This guide is for administrators of CA IAM CS and CCS, who are responsible for the following tasks:
An endpoint is a specific installation of a platform or application which has identity and role data on it.
An endpoint can include the following systems:
For the full list of endpoints that you can connect to with CA IAM CS, see the Platform Support Matrix.
A connector is the software that enables communication between CA IAM CS and an endpoint system.
For each endpoint that you want to manage, you must have a connector. Connectors are responsible for representing each of the managed objects in your endpoint in a consistent manner. Connectors translate add, modify, delete, rename, and search LDAP operations on those objects into corresponding actions against the endpoint system.
A connector acts as a gateway to a native endpoint type system technology. For example, to manage computers running Active Directory Services (ADS) install the ADS connector on a connector server.
CA IAM CS comes with many connectors. In addition, you can generate a dynamic connector using Connector Xpress, and you can develop a custom static connector in Java.
Users use Connector Xpress to generate and maintain the XML metadata for JDBC and JNDI dynamic connectors. Developers can also maintain data for other connectors manually, or adjust metadata for released connectors (for instance adding site-specific mappings for custom attributes).
Each connector can perform the following operations on managed objects on the endpoint:
For most endpoint types, all of these operations can be performed on accounts. These operations can also be performed on other managed objects if the endpoint permits it.
Some consuming applications can perform all of these operations. Other consuming applications perform only some of these operations.
Example: What CA IdentityMinder can do on an endpoint
CA IdentityMinder manages identities on endpoints. It adds, modifies, deletes, and renames users, groups, and accounts.
Example: What CA GovernanceMinder can do on an endpoint
CA GovernanceMinder monitors roles and permissions on endpoints. It searches for users, groups, roles, and permissions. It can also remove roles from a user. However CA GovernanceMinder cannot create or delete user accounts.
CA IAM CS has two types of connectors:
CA Technologies creates new connectors in Java, and CA IAM Connector Server (CA IAM CS) serves these connectors.
If you create a connector, use Java.
Previously, CA Technologies created connectors in C++. These connectors still work well, and C++ Connector Server (CCS) serves these connectors. Usually, CCS is installed with and managed by CA IAM CS.
Note: You cannot use both CA IAM CS and CCS to manage the same endpoint type.
In addition, some consuming applications have their own connectors. CA IdentityMinder has some plugin connectors, and CA GovernanceMinder has some import connectors.
CA Technologies documents how to set up and use each connector, and also how to fill in the relevant fields in endpoint-specific screens.
Until recently, each endpoint type was documented with a section in the CA IdentityMinder Connectors Guide and a section in the online help for CA IdentityMinder User Console. The Connectors Guide is available in the product bookshelf, and the online help comes with the User Console.
An Endpoint Guide contains everything you need to know about setting up a connection to a particular endpoint type. An attribute list is an HTML page that describes every setting that is required for configuring a connector.
The Endpoint Guides and attribute lists are available on the Connector Download page. To access this page, log in with your CA Support credentials.
The documentation for any new connectors appears on this download page when the connector is released. A connector can be released at any time between releases of other products.
You can read the documentation, and then download the new connector from CA Support and use it with your consuming application. The new connector causes new pages to appear in some applications, including the CA IdentityMinder User Console. However, any Help links for these new pages will not work until the connector is included in the next release of your consuming application.
Client applications can use a connector server to get this data from the endpoints. Some client applications also manage some data on the endpoint. A connector server uses a connector to manage each endpoint.
When you install CA IAM CS, you have the option to install CCS in a managed mode. If you do this, CA IAM CS manages CCS and the C++ connectors that it manages.
If you prefer to install CCS on its own, it manages the C++ connectors directly.
Example: Two kinds of connectors
In this example, CA IAM CS serves the connectors for PeopleSoft and SalesForce. CCS serves the connectors for Active Directory and DB2.
|
Copyright © 2013 CA.
All rights reserved.
|
|