0% found this document useful (0 votes)

94 views54 pages

CA Identity Suite 14.x: CA Identity Manager - Implement Provisioning 200

Uploaded by

Steven Avila

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

94 views54 pages

CA Identity Suite 14.x: CA Identity Manager - Implement Provisioning 200

Uploaded by

Steven Avila

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 54

CA

Identity Suite 14.x: CA Identity
Manager – Implement Provisioning 200

Student Guide

04IMG20459

04IMG20459SG1 © 2017 CA. ALL RIGHTS RESERVED.
‐ PROPRIETARY AND CONFIDENTIAL INFORMATION ‐

© 2017 CA. All rights reserved. CA confidential & proprietary information. For CA, CA Partner
and CA Customer use only. No unauthorized use, copying or distribution. All names of
individuals or of companies referenced herein are fictitious names used for instructional
purposes only. Any similarity to any real persons or businesses is purely coincidental. All
trademarks, trade names, service marks and logos referenced herein belong to their
respective companies. These Materials are for your informational purposes only, and do not
form any type of warranty. The use of any software or product referenced in the Materials is
governed by the end user’s applicable license agreement. CA is the manufacturer of these
Materials. Provided with “Restricted Rights.”
CA Identity Suite 14.x: CA Identity Manager ‐ Implement Provisioning 200 1

CA Identity Suite 14.x: CA Identity Manager –
Implement Provisioning 200

Welcome to the CA Identity Suite 14.x: CA Identity Manager – Implement Provisioning
200 course.

CA Identity Suite 14.x: CA Identity Manager ‐ Implement Provisioning 200
CA CONFIDENTIAL AND PROPRIETARY INFORMATION. UNAUTHORIZED COPYING OR DISTRIBUTION PROHIBITED.
CA Identity Suite 14.x: CA Identity Manager ‐ Implement Provisioning 200 2

For Learn More Edition Subscribers:

Please note the following learning components complement one another:

 Web‐based training
– Conceptual content with recorded demonstrations that map to the lab activities in
the Dynamic Lab
– Although not required, we recommend you review the WBT component first, as it
describes various use cases for the features and context for the lab activities

 Dynamic Lab Environment
– A fully functional training platform, with a Student Guide and Lab Guide
 Your Student Guide contains pages that indicate when each lab can be performed
 Your Lab Guide provides step‐by‐step instructions for each lab
– You can perform these labs as you progress through the WBT, or choose to perform
the labs all at once

* Some topics may not have a corresponding lab

Course Objectives

After this course, you will be able to:
 Use the provisioning capabilities of CA Identity
Manager by working with provisioning roles and
account templates.

Hands‐on Learning as a Voonair Airlines Employee

We will follow a fictitious company that is called Voonair Airlines as they:

 Discover a business need for the CA Identity Suite

 Deploy a full CA Identity Suite implementation

You will act as the IT Systems Administrator in Voonair Airlines to:

 Configure and administer the solution using hands‐on‐labs in a virtual lab
environment

To provide a scenario supporting your learning experience, you will follow a fictitious
company, Voonair Airlines, through their purchase and implementation of the CA Identity
Suite product. This course guides you through Voonair Airlines’ journey from recognizing
a business need to implementing the CA Identity Suite solution. You will assume the role
of an IT Systems Administrator in Voonair Airlines and complete hands‐on labs that
configure and implement the product functionality for Voonair Airlines.

Voonair Airlines Case Study
SCENARIO Voonair Airlines is a fictitious large national airline that services
over 10 million customers annually. The growth of Voonair is due
to a recent merger with a similarly sized national carrier and
various acquisitions of smaller regional airlines to increase its
market share.

A lot of the restructuring and staff reorganization that ensued has
left users in transition without access to the resources they need.
The large scale personnel changes that accompanied the
PROBLEM

reorganization has left Voonair scrambling to understand who has
access to what and, as importantly, reconciling this with who
should have access to what. To make matters worse, their current
processes for managing user identities and governing access are
driven on a manual or ad hoc basis, which is inefficient, costly to
administer, and poses serious security risks.

After careful consideration, Voonair has purchased CA Identity
SOLUTION

Suite to help them automate and streamline their identity
processes and controls. As the IT Systems Administrator in Voonair,
you are responsible for the successful rollout of the product
functionality across the organization.

Your Dynamic Lab Environment

Your dynamic lab environment for this course consists of one virtual Windows
2012 Server machine and one virtual Linux machine.

04IMG20459‐directoryserver 04IMG20459‐vApp1

 Active Directory  Virtual Appliance deployment
of CA Identity Suite
 MS SQL Server 2008
– Linux
– Wildfly
– Oracle

Your dynamic lab environment for this course consists of one virtual Windows 2012
server machine and one virtual Linux machine.
The DirectoryServer VM includes Active Directory populated with Voonair Airlines
employee data. It also hosts Microsoft SQL Server. Note that in production environments,
the database server would be supported by its own machine.
The vApp1 VM is a virtual appliance deployment of all CA Identity Suite components
running on a Linux operating system with Wildfly as the application server and Oracle
Express Edition as an embedded database.

Deploy Provisioning

CA Identity Suite 14.x: CA Identity Manager – Implement Provisioning 200

In CA Identity Manager, you provide additional accounts to users by using provisioning
roles. Provisioning roles contain account templates, which define accounts that exist in
managed endpoints, such as an email server. Once you have users in CA Identity
Manager, you can assign provisioning roles to some of those users. The user receives the
accounts defined by the templates in the role.

