CA Identity Suite 14.x: Implementation - Integrate The Components 200

CA
Identity Suite 14.x:
Implementation – Integrate the
Components 200
Student Guide
04IMG2042S
04IMG2042SG1 © 2017 CA. ALL RIGHTS RESERVED.
‐ PROPRIETARY AND CONFIDENTIAL INFORMATION ‐
© 2017 CA. All rights reserved. CA confidential & proprietary information. For CA, CA Partner
and CA Customer use only. No unauthorized use, copying or distribution. All names of
individuals or of companies referenced herein are fictitious names used for instructional
purposes only. Any similarity to any real persons or businesses is purely coincidental. All
trademarks, trade names, service marks and logos referenced herein belong to their
respective companies. These Materials are for your informational purposes only, and do not
form any type of warranty. The use of any software or product referenced in the Materials is
governed by the end user’s applicable license agreement. CA is the manufacturer of these
Materials. Provided with “Restricted Rights.”
CA Identity Suite 14.x: Implementation – Integrate the Components 200 1
CA Identity Suite 14.x: Implementation –
Integrate the Components 200
Welcome to the CA Identity Suite 14.x: Implementation – Integrate the Components 200
course.
CA Identity Suite 14.x: Implementation – Integrate the Components 200
CA CONFIDENTIAL AND PROPRIETARY INFORMATION. UNAUTHORIZED COPYING OR DISTRIBUTION PROHIBITED.
For Learn More Edition Subscribers:
Please note the following learning components complement one another:
 Web‐based training
– Conceptual content with recorded demonstrations that map to the lab activities in
the Dynamic Lab
– Although not required, we recommend you review the WBT component first, as it
describes various use cases for the features and context for the lab activities
 Dynamic Lab Environment
– A fully functional training platform, with a Student Guide and Lab Guide
 Your Student Guide contains pages that indicate when each lab can be performed
 Your Lab Guide provides step‐by‐step instructions for each lab
– You can perform these labs as you progress through the WBT, or choose to perform
the labs all at once
* Some topics may not have a corresponding lab
© 2017 CA. All rights reserved.
Course Objectives
After this course, you will be able to:
 Integrate CA Identity Governance with CA
Identity Manager
 Integrate CA Identity Portal with CA Identity
Manager and CA Identity Governance
Course Agenda
1 Integrate CA Identity Governance with CA Identity Manager
Integrate CA Identity Portal with CA Identity Manager and CA Identity
2
Governance
Hands‐on Learning as a Voonair Airlines Employee
You will follow a fictitious company, Voonair Airlines, as they:
 Discover a business need for CA Identity Suite
 Deploy a full CA Identity Suite implementation
– CA Identity Manager
– CA Identity Governance
– CA Identity Portal
You will act as the IT Systems Administrator in Voonair Airlines to:
 Install and integrate the solution functionality using hands‐on‐labs in a
virtual lab environment
To provide a scenario supporting your learning experience, you will follow a fictitious
company, Voonair Airlines, through their journey from recognizing a business need to
implementing the entire CA Identity Suite solution. You will assume the role of an IT
Systems Administrator in Voonair Airlines and complete hands‐on labs that install and
integrate the solution functionality for Voonair Airlines.
Voonair Airlines Case Study
Voonair Airlines is a fictitious large national airline that services over
SCENARIO 10 million customers annually. The growth of Voonair is due to a
recent merger with a similarly sized national carrier and various
acquisitions of smaller regional airlines to increase its market share.
A lot of restructuring and staff reorganization has ensued.
The large scale personnel changes that accompanied the
reorganization has left Voonair scrambling to understand who has
PROBLEM
access to what and, as importantly, reconciling this with who should
have access to what. To make matters worse, their current processes
for managing user identities and governing access are driven on a
manual or ad‐hoc basis, which is inefficient, costly to administer,
unfriendly to business users, and poses serious security risks.
After careful consideration, Voonair has purchased CA Identity Suite
SOLUTION
to help them automate their identity management and governance
processes and simplify the business user experience. As the IT
Systems Administrator in Voonair, you are responsible for the
successful rollout of the product functionality across the
organization.
Your Dynamic Lab Environment
Your dynamic lab environment consists of three virtual Windows 2012 servers:
04IMG20429‐ 04IMG20429‐ 04IMG20429‐

