CA Identity Governance Configuration Guide › Connecting to Endpoint Systems › CA IAM Connector Server Connectivity Use Cases › Mixed Universe with Custom Endpoints - Example 2

Mixed Universe with Custom Endpoints - Example 2

Goal

You have a newly installed CA Identity Manager 12.5 SP8 (or later) deployment with only a limited number of endpoints managed through the CA IAM Connector Server. You also have a number of custom or third-party systems that are accessed through Pentaho Data Integration (PDI). You want to implement CA Identity Governance to perform certification on the privileges across the organization and use your new CA IAM Connector Server connectors.

Environment Description

You have an Active Directory server, two UNIX servers, three Oracle databases, and two custom systems that expose proprietary interfaces (not LDAP or SQL). You have a newly installed CA Identity Manager deployment, in which only one UNIX server and two Oracle databases are already defined and managed. It is assumed that the implementation team has developed PDI transformations for the custom applications using Pentaho Kettle.

Process

1. Install CA Identity Governance.
2. In the CA Identity Governance Portal, go to Administration, Connector Server Management.
3. Define the Active Directory server and the unmanaged UNIX and Oracle endpoints in the CA IAM Connector Server.
4. In the universe, go to the Connectivity tab.
5. Define a connector to CA Identity Manager. Select the managed UNIX and Oracle endpoints and set this connector as the primary (As Users) connector.
6. Define connectors for the unmanaged endpoints, including the dynamic connector, by choosing the CA IAM Connector Server and, in each connector, choosing the correct endpoint.
7. Define two connectors for the custom systems by selecting the PDI connector. Fill in the appropriate parameters for this connector.
8. Run all the import connectors at once through a multi-import job.

   All unmanaged endpoint data, including the dynamic connector data, is imported through the CA IAM Connector Server connectors. All managed endpoint data is imported through the CA Identity Manager connectors. All custom system data is imported by executing the provided solution.

   The selected endpoint permissions are modeled as resources and the provisioning roles and account templates are mapped to roles.

Note the following:

• Export is supported in this scenario only for the endpoints managed by CA Identity Manager. The other endpoints must be provisioned manually.
• CA Identity Governance correlation is invoked on unmanaged endpoint accounts. The CA Identity Manager users appear as CA Identity Governance users, whereas all endpoint users appear as CA Identity Governance accounts.