Module Objectives

After completing this module, you will be able to:
 Describe roles
 Create provisioning roles

Why you need to know:
 You can grant privileges to users by assigning
them roles.
 By creating provisioning roles, you can give users
access to business applications that run on
managed endpoints.

Module Objectives Continued

After completing this module, you will also be able to:
 Create account templates
 Synchronize CA Identity Manager and
provisioned users

Why you need to know:
 To simplify account management, you create and
maintain accounts using account templates, which
are used in provisioning roles.
 Through user and account synchronization tasks,
you can manage accounts so they comply with the
provisioning role assigned to a user and ensure an
account has the same capabilities specified by its
account template.

CA Identity Manager Role Types

Instead of associating a user with each required task or account, you can
assign a role to the user.
Three main types of roles in CA Identity Manager:
 Provisioning roles
 Admin roles
 Access roles

Instead of associating a user with each required task or account, you can assign a role to
the user.
There are three main types of roles used in CA Identity Manager. These are provisioning
roles, admin roles, and access roles.
Let’s take a closer look at each type next.

Provisioning Roles

Provisioning roles contain account templates to define
accounts that exist in managed endpoints.

 Created in the provisioning function of CA Identity Manager

 Created from the Provisioning Manager or the user console

 Required to have a role owner assigned before they can be used by CA
Identity Manager

Provisioning roles contain account templates to define accounts that exist in managed
endpoints.
They are created in the provisioning function of CA Identity Manager.
Although you manage provisioning roles in the CA Identity Manager user console, some
provisioning roles might have been created in the Provisioning Manager or an external
application.
For any provisioning role created, you must set the role owner to be a CA Identity
Manager administrator to enable you to manage it using CA Identity Manager.

Admin Roles

Admin roles contain one or more tasks that you can
perform in the CA Identity Manager User Console.

Admin roles enable CA Identity Manager administrators to manage:

 User store objects such as users,
groups, and organizations
 Roles and tasks through which
you manage user store objects

Categories and tasks
determined by the
admin role(s) you have.

Admin roles contain the tasks you perform in the CA Identity Manager User Console.
Admin roles enable CA Identity Manager administrators to manage user store objects
such as users, groups, and organizations. You also use admin roles to manage the roles
and tasks through which you manage user store objects.
Whatever admin roles you have when you log in to CA Identity Manager, a series of tabs,
called categories, appear based on the admin role assigned to your CA Identity Manager
account. You click a tab to see the tasks that you can perform in that category. The
categories and the tasks in those categories that a user sees are determined by the user's
admin roles.

Access Roles

Access roles provide an additional way to provide
entitlements in CA Identity Manager or another application.

For example, you can use access roles to accomplish the following:

 Provide indirect access to a user attribute

 Create complex expressions

 Set an attribute in a user profile that another application can use to
determine entitlements

Access roles provide an additional way to provide entitlements in CA Identity Manager or
another application.
For example, you can use access roles to accomplish the following:
Provide indirect access to a user attribute, create complex expressions, or set an
attribute in a user profile that another application can use to determine entitlements.
Access roles are similar to identity policies in that they apply a set of business changes to
a user or group of users. However, when you use an access role to apply business
changes, you can see which users the changes apply to by viewing the members of the
access role.
In most cases, access roles are not associated with tasks.

Default Admin Roles

Default admin roles created during the installation of CA Identity Manager:

 System Manager  Self Manager
 User Manager  Self Delegator
 Group Manager  Delegation Manager
 Organization Manager  Provisioning Role Manager
 Admin Role Manager  Provisioning Synchronization
 Access Role Manager Manager

 Security Manager  Report Snapshot Manager

 Password Manager

Some of the default admin roles created during the installation of CA Identity Manager
are listed here.
These default admin roles already have a set of tasks assigned to them.
In the user console, you can use the View Admin Role task to see the tasks in these roles.
In addition to the default admin roles, you can create custom admin roles and assign
arbitrary sets of tasks to them.

Member, Admin, and Owner Rules

Each role includes rules about who can be a member, administrator, or owner
of that role.

 Member rules define the requirements for a user to be a role member.
– Uses the role to perform admin or access tasks or use an endpoint account

 Admin rules define the requirements for a user to be a role administrator.
– Assigns the role to users and other role administrators

 Owner rules define the requirements for a user to be a role owner.
– Modifies the role

Each role includes rules about who can be a member, administrator, or owner of that
role.
Member rules define the requirements for a user to be a role member. A role member
uses the role to perform admin or access tasks or use an endpoint account.
Admin rules define the requirements for a user to be a role administrator. A role
administrator assigns the role to users and other role administrators.
Owner rules define the requirements for a user to be a role owner. A role owner modifies
the role.
The system automatically creates role members, administrators, and owners when users
meet the criteria specified in the rules.
Rules are defined within policies using conditions, which we will look at next.

Rule Conditions

Member, admin, and owner rules use conditions to define the requirements
for role membership, administration, and ownership:

Member, admin, and owner rules use conditions to define the requirements for role
membership, administration, and ownership. Some of these conditions are shown here.
See the CA Identity Manager wiki for more information.

Scope Rules

You combine member and admin rules with scope rules.

Scope rules limit objects on which the role can be used.

 For a role member, scope rules control which objects can be managed
with the role.