IG Server IM Server Jaspersoft
 CA Identity  CA Identity  CABI JasperReports

Governance 14.0 Manager 14.0 Server 6.2
 CA Identity Portal
14.0 SP1
Your dynamic lab environment for this course consists of three virtual Windows 2012
server machines.
On the IG Server VM, you will install and configure CA Identity Governance.
On the IM Server VM, you will install and configure CA Identity Manager and CA Identity
Portal.
And on the Jaspersoft VM, you will install and configure CABI JasperReports Server.
Integrate CA Identity Governance with
CA Identity Manager
Module Objectives
After completing this module, you will be
able to:
 Identify the integration concepts and
use cases
 Configure the integration with CA
Identity Manager
Why you need to know:
 By integrating, you can validate that CA
Identity Manager user privileges are
granted in accordance with business
compliance policies and use compliance
checking when creating users, roles, and
accounts in CA Identity Manager.
Voonair Airlines
Integrating CA Identity Governance with CA Identity Manager
You have successfully installed CA Identity Manager and CA Identity
Governance.
As the Systems Administrator at Voonair Airlines, your next assignment is to:
 Configure the integration between CA Identity Manager and CA Identity
Governance
Why Integrate?
CA Identity Manager CA Identity Governance
– Manage user identities – Develop, maintain, and
– Govern access based on roles analyze role models
– Centralized and automated
identity compliance
When you integrate, you can:
• Validate that CA Identity Manager user privileges are granted in accordance
with business compliance policies
• Get suggested roles and compliance checking when creating or modifying
CA Identity Manager users, roles, and accounts
• Understand what roles exist in your organization, establish a role model that
fits your organization, and re‐create the desired role model within CA
Identity Manager
• Analyze and maintain the role model as the business evolves
So why integrate the two products? Well first, lets recap on what each product does.
CA Identity Manager is an identity lifecycle management product that enables you to
manage user identities and govern what they can access based on their role.
CA Identity Governance is an identity lifecycle management product that enables you to
develop, maintain, and analyze role models. CA Identity Governance also provides
centralized identity compliance policy controls and automates processes associated with
meeting compliance demands.
When you integrate CA Identity Manager and CA Identity Governance, you can:
• Validate that CA Identity Manager user privileges are granted in accordance with
business compliance policies
• Get suggested roles and compliance checking when creating or modifying CA Identity
Manager users, roles, and accounts
• Understand what roles exist in your organization, establish a role model that fits your
organization, and re‐create the desired role model within CA Identity Manager
• And analyze and maintain the role model as the business evolves
Integration Architecture
Integration between CA Identity Manager and CA Identity Governance is achieved by
defining import and export connectors in CA Identity Governance that enable the flow of
data between the two systems.
Import/Export Process
What happens to the imported data?
1. The product creates a local copy of all the CA Identity Manager data.
2. The product compares the local copy with the master configuration
(current state of entitlements). This results in a list of all changes since the
last time the import ran.
3. The master configuration is updated with all the changes, and the master
configuration now reflects everything in CA Identity Manager.
4. All changes are made one by one in the model configuration (current state
of entitlements plus any changes).
To introduce CA Identity Manager data to CA Identity Governance, you perform an
import.
But what happens to the data when you import it into CA Identity Governance?
First, CA Identity Governance creates a local copy of all the CA Identity Manager data that
you imported.
Next, CA Identity Governance compares the local copy with the master configuration
(which is the current state of entitlements). This results in a list of all changes since the
last time the import ran. The master configuration is updated with all the changes, and
the master configuration now reflects everything in CA Identity Manager.
Then, all changes are made one by one in the model configuration (which is the current
state of entitlements plus any changes). If the model configuration was the same as the
master configuration, it will also be the same after the import. However, if there were
changes made in the model, they are not overwritten by the import.
Import/Export Process Continued
To push updated CA Identity Governance data back to CA Identity Manager,
you perform an export.
1. Takes the differences between the master and model configurations,
creates a DIFF file, and sends those changes to CA Identity Manager.
