, you want to perform certifications on the privileges across the organization.

Process

1. Install CA Identity Governance.
2. Go to Administration, Connector Server Management and create the Active Directory endpoint, the RACF endpoint, and the unmanaged UNIX and Oracle endpoints.

   Note: When defining the RACF connector, you are using the CA Identity Governance-specific RACF connector and not the one included with CA Identity Manager.

3. In the universe, under the Connectivity tab, define a connector to CA Identity Manager. Within it, select the managed UNIX and Oracle endpoints. Select the CA Identity Manager Connector as the primary (As Users) connector.
4. Define connectors for the unmanaged endpoints (the ones you created in Step 2) by selecting the CA IAM Connector Server and, in each connector, select the correct endpoint.
5. Run a multi-import job by selecting all the connectors.

   All unmanaged endpoint data is imported through the CA IAM Connector Server. All managed endpoint data is imported using the CA Identity Manager connectors. The selected endpoint permissions are modeled as resources and the provisioning roles and account templates are mapped to roles.

Note the following:

• Export is supported in this scenario only for the endpoints managed by CA Identity Manager. The other endpoints must be provisioned manually.
• CA Identity Governance correlation is invoked on unmanaged endpoint accounts. The CA Identity Manager users appear as CA Identity Governance users, whereas all endpoint users appear as CA Identity Governance accounts.