 For a role administrator, scope rules control which users can become role
members and administrators.

Scope applies to the primary object of the task.

You combine member and admin rules with scope rules.
Scope rules limit objects on which the role can be used.
For a role member, scope rules control which objects can be managed with the role.
For a role administrator, scope rules control which users can become role members and
administrators.
Scope applies to the primary object of the task. For example, user is the primary object
of the Create User task. However, scope does not apply to the groups for that user,
because group is a secondary object.

Member Policy

A member policy indicates that if a user meets the member rule, that user
has the scope defined in that policy.

A member policy indicates that if a user meets the member rule, that user has the scope
defined in that policy.
You can define several member policies for one role.
The following figure shows a role that has two member policies.
The first policy indicates that if a role member is in the city of Bend, that role member
can use the role on the users in the state of Oregon and manage them as members of the
groups that have the Group Admin of Smith .
The second policy indicates that if a role member has a manager named Jones, that
member can use the role on the users in the sales office and manage them as members
of the 401k group.

Admin Policy

An admin policy indicates that if a user meets the admin rule, that user has
the user scope and administrator privileges defined in that policy.

An admin policy indicates that if a user meets the admin rule, that user has the user
scope and administrator privileges defined in that policy.
The user scope defines where the role is used. The administrator privileges determine if
the role administrator can manage members or manage administrators of the role.
The example displayed here shows a role that has two admin policies.
For the first policy, an IT Administrator can add and remove role members from the users
in the city of Boston.
For the second policy, an administrator in Sales can add and remove role members and
administrators from the users in the state of Ohio.

Effective Use of Roles

To use roles effectively, determine:

 Which departments and organizations require user management?

 Which accounts in managed endpoints users require?

 Which users will administer other users?

 Who will manage the administrators?

 Which administrative tasks are needed in each role?

 Who will create roles and tasks?

 How you can use roles to delegate work?

Based on your responses to these questions, you can decide the number and type of
roles you need.

Relationships Among Roles, Tasks and Events
Granular Operations
CA Identity Manager
Performs to
Accomplish a Task

Actions a User
Can Perform Event1

Role Granted
to a User by Task1 Event2
Membership

Role Task2 Event3

Task3 Event4

Event5

This diagram illustrates the relationships among roles, tasks and events.
A role is granted to a user if the user meets the requirements of the membership rules
laid down in the member policy for the role.
A role contains a collection of tasks that the user can perform in the role. A task is an
action that is applied to modify an object. In the User Console, each task has one or more
screens for searching, viewing, or modifying the object.
Executing a task can generate multiple events, which are the granular operations CA
Identity Manager performs to accomplish a task.

Events

 A CA Identity Manager task is made up of one or more events.

 When CA Identity Manager executes a task, it breaks down the task into
its component events.

 Each event represents a specific action to be performed during the
execution of the task.

 For example, a Create User task might consist of the following:
– A CreateUserEvent, to add the new user to an organization in the directory
– One or more AddToGroupEvent events, to add the new user to a group
– One or more AssignAccessRoleEvent events, to assign the new user to a role
– Other secondary events generated for a Create User task

Events Continued

 Each event has an event type.

 There is a finite set of events that come with CA Identity Manager.

 Workflow can be enabled for all events of a specified type.

 The Event Listener API can be configured to an event.

 Audit records record the events that have been executed.

Here are some additional points about events.

View Submitted Tasks

View Submitted Tasks enables you to see the details of tasks that have been
executed and all the events that have been created for the task.

These tasks are stored in the Task Persistence database.

Review Question

Which rules limit the objects on which a role can be used?

A Event rules

B Scope rules

C Admin rules

D Member rules

Provisioning Roles Overview

In CA Identity Manager, you provide additional accounts
to users by using provisioning roles.

 Provisioning roles contain account templates, which define the accounts
that exist in managed endpoints such as an email server.

 The account templates define the characteristics of the account.
– Example: Mailbox size for an Exchange account.

 When you assign a provisioning role, the user receives the accounts
defined by the account templates in the provisioning role.

In CA Identity Manager, you provide additional accounts to users by using provisioning
roles. Provisioning roles contain account templates, which define accounts that exist in
managed endpoints, such as an email server. The account templates define the
characteristics of the account. For example, an account template for an Exchange
account might define the size of the mailbox. The account templates also define how
user attributes are mapped to accounts.
Once you have users in CA Identity Manager, you can assign provisioning roles to some of
those users. The user receives the accounts defined by the account templates in the
provisioning role.

Provisioning Role Creation

You create a provisioning role after you decide about the following role
requirements:

 Which CA Identity Manager environment has users who need other
accounts?

 Which account templates will be associated with the role?

 Who will be the administrators and owners of the role?

You create a provisioning role after you decide about the following role requirements:
Which CA Identity Manager environment has users who need other accounts?
Which account templates will be associated with the role?
Who will be the administrators and owners of the role?

Provisioning Role Engineering

When engineering roles, you need to spend time analyzing provisioning scenarios.

Make sure you:

 Analyze security administration from a high level

 Analyze groups from an endpoint level

 Ask what happens to the role design if the company reorganizes or expands by
acquisition

Well‐designed roles:

 Result in manageable and flexible user provisioning

 Are unaffected by organizational changes

When engineering roles, you need to spend time analyzing provisioning scenarios.
Make sure you analyze security administration from a high level, groups from an
endpoint level, and ask what happens to the role design if the company reorganizes or
expands by acquisition.
Remember, well‐designed roles result in manageable and flexible user provisioning and
are unaffected by organizational changes.