2. CA Identity Manager completes each change defined in the export task
and sends a notification back to CA Identity Governance.
3. CA Identity Governance updates the master configuration to reflect what
is in the model configuration and Continuous Update keeps CA Identity
Manager and the CA Identity Governance master configuration
synchronized.
To push updated CA Identity Governance data back to CA Identity Manager, you perform
an export.
1. Takes the differences between the master and model configurations, creates a DIFF
file, and sends those changes to CA Identity Manager.
2. CA Identity Manager completes each change defined in the export task and sends a
notification back to CA Identity Governance.
3. CA Identity Governance updates the master configuration to reflect what is in the
model configuration and Continuous Update keeps CA Identity Manager and the CA
Identity Governance master configuration synchronized.
Information Mapping
When CA Identity Manager and CA Identity Governance integrate, the
following information is synchronized between the two systems:
 User information
 Role information
 Account information
 Endpoint object information
Information Mapping Continued
Here’s a visual depiction of the information mapping between the two systems.
CA Identity Manager users are imported as CA Identity Governance users.
CA Identity Manager provisioning roles and account templates are imported as CA
Identity Governance roles.
And CA Identity Manager endpoint objects are imported as CA Identity Governance
resources.
Communication Mechanisms
The integration between CA Identity Manager and CA Identity Governance
uses the following communication mechanisms:
 CA Identity Governance Connector for CA Identity Manager
– Automatically synchronizes the privilege data between CA Identity Manager
and CA Identity Governance
– Import data from CA Identity Manager to CA Identity Governance
– Export data from CA Identity Governance to CA Identity Manager
 Continuous Update
– Changes made in CA Identity Manager updated immediately in CA Identity
Governance
 Continuous Export (Optional)
– Sends any changes made in CA Identity Governance to CA Identity Manager
immediately
The integration between CA Identity Manager and CA Identity Governance uses the
following communication mechanisms.
The CA Identity Governance Connector for CA Identity Manager is a special type of
connector that automatically synchronizes the privilege data between CA Identity
Manager and CA Identity Governance. By using this connector, you can import data from
CA Identity Manager to CA Identity Governance or export data from CA Identity
Governance to CA Identity Manager.
The Continuous Update feature allows you to leverage CA Identity Governance
capabilities to support day‐to‐day identity management operations. Any changes made in
CA Identity Manager are updated immediately in CA Identity Governance. This feature
allows CA Identity Governance to make provisioning role suggestions and validate
changes against compliance policies, based on current CA Identity Manager information,
instead of waiting for another import from CA Identity Manager to update the CA Identity
Governance data.
Continuous Export is an optional feature that allows you to send any changes made in CA
Identity Governance to CA Identity Manager immediately, instead of doing a full export
operation after numerous changes are made to a role model.
All of these communication mechanisms update the CA Identity Governance master
configuration.
Sample Integration Use Cases
Certifying CA Identity Manager Provisioning Role Assignments
As an administrator, you want to allow managers to review and certify the
provisioning roles of CA Identity Manager users they manage.
1. Configure the integration between CA Identity Governance and CA
Identity Manager.
2. Import data from CA Identity Manager to CA Identity Governance.
– Updates the master and the model configuration in CA Identity Governance
3. Kick off a user certification to review and approve user provisioning role
assignments (and direct permissions).
– Updates the model configuration in CA Identity Governance
4. Export the differences generated by the certification.
– Changes applied directly in CA Identity Manager
One of the common use cases for the integration is certifying CA Identity Manager
provisioning role assignments.
As an administrator, you want to allow managers to review and certify the provisioning
roles of the CA Identity Manager users they manage.
Perform the following process to allow managers to perform user certifications.
First, configure the integration between CA Identity Governance and CA Identity
Manager.
Next, import data from CA Identity Manager to CA Identity Governance. This procedure
updates the Master and the Model configuration in CA Identity Governance.
Then, kick off a user certification to review and approve user provisioning role
assignments (and direct permissions). This certification updates the CA Identity
Governance Model configuration.
Once the certification is completed, export the differences generated by the certification.
