CA Identity Governance Configuration Guide › Connecting to Endpoint Systems › CA IAM Connector Server Connectivity Use Cases › Mixed Universe with Role Modeling

Mixed Universe with Role Modeling

Goal

You have an existing CA Identity Manager 12.5 SP8 (or later) deployment with a significant number of endpoints managed through the CA IAM Connector Server. You want to implement CA Identity Governance to perform certification on the privileges across the organization using the CA IAM Connector Server connectors, and also perform privilege cleanup and role modeling.

Environment Description

You have an Active Directory server, two UNIX servers, three Oracle databases, and a RACF managed Mainframe. You have an existing CA Identity Manager deployment where all seven endpoints are defined and managed.

Note: This scenario is unique, as CA Identity Governance interfaces with RACF in two different ways, using two different connectors. When retrieving CA Identity Manager data, the native CA Identity Manager RACF connector is used, but when working with CA Identity Governance, the CA Identity Governance-specific CA IAM Connector Server connector is used.

Process

1. Install CA Identity Governance.
2. In CA Identity Governance, create two universes, for example, "Org" and "RACF".
3. In the universe "Org", perform the following steps:
   1. Go to the Connectivity tab and define a connector to CA Identity Manager.
   2. After providing CA Identity Manager connection details, select all endpoints or use the "all" wildcard.
   3. Run the import.

      All data is imported through CA Identity Manager connectors. The selected endpoint permissions are modeled as resources, and provisioning roles and account templates are modeled as roles.

4. For the universe "RACF", perform the following steps:
   1. In the CA Identity Governance portal, go to Administration, Connector Server Management.
   2. Define the Top Secret endpoint in the CA IAM Connector Server. In this scenario, you are using the CA Identity Governance-specific Top Secret connector and not the one included with CA Identity Manager.
   3. In the universe, go to the Connectivity tab.
   4. Define a connector. Select the CA Identity Governance CA IAM Connector Server and specify the Top Secret endpoint. Within it, map Top Secret groups to CA Identity Governance roles and map data sources as CA Identity Governance resources.
   5. Run the import.

      All data is imported through the CA IAM Connector Server connector that is specific for CA Identity Governance. The resources and roles appear as mapped.

Note the following:

• Export is fully supported in the "Org" universe. Export is not supported in the "RACF" universe, as there is no support by the connector.
• CA Identity Governance correlation is not invoked. In the "Org" universe, CA Identity Manager is relied on to provide the associations between users and accounts, whereas in the "RACF" universe, correlation is not relevant because it contains only one source.