Provisioning Role Naming

Devise a naming scheme with embedded characteristics, which can contain:

 Owner designation

 Business unit designation

 Approval level

 Sensitivity level

 Job function

 Application

Provisioning Role Granularity

When defining roles, keep in mind the following points:

 Depending on the size of the organization, a role must have
between 5 and 20 users.

 Assign every account template to at least one role.

 Assign every role to at least one user.

 For most organizations, 80 percent of user access is from permanent
roles and 20 percent is from temporary roles.

These recommendations are intended to be used as a starting point rather than as a rigid
guideline.

Demonstration

In this demonstration, you’ll see how to:

 Create a provisioning role for the Flight Operations
department at Voonair.

VIEW DEMONSTRATION

Lab Exercise

 Goal: Create a provisioning role for the Flight Operations department at
Voonair.
 See Lab 1‐1 Create a Provisioning Role.

Account Templates Overview

To simplify account management, you create and maintain accounts using
account templates, which are used in provisioning roles.

Account templates:

 Are a model of what an account must look like for a given job function on
a given managed endpoint

 Consist of attributes, which are used to create accounts and provide an
additional layer of consistency
– Initial attributes
– Capability attributes

Account templates include two types of attributes: initial attributes and capability
attributes. Attributes are defined with rule strings or values, you’ll examine this later.

Account Template Functions

Account templates enable you to:
 Control global user account attributes on an endpoint when those
accounts are created
 Combine account attributes from different roles so that global users have
only one account, on a specific endpoint, with all the necessary account
attributes
 Create or update account attributes as global users change roles
 Synchronize account attributes so that global users have only the
attributes they need
 Determine which accounts must be created, updated, or deleted during a
synchronization operation

Attributes in Account Templates
Initial Attributes
 Initial attributes represent all information that is initially set for an account:
– Account name
– Password
– Account status
– Personal information

 CA Identity Manager enables you to make changes to account templates at
any time.

 Certain account attributes are designated by the connector as not being
updated on account template changes:
– Attributes set at account creation
– Password attribute

Certain attributes (template‐only attributes) are designated by the connector as not
being updated on account template changes. Examples are certain attributes that the
endpoint type only permits to be set during account creation, and the password
attribute, where you would not want to accidentally reset all user passwords.

Attributes in Account Templates
Capability Attributes
 Capability attributes represent account information such as:
– Storage size
– Quantity
– Frequency limits
– Group memberships

 Changing capability attributes from an account template lets you
propagate changes to all accounts associated with the account template.

 Provisioning Manager bolds the capability attributes on all account
template screens for easy identification.

 Accounts are considered synchronized with their account templates when
all the capability attributes are synchronized.

Capability attributes represent account information, such as storage size, quantity,
frequency limits or group memberships
Changing capability attributes from an account template lets you propagate changes to
all accounts associated with the account template. This includes evaluating any rule
variable in the account template attribute value and updating the account attribute if the
account attribute value does not match the result of that rule evaluation.
Provisioning Manager bolds the capability attributes on all account template screens for
easy identification.
Accounts are considered synchronized with their account templates when all the
capability attributes are synchronized. These are attributes that differ from endpoint type
to endpoint type such as group memberships, privileges, quotas, login‐restrictions; they
control what the user can do when logging into the account.

Rule Strings

Account attributes can be generated using rule strings, which are variables
that are substituted with the actual value for the specific account.

 %AC% ‐ account name

 %UD% ‐ Description

 %UN% ‐ Full name

 %UMI% ‐ Middle initial

Account attributes can be generated using rule strings, which are variables that are
substituted with the actual value for the specific account.
Some examples are listed here.
Rule strings are useful when you want to generate attributes that may change from one
account to another. When rules are evaluated, CA Identity Manager replaces the rule
strings entered in the account templates with data specified in the global user object.
Rule evaluation is not performed on accounts created during an exploration or on
accounts created without provisioning roles.
For more information about rule strings for attributes, see the CA Identity Manager wiki.

Advanced Rule Expressions

To provide greater flexibility than simple global user attribute substitution,
you can enter advanced rule expressions, including:

 Substrings of rule expressions using Offset and Length

 Combinations of rule strings and values

 Rule expressions to set multiple values for multivalued account attributes

 Rule variables for other global user attributes

 Invocation of Built‐in functions

 Invocation of customer‐written Program Exit functions

Demonstration

In this demonstration, you’ll see how to:

 Create account templates and assign them to
provisioning roles.

VIEW DEMONSTRATION

Lab Exercises

 Goal: Create account templates and assign them to provisioning roles.
 See the following labs:
 Lab 1‐2 Create an Active Directory Account Template
 Lab 1‐3 Build Account Templates
 Lab 1‐4 Assign Account Templates to Provisioning Roles

Why Users Become Out of Sync

Users become out of sync with their provisioning roles or account templates for
various reasons:
 Earlier attempts to create the necessary accounts failed.
 Provisioning roles and account templates may have changed.
 Accounts were assigned to account templates after they were created.
 The creation of a new account is delayed because the account was specified to
be created later.
 A new endpoint was acquired.
 An existing account was assigned to a user by copying the account to the user.
 An account was created for a user other than by assigning the user to a role.