The changes are applied to CA Identity Manager directly. CA Identity Manager records
these changes in the task persistence database, where they can be viewed in the View
Submitted Tasks task.
After completing this process, role assignment data between CA Identity Governance and
CA Identity Manager is synchronized and approved by CA Identity Manager user
managers.
Sample Integration Use Cases
Maintaining Compliant CA Identity Manager Roles
You want to be sure that when a new employee is added to CA Identity Manager, they
automatically get privileges that are appropriate to their function and are compliant.
1. Configure the integration between CA Identity Manager and CA Identity Governance.
2. Import CA Identity Manager user, role, and account data to CA Identity Governance.
– Creates the Master and the Model configuration in CA Identity Governance
3. Clean up the imported data in CA Identity Governance.
– Removes suspect entities and relationships, updates the model configuration
4. Create Business Policy Rules (BPRs) in CA Identity Governance.
5. Run the BPRs against the Model configuration.
6. Export changes made to the Model configuration back to CA Identity Manager.
Review Question
Which communication mechanism allows CA Identity Governance to make provisioning role
suggestions and validate changes against compliance policies, based on current CA Identity
Manager information?
A Continuous Export
B Continuous Import
C Continuous Update
D Continuous Connection
Configuring the Integration
Follow these steps to configure the integration:
1. Verify both systems meet the prerequisites.
2. In CA Identity Manager:
– import Smart Provisioning role and task definitions.
3. In CA Identity Governance:
– Create a universe.
– Configure an import connector to CA Identity Manager.
– Import data from CA Identity Manager to CA Identity Governance
4. Verify the CA Identity Governance connection object was created in CA
Identity Manager.
Follow these steps to configure the integration between CA Identity Manager and CA
Identity Governance:
First, you need to verify the systems that host CA Identity Governance and CA Identity
Manager meet the prerequisites.
Next, in CA Identity Manager, you add integration support to your environment by
importing the Smart Provisioning role and task definitions. The Smart Provisioning role
definitions include the tasks that you use to configure the connection to CA Identity
Governance in the User Console.
Then, in CA Identity Governance, you need to create a universe, configure an import
connector to CA Identity Manager, and import data from CA Identity Manager to CA
Identity Governance. This import creates a CA Identity Governance role model.
The final step is verify that the CA Identity Governance connection object was created in
CA Identity Manager.
Lets take a close look at each step next.
Integration Prerequisites
To integrate CA Identity Manager and CA Identity Governance, verify that the
following prerequisites are met:
 CA Identity Governance and CA Identity Manager must be installed on
systems that can communicate with each other.
 If you want to secure the connection between CA Identity Manager and
CA Identity Governance, configure both systems to support SSL.
 Be sure that you have imported all role definitions files for every endpoint
type you have in CA Identity Manager.
 Be sure that all provisioning roles are managed by CA Identity Manager
(and not the Provisioning Manager).
To integrate CA Identity Manager and CA Identity Governance, verify that the following
prerequisites are met:
CA Identity Governance and CA Identity Manager must be installed on systems that can
communicate with each other.
If you want to secure the connection between CA Identity Manager and CA Identity
Governance, configure both systems to support SSL.
Be sure that you have imported all role definitions files for every endpoint type you have
in CA Identity Manager.
Be sure that all provisioning roles are managed by CA Identity Manager (and not the
Provisioning Manager).
Integration Prerequisites Continued
If you are using Microsoft SQL or Oracle as the CA Identity Manager user store,
do the following:
 (JBoss only) In CA Identity Governance, download the sqljdbc.jar file from
the Microsoft Download Center and put it in the following location:
RCM_Server_home\eurekify‐jboss\standalone\deployments\eurekify.war\WEB‐INF\lib
 In CA Identity Manager
Management Console,
add a password attribute
in the Advanced Settings
for the CA Identity
Manager environment.
If you are using Microsoft SQL or Oracle as the CA Identity Manager user store, do the
following:
(JBoss only) In CA Identity Governance, download the sqljdbc.jar from the Microsoft
Download Center and put it in the following location.
In the CA Identity Manager Management Console, add a password attribute in the
Advanced Settings for the CA Identity Manager environment.
It’s a good idea to restart the application server after setting user‐defined properties such
as this.
Import Smart Provisioning Role and Task Definitions