Synchronization Types

You can perform two types of synchronization:

 User synchronization
– Ensures that each user has the necessary accounts on the appropriate
managed endpoints, and that each account is assigned to the appropriate
account templates as called out by the user's provisioning roles

 Account synchronization
– Ensures that the capability attribute values on accounts are the appropriate
values as indicated by the account's assigned account templates

User synchronization and account synchronization are separate tasks that you
must perform individually.

User synchronization and account synchronization are separate tasks that you must
perform individually. Typically, you perform user synchronization first to help ensure that
all necessary accounts are created and then perform account synchronization later so the
provisioning server assigns or changes the values of the account attributes.

User Synchronization

User synchronization creates, updates, or deletes accounts
so they comply with the provisioning role assigned to a user.

In the User Console, the user synchronization task is called Check Role
Synchronization.
 The check returns a list of expected accounts, extra accounts, and missing
accounts for the user.
 Then, you synchronize to make the accounts match the template for the
provisioning role.
– Add missing accounts and account template assignments.
– Delete extra accounts and account template assignments.

 Adding only is considered "weak" user synchronization.
 Adding and deleting is considered "strong" user synchronization.

Selecting to add accounts only is considered weak user synchronization, where global
users will have at a minimum all accounts required by their assigned provisioning roles,
but you allow users to have additional accounts not prescribed by current provisioning
roles.
Selecting both the Add and Delete options is considered strong user synchronization; any
additional accounts are deleted and the provisioning roles define exactly which accounts
the user should have.
When you request to synchronize user with roles, the Provisioning Server ensures that
the user has all the accounts required by the person's provisioning roles and ensures
each account belongs to the correct account templates.
User synchronization does not perform account synchronization unless there are
problems reported by the Check Role Synchronization task.
After a successful user synchronization, you may need to run account synchronization to
help ensure your account attributes are in sync with the account templates for the
account.

Account Synchronization

Account synchronization updates capability attributes
to help ensure that the account has the capabilities
specified by the account template.

You can check account synchronization for users and endpoints.

 Users:
– Use the Check Account Template Synchronization task.
– Synchronizes the account attributes for each of a user's accounts and ensures
they comply with associated account templates.

 Endpoints:
– Use the Check Endpoint Account Synchronization task.
– Synchronizes the attributes of an endpoint account after modification of an
associated account template.

Account synchronization can be strong or weak. Let’s look at this next.

Weak Account Synchronization

Weak account synchronization ensures that accounts capability attributes
have at least the minimum capability required by its account templates.

 Only adds capabilities to accounts

 Capabilities never removed or lowered

 Default in most endpoint types

Weak synchronization only adds capabilities to accounts, capabilities are never removed
or lowered with weak synchronization.
It is the default in most endpoint types.

Strong Account Synchronization

Strong account synchronization ensures that account capability attributes
have the exact capability required by its account templates.

 Account synchronization is strong if the account belongs to at least one
account template where Strong Synchronization is enabled.

 Some endpoint types set strong synchronization as the default.

Inbound and Outbound Synchronization

You configure synchronization in CA Identity Manager to make sure that the users for
the CA Identity Manager user store and provisioning directory have matching data.

 Inbound Synchronization:
– Keeps CA Identity Manager users up to date with changes that occur in the
provisioning directory
– Uses mappings defined on the Provisioning screen of the Management Console
– Must be configured and enabled on the provisioning server

 Outbound Synchronization:
– Occurs when user events are executed in CA Identity Manager
– Synchronizes information from the corporate directory for existing users in the
provisioning directory
– Creates new provisioned users in the provisioning directory where applicable
– Flags events in the provisioning server that originated from CA Identity Manager

Review Question

Which type of synchronization keeps CA Identity Manager users up to date
with changes that occur in the provisioning directory?

A User Synchronization

B Account Synchronization

C Inbound Synchronization

D Outbound Synchronization

Module Summary

Now that you have completed this module, you should be able to:

 Create provisioning roles

 Create account templates

 Synchronize CA Identity Manager and provisioned users

Course Summary

This course showed you how to:

 Use the provisioning capabilities of CA Identity Manager by working with
provisioning roles and account templates.

Thank You
Congratulations, you have completed this course.
You will receive an email with a link to a survey
requesting your feedback on this learning
experience. Please take a few moments to
complete the survey.

To leave the course, click Exit at the top of the
screen, or close the browser window.

CA Identity Suite 14.x: CA Identity Manager ‐ Implement Provisioning 200
CA CONFIDENTIAL AND PROPRIETARY INFORMATION. UNAUTHORIZED COPYING OR DISTRIBUTION PROHIBITED.