Use the Management Console to import the Smart Provisioning role and task
definitions into a CA Identity Manager environment.
Use the Management Console to import the Smart Provisioning role and task definitions
into a CA Identity Manager environment.
If the environment was created in a previous release of CA Identity Manager, be sure that
you updated the role definitions after the upgrade but before importing them.
The Smart Provisioning role definition file includes tasks that you use to configure the
connection to CA Identity Governance in the User Console. Import this file even if you do
not plan to use the Smart Provisioning functionality.
You should restart the environment after importing the roles and task definitions.
Create a Universe in CA Identity Governance
Master‐Model configurations
enable tracking of differences
between the real‐world
configuration imported from the
system (Master) and the desired
configuration generated (Model).
To import data from CA Identity Manager, you need a universe in CA Identity Governance
to store the data.
Similar to an CA Identity Manager environment, a universe is a view into a management
workspace that lets CA Identity Governance administrators manage entities such as
users, roles, and resources collected from CA Identity Manager. Entity data is stored in
the CA Identity Governance database.
A universe consists of a specific pair of Master‐Model configurations, enabling tracking of
differences between the real‐world configuration imported from the system (Master) and
the desired configuration generated (Model).
Configure an Import Connector to CA Identity Manager
In the CA Identity Governance universe, define the import connector.
Define the connection
parameters to access CA
Identity Manager.
Define the data
mappings.
In the CA Identity Governance universe, define the import connector to CA Identity
Manager.
To define the import connector, you need to define the connection parameters to access
CA Identity Manager and define the data mappings to define how the connector maps CA
Identity Manager objects to CA Identity Governance objects.
Verify the Connection Object in CA Identity Manager
If a connection to CA Identity Governance was not automatically created
within CA Identity Manager, configure a connection manually.
Smart Provisioning and
Continuous Update are
enabled by default.
Specify the Enter the connection
universe. parameters to access CA
Identity Governance.
If a connection to CA Identity Governance was not automatically created within CA
Identity Manager, configure a connection manually to CA Identity Governance using the
Define Configuration task under CA RCM Configuration. This allows you to see Smart
Provisioning functionality and configuration options in the User Console.
In the Define Configuration task, enter the connection parameters to access CA Identity
Governance and specify the name of the universe in CA Identity Governance that CA
Identity Manager communicates with. Then test the connection to verify that CA Identity
Manager can connect to CA Identity Governance. CA Identity Manager displays the
connection status at the top of the screen. Notice the Smart Provisioning and Continuous
Update tabs; the functionality here is enabled by default but you can tailor the settings
to suit your specific needs.
Lab Exercise
 Goal: Integrate CA Identity Governance with CA Identity Manager.
 See Lab 1‐1 Integrate CA Identity Governance with CA Identity Manager.
Module Summary
Now that you have completed this module, you should be able to:
 Identify the integration concepts and use cases
 Configure the integration with CA Identity Manager
In the next module, you will:
 Integrate CA Identity Portal with CA Identity Manager and CA Identity
Governance
Integrate CA Identity Portal with CA
Identity Manager and CA Identity
Governance
Module Objectives
After completing this module, you will be
able to:
 Configure the CA Identity Manager
integration
 Configure the CA Identity Governance
integration
Why you need to know:
 By configuring these integrations, you
can expose the functionality from both
products in CA Identity Portal.
Voonair Airlines
Integrating CA Identity Portal with CA Identity Manager and CA
Identity Governance
You have successfully installed CA Identity Portal.
As the Systems Administrator at Voonair Airlines, your next assignment is to:
 Integrate CA Identity Portal with CA Identity Manager
 Integrate CA Identity Portal with CA Identity Governance
Configuring the CA Identity Manager Integration
1 Prepare CA Identity Manager for the Integration
2 Create the CA Identity Manager Connector
3 Set Up the GUI Configuration
4 Configure Attribute Mapping for Users and Groups
Perform the following steps to configure the CA Identity Manager integration with CA
Identity Portal.
Let’s take a closer look at each step.
Prepare CA Identity Manager for the Integration
Import CA Identity Portal Roles and Tasks
CA Identity Portal has predefined CA Identity Manager roles and tasks to
support the core portal features.