Spring Boot 3.0 Crash Course: Mastering Spring Boot, from Application Development to Advanced Security, Data Access, Integration and Deployment
From Everand
Spring Boot 3.0 Crash Course: Mastering Spring Boot, from Application Development to Advanced Security, Data Access, Integration and Deployment
Kit Harrington
5/5 (1)
IBM WebSphere Application Server Interview Questions You'll Most Likely Be Asked
From Everand
IBM WebSphere Application Server Interview Questions You'll Most Likely Be Asked
Vibrant Publishers
No ratings yet
Hoola The Next Generation E Learning Platform
No ratings yet
Hoola The Next Generation E Learning Platform
27 pages
Hands-on MuleSoft Anypoint Platform Volume 3: Implement various connectors including Database, File, SOAP, Email, VM, JMS, AMQP, Scripting, SFTP, LDAP, Java and ObjectStore
From Everand
Hands-on MuleSoft Anypoint Platform Volume 3: Implement various connectors including Database, File, SOAP, Email, VM, JMS, AMQP, Scripting, SFTP, LDAP, Java and ObjectStore
Nachimuthu Nanda
No ratings yet
Mastering Azure Kubernetes Service (AKS): Rapidly Build and Scale Your Containerized Applications with Microsoft Azure Kubernetes Service (English Edition)
From Everand
Mastering Azure Kubernetes Service (AKS): Rapidly Build and Scale Your Containerized Applications with Microsoft Azure Kubernetes Service (English Edition)
Abhishek Mishra
No ratings yet
Docker: A Quick-Start Beginner's Guide
From Everand
Docker: A Quick-Start Beginner's Guide
Andy Hayes
3.5/5 (2)
Hands-On Microservices with Kubernetes: Build, deploy, and manage scalable microservices on Kubernetes
From Everand
Hands-On Microservices with Kubernetes: Build, deploy, and manage scalable microservices on Kubernetes
Gigi Sayfan
5/5 (1)
Windows Defender ATP - Ransomware Response Playbook
No ratings yet
Windows Defender ATP - Ransomware Response Playbook
19 pages
CSA Sample Questions
75% (4)
CSA Sample Questions
12 pages
BW SystemEngineeringGuide
No ratings yet
BW SystemEngineeringGuide
95 pages
CA Identity Suite 14.x: Implementation - Integrate The Components 200
No ratings yet
CA Identity Suite 14.x: Implementation - Integrate The Components 200
52 pages
CA Identity Suite 14.x: Implementation - Install The Components 200
No ratings yet
CA Identity Suite 14.x: Implementation - Install The Components 200
170 pages
CA Identity Suite 14.x: CA Identity Portal - Create Analytics Collectors 200
No ratings yet
CA Identity Suite 14.x: CA Identity Portal - Create Analytics Collectors 200
22 pages
VMware Horizon View High Availability: Design, develop and deploy a highly available vSphere environment for VMware Horizon View
From Everand
VMware Horizon View High Availability: Design, develop and deploy a highly available vSphere environment for VMware Horizon View
Andrew Alloway
No ratings yet
Learning VMware vRealize Automation: Learn the fundamentals of vRealize Automation to accelerate the delivery of your IT services
From Everand
Learning VMware vRealize Automation: Learn the fundamentals of vRealize Automation to accelerate the delivery of your IT services
Sriram Rajendran
No ratings yet
VMware vSphere Troubleshooting
From Everand
VMware vSphere Troubleshooting
Munir Muhammad Zeeshan
No ratings yet
VMware vRealize Orchestrator Essentials: Get hands-on experience with vRealize Orchestrator and automate your VMware environment
From Everand
VMware vRealize Orchestrator Essentials: Get hands-on experience with vRealize Orchestrator and automate your VMware environment
Daniel Langenhan
No ratings yet
AWS Certified Solutions Architect – Professional Exam Guide (SAP-C02): Gain the practical skills, knowledge, and confidence to ace the AWS (SAP-C02) exam on your first attempt
From Everand
AWS Certified Solutions Architect – Professional Exam Guide (SAP-C02): Gain the practical skills, knowledge, and confidence to ace the AWS (SAP-C02) exam on your first attempt
Patrick Sard
No ratings yet
Google Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed Answers
From Everand
Google Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed Answers
vivian njoroge
No ratings yet
Hyper-V Network Virtualization Cookbook
From Everand
Hyper-V Network Virtualization Cookbook
Ryan Boud
No ratings yet
Application Layering with VMware App Volumes
From Everand
Application Layering with VMware App Volumes
Peter Von Oven
No ratings yet
Microsoft Azure Security Technologies Practice Tests AZ-500
From Everand
Microsoft Azure Security Technologies Practice Tests AZ-500
iCertify Training
No ratings yet
Microsoft Application Virtualization Advanced Guide
From Everand
Microsoft Application Virtualization Advanced Guide
Augusto Alvarez
No ratings yet
Study Guide Cisco AppDynamics Professional Implementer (500-430 CAPI)
From Everand
Study Guide Cisco AppDynamics Professional Implementer (500-430 CAPI)
Anand Vemula
No ratings yet
VMware Horizon View Essentials
From Everand
VMware Horizon View Essentials
Peter von Oven
No ratings yet
VMware View Security Essentials
From Everand
VMware View Security Essentials
Daniel Langenhan
No ratings yet
AWS Certified Developer Associate (DVA-C01) Practice Test
From Everand