 Installed in the file system during the CA Identity Portal installation
 Import them into the CA Identity Manager environment
CA Identity Portal has predefined CA Identity Manager roles and tasks to support the core
portal features.
These roles and tasks were installed in the file system during the CA Identity Portal
installation.
You need to import them into the CA Identity Manager environment that you want to
integrate with the portal.
Prepare CA Identity Manager for the Integration
Enable Web Services Execution in the Environment
CA Identity Portal communicates with Identity Management backend
platforms through connectors and the publicly exposed APIs of those backend
systems.
 Task Execution Web Service (TEWS)
in CA Identity Manager
 Enabled at the task level in the
environment
 Enabled at the server level in the
Management Console
CA Identity Portal communicates with Identity Management backend platforms through
connectors and the publicly exposed APIs of those backend systems.
In CA Identity Manager, Task Execution Web Service (TEWS) is a web service interface
that allows client applications (such as CA Identity Portal) to submit tasks to CA Identity
Manager for execution.
In CA Identity Manager, TEWS can be enabled at the task level in the environment.
And it can be enabled at the server level in the Management Console.
Connectors Overview
CA Identity Portal interfaces with your organization's existing Identity
Management platforms (such as CA Identity Manager) through CA Identity
Portal backend connectors.
Connectors enable CA Identity Portal to perform the following tasks:
 Authenticate and authorize users to CA Identity Portal's interface.
 Fetch exiting entitlements and expose them to end users.
 Request entitlements.
 Update statuses for ongoing activities.
CA Identity Portal interfaces with the organization's existing IDM platforms (such as CA
Identity Manager) through CA Identity Portal backend connectors.
Connectors enable CA Identity Portal to authenticate and authorize users; fetch, expose,
and request entitlements; and update statuses for ongoing activities.
Configure the CA Identity Manager Connector
To configure the CA Identity Manager connector:
1. Make sure the CA Identity Manager Server is running.
2. Collect basic connectivity information from the CA Identity Manager
environment that you want to connect to.
3. Create and configure the connector in the CA Identity Portal Admin UI,
designating the connector as the Main Connector.
4. Start the connector manually.
To configure the CA Identity Manager connector, do the following:
First, you need to make sure the CA Identity Manager Server is running.
Next, in the Management Console of CA Identity Manager, you need to collect some
basic connectivity information from the CA Identity Manager environment that you want
to connect to. Remember that CA Identity Manager connectors are defined per
environment.
Then you can go ahead and create and configure the connector in the CA Identity Portal
Admin UI, designating the connector as the Main Connector. The Main Connector
identifies a connector as the authoritative source that will be used by CA Identity Suite
for user authentication. It is recommended that the Main Connector be connected to the
identity management system that contains the most extensive information of users in the
organization.
When you save the connector for the first time, the connector will not attempt to load
automatically. You must start the connector manually. If an error occurs, you will receive
an error message in the log and the connector status will be displayed as Down. If the
connector is created successfully the connector status will be displayed as Up and no
error message is displayed in the log.
Set Up the GUI Configuration
Define how information is displayed in CA Identity Portal.
 The presentation of user information
 Implementation specific information:
– System unique identifiers
– Predefined search
 Defaults available
By setting up the GUI Configuration, you can define how information is displayed in CA
Identity Portal.
You can control the presentation of user information in various places in the application.
For example, display the "First Name" and "Last Name" in the search results of the Access
Rights search.
You can also configure implementation specific information, such as system unique
identifiers that instruct users to search bulk files.
Or predefined searches to search for the user's organizational subordinates.
Defaults are available for GUI configurations.
The attributes used in the GUI Configuration are configured in User and Group Info in the
next step.
Configure Attribute Mapping for Users and Groups
 CA Identity Portal does not save organizational users and groups'
information.
 Instead, it fetches the information from the connected systems on
demand.
 The representation of the CA Identity Portal user and group is defined by
the mapping of attributes in CA Identity Portal to attributes in CA Identity
Manager.
 To configure that mapping, use the Managed Object Attributes section in