AWS Certified Developer Associate (DVA-C01) Practice Test
iCertify Training
No ratings yet
Google Associate Cloud Engineer Exam Companion: Q&A with Explanations
From Everand
Google Associate Cloud Engineer Exam Companion: Q&A with Explanations
SUJAN
No ratings yet
Deploying Certificates Cisco Meeting Server: Design your certificates for CMS services and integrate with Cisco UCM Expressway and TMS
From Everand
Deploying Certificates Cisco Meeting Server: Design your certificates for CMS services and integrate with Cisco UCM Expressway and TMS
Redouane MEDDANE
No ratings yet
IBM WebSphere Application Server v7.0 Security
From Everand
IBM WebSphere Application Server v7.0 Security
Omar Siliceo
No ratings yet
AWS DevOps Engineer Professional Certification Guide: Hands-on guide to understand, analyze, and solve 150 scenario-based questions (English Edition)
From Everand
AWS DevOps Engineer Professional Certification Guide: Hands-on guide to understand, analyze, and solve 150 scenario-based questions (English Edition)
Sumit Kapoor
No ratings yet
VMware vRealize Operations Essentials: Harness the power of VMware vRealize Operations to efficiently manage your IT infrastructure
From Everand
VMware vRealize Operations Essentials: Harness the power of VMware vRealize Operations to efficiently manage your IT infrastructure
Matthew Steiner
No ratings yet
VMware vCloud Security
From Everand
VMware vCloud Security
Prasenjit Sarkar
No ratings yet
Developing Solutions for Microsoft Azure AZ-204 Exam Guide: A comprehensive guide to passing the AZ-204 exam
From Everand
Developing Solutions for Microsoft Azure AZ-204 Exam Guide: A comprehensive guide to passing the AZ-204 exam
Paul Ivey
No ratings yet
Azure Fundamentals Exam Insights
From Everand
Azure Fundamentals Exam Insights
Priyanka Banerjee
No ratings yet
AWS Certified Solutions Architect - Associate (SAA-C03) Exam Guide: Aligned with the latest AWS SAA-C03 exam objectives to help you pass the exam on your first attempt
From Everand
AWS Certified Solutions Architect - Associate (SAA-C03) Exam Guide: Aligned with the latest AWS SAA-C03 exam objectives to help you pass the exam on your first attempt
Michelle Chismon
No ratings yet
Google Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed Answers
From Everand
Google Cloud Professional Cloud Architect 100+ Practice Exam questions with Detailed Answers
vivian njoroge
No ratings yet
Professional Microsoft SQL Server 2008 Integration Services
From Everand
Professional Microsoft SQL Server 2008 Integration Services
Brian Knight
No ratings yet
AZ-900 Azure Fundamentals Practice Paper 2: AZ-900 Azure Fundamentals, #2
From Everand
AZ-900 Azure Fundamentals Practice Paper 2: AZ-900 Azure Fundamentals, #2
Tech Interviews
No ratings yet
50+ App Features with Python: Implement feature-focused, code-driven Python capabilities with UX at the core
From Everand
50+ App Features with Python: Implement feature-focused, code-driven Python capabilities with UX at the core
Ylena Zorak
No ratings yet
50+ App Features with Python
From Everand
50+ App Features with Python
Ylena Zorak
No ratings yet
vCenter Troubleshooting
From Everand
vCenter Troubleshooting
Chuck Mills
No ratings yet
Creating and Managing Virtual Machines and Networks Through Microsoft Azure Services for Remote Access Connection
From Everand
Creating and Managing Virtual Machines and Networks Through Microsoft Azure Services for Remote Access Connection
Dr. Hedaya Mahmood Alasooly
No ratings yet
Ultimate AWS CDK for Infrastructure Automation: Extract the Full Potential of AWS CDK for Seamless Infrastructure Automation of Your Cloud with Practical Examples, Best Practices, and Expert Tips (English Edition)
From Everand
Ultimate AWS CDK for Infrastructure Automation: Extract the Full Potential of AWS CDK for Seamless Infrastructure Automation of Your Cloud with Practical Examples, Best Practices, and Expert Tips (English Edition)
Anish Kumar
No ratings yet
VMware vSphere Design Essentials
From Everand
VMware vSphere Design Essentials
Puthiyavan Udayakumar
No ratings yet
Java EE 7 Application Developer 1Z0 900
From Everand
Java EE 7 Application Developer 1Z0 900
Manish Soni
No ratings yet
Java Web Development: Java Unleashed: Crafting Enterprise-Level Solutions
From Everand
Java Web Development: Java Unleashed: Crafting Enterprise-Level Solutions
Christopher Wright
No ratings yet
CompTIA Cloud+ Certification Guide (Exam CV0-003): Everything you need to know to pass the CompTIA Cloud+ CV0-003 exam (English Edition)
From Everand
CompTIA Cloud+ Certification Guide (Exam CV0-003): Everything you need to know to pass the CompTIA Cloud+ CV0-003 exam (English Edition)
Gopi Krishna Nuti
No ratings yet
Spring Boot 3.0 Crash Course
From Everand
Spring Boot 3.0 Crash Course
Kit Harrington
No ratings yet
Jakarta EE Application Development: Build enterprise applications with Jakarta CDI, RESTful web services, JSON Binding, persistence, and security
From Everand
Jakarta EE Application Development: Build enterprise applications with Jakarta CDI, RESTful web services, JSON Binding, persistence, and security
David R. Heffelfinger