the admin UI.
 You need to map all the user and group attributes that you intend to use
in the CA Identity Portal GUI configuration and in CA Identity Portal's
business logic.
CA Identity Portal does not save organizational users and groups' information.
Instead, it fetches the information from the connected systems on demand.
The representation of the CA Identity Portal user and group is defined by the mapping of
attributes in CA Identity Portal to attributes in CA Identity Manager.
To configure that mapping, use the Managed Object Attributes section in the admin UI.
You need to map all the user and group attributes that you intend to use in the CA
Identity Portal GUI configuration and in CA Identity Portal's business logic.
Configure Attribute Mapping for Users and Groups
User Attributes and Group Attributes
Specify a name,
connector, and
an attribute to
map to.
Make the attribute
"Searchable".
Create a new
attribute.
To create a new attribute, click Add User Attribute.
For each attribute you'll need to supply a name for that attribute (the CA Identity Suite
attribute name), select the connector (from the list of system defined connectors) from
which to fetch the information, and select the attribute in the connector to map the
attribute to.
If the attribute is configured as searchable in CA Identity Manager, then CA Identity Suite
will allow you to check the Searchable box and make the attribute "Searchable" in CA
Identity Suite as well.
You need to do the same for any group attributes.
Lab Exercise
 Goal: Configure the CA Identity Manager integration.
 See Lab 2‐1 Configure the CA Identity Manager Integration.
Configuring the CA Identity Governance Integration
1 Configure the CA Identity Governance Connector
2 Start the CA Identity Governance Connector
4 Verify the Integration
Perform the following steps to configure the CA Identity Governance integration with CA
Identity Portal.
Let’s take a closer look at each step.
Configure the CA Identity Governance Connector
In the CA Identity Portal Admin UI, you need to configure the CA Identity Governance
Connector to establish communication to the CA Identity Governance system.
You will need to collect basic connectivity information on the CA Identity Governance
endpoint to which you would like to connect before creating the connector.
Start the CA Identity Governance Connector
After you configure the connector, you need to start it manually.
After you configure the connector, you need to start it manually.
If an error occurs during start up, the connector status will be displayed as Down. If the
connector starts successfully, the connector status will be displayed as Up.
Verify the Integration
Log in to CA Identity Portal to view the certifications functionality.
To verify the integration with CA Identity Governance, log in to CA Identity Portal to view
the certifications functionality.
You can access certifications through the Campaigns link that appears in the banner at
the top of the CA Identity Portal interface.
To view campaigns in the portal, you need to create them in CA Identity Governance first.
Lab Exercise
 Goal: Configure the CA Identity Governance integration.
 See Lab 2‐2 Configure the CA Identity Governance Integration.
Module Summary
Now that you have completed this module, you should be able to:
 Configure the CA Identity Manager integration
 Configure the CA Identity Governance integration
Course Summary
This course showed you how to:
 Integrate CA Identity Governance with CA Identity Manager
 Integrate CA Identity Portal with CA Identity Manager and CA Identity
Governance
Product Links
Learning Path
Go to: http://www.ca.com/us/education‐training/learning‐paths.html
Product Documentation
Go to: http://docops.ca.com
Certification Exam
Go to: http://www.ca.com/certifications
– You can select a product or solution where you will find the study guide, which provides the
learning path for exam prep, and registration link.
Competency or Accreditation Exam
Go to: http://education.ca.com
Join MyCA and Take Advantage of CA Communities
Share ideas, tips, information, and insights with business peers and experts.
Join Today!
Go to: https://communities.ca.com
To learn more about this product, connect with other users, and share your own
expertise, visit the URLs shown on the slide.
Thank You
Congratulations, you have completed this course.
You will receive an email with a link to a survey
requesting your feedback on this learning
experience. Please take a few moments to
complete the survey.
To leave the course, click Exit at the top of the
screen, or close the browser window.

CA Identity Suite 14.x: Implementation - Integrate The Components 200

Uploaded by

Copyright:

Available Formats

CA Identity Suite 14.x: Implementation - Integrate The Components 200

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CA Identity Suite 14.x: Implementation - Integrate The Components 200

Uploaded by

Copyright:

Available Formats

CA

04IMG20429‐ 04IMG20429‐ 04IMG20429‐

 CA Identity  CA Identity  CABI JasperReports

You might also like