No ratings yet
Mastering Shell for DevOps: Automate, streamline, and secure DevOps workflows with modern shell scripting
From Everand
Mastering Shell for DevOps: Automate, streamline, and secure DevOps workflows with modern shell scripting
Gilbert Stew
No ratings yet
Mastering Shell for DevOps
From Everand
Mastering Shell for DevOps
Gilbert Stew
No ratings yet
Study Guide: Cisco AppDynamics Professional Implementer
From Everand
Study Guide: Cisco AppDynamics Professional Implementer
Anand Vemula
No ratings yet
Microsoft Dynamics NAV Administration
From Everand
Microsoft Dynamics NAV Administration
Amit Sachdev
No ratings yet
SAP XI Exchange Infrastructure
From Everand
SAP XI Exchange Infrastructure
equitypress
1/5 (3)
Spring Security: Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures
From Everand
Spring Security: Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures
Badr Nasslahsen
No ratings yet
VMware Certified Professional 6 Exam Guide (Exam #2V0-642): Comprehensive guide right from basics to advanced VMware Network Virtualization concepts (English Edition)
From Everand
VMware Certified Professional 6 Exam Guide (Exam #2V0-642): Comprehensive guide right from basics to advanced VMware Network Virtualization concepts (English Edition)
Rakesh Kumar Verma
No ratings yet
Active Directory Administration Cookbook: Actionable, proven solutions to identity management and authentication on servers and in the cloud
From Everand
Active Directory Administration Cookbook: Actionable, proven solutions to identity management and authentication on servers and in the cloud
Sander Berkouwer
No ratings yet
Azure AI Engineer Associate AI 102
From Everand
Azure AI Engineer Associate AI 102
Manish Soni
No ratings yet
AWS Certified Cloud Practitioner Practice Tests
From Everand
AWS Certified Cloud Practitioner Practice Tests
iCertify Training
No ratings yet
VMware Cloud on AWS Blueprint: Design, automate, and migrate VMware workloads on AWS global infrastructure
From Everand
VMware Cloud on AWS Blueprint: Design, automate, and migrate VMware workloads on AWS global infrastructure
Oleg Ulyanov
No ratings yet
IBM WEBSPHERE Frequently Asked Questions
From Everand
IBM WEBSPHERE Frequently Asked Questions
equitypress
1/5 (1)
CAT-181 CA Service Desk Manager 14 X Proven Professional Study Guide v1
No ratings yet
CAT-181 CA Service Desk Manager 14 X Proven Professional Study Guide v1
18 pages
Lab Guide
No ratings yet
Lab Guide
92 pages
p2 File Formats
No ratings yet
p2 File Formats
5 pages
Ekran Resmi 2024-09-16 - 14.39.29
No ratings yet
Ekran Resmi 2024-09-16 - 14.39.29
1 page
Neb
No ratings yet
Neb
114 pages
Eng TELE-satellite 1209
No ratings yet
Eng TELE-satellite 1209
324 pages
Teaching With Canva
No ratings yet
Teaching With Canva
1 page
Ajax Modal Pop Up Extender in ASP
No ratings yet
Ajax Modal Pop Up Extender in ASP
7 pages
WWW Respaper Com Icse 258 3565-pdf HTML
No ratings yet
WWW Respaper Com Icse 258 3565-pdf HTML
5 pages
Introduction:-: Purpose
No ratings yet
Introduction:-: Purpose
8 pages
CA Advanced Authentication - 8.1 - ENU - Collecting Device ID and DeviceDNA - 20170816
No ratings yet
CA Advanced Authentication - 8.1 - ENU - Collecting Device ID and DeviceDNA - 20170816
16 pages
Rebirth On Windows PDF
No ratings yet
Rebirth On Windows PDF
7 pages
Building Your Own Web Server
No ratings yet
Building Your Own Web Server
12 pages
Getting Started With Scratch 2.0
No ratings yet
Getting Started With Scratch 2.0
16 pages
Human IT E-Waste Items
No ratings yet
Human IT E-Waste Items
1 page
Resume Parser: Code4Goal - Coding Contest
No ratings yet
Resume Parser: Code4Goal - Coding Contest
7 pages
Fifth Edition of CBSE Student Global Aptitude Index (SGAI) Goes Online
No ratings yet
Fifth Edition of CBSE Student Global Aptitude Index (SGAI) Goes Online
5 pages
Manual Recorder dvr5100h
No ratings yet
Manual Recorder dvr5100h
128 pages
Ict - Fundamentals
No ratings yet
Ict - Fundamentals
18 pages
How To Recover MSSQL From Suspect Mode Emergency Mode Error 1813
No ratings yet
How To Recover MSSQL From Suspect Mode Emergency Mode Error 1813
3 pages
RF Online Golden Mystery Setup Log
No ratings yet
RF Online Golden Mystery Setup Log
3 pages
Mcd388 98 Pss Aen
No ratings yet
Mcd388 98 Pss Aen
3 pages
Ccs352 Mma Question Bank 2024 2025
No ratings yet
Ccs352 Mma Question Bank 2024 2025
13 pages
Analisis Penerapan E-Government Pada Sistem Informasi Manajemen Keimigrasian (Simkim) Di Kantor Imigrasi Kelas 1 Kota Semarang
No ratings yet
Analisis Penerapan E-Government Pada Sistem Informasi Manajemen Keimigrasian (Simkim) Di Kantor Imigrasi Kelas 1 Kota Semarang
14 pages
620 ECMP Scanner Installation Guide Linux
No ratings yet
620 ECMP Scanner Installation Guide Linux
7 pages
Siemens Multix Manual
No ratings yet
Siemens Multix Manual
31 pages
DBCrane Users Guide V2
No ratings yet
DBCrane Users Guide V2
29 pages
Postinstallation
No ratings yet
Postinstallation
4 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

CA Identity Suite 14.x: CA Identity Manager - Implement Provisioning 200

Uploaded by

CA Identity Suite 14.x: CA Identity Manager - Implement Provisioning 200

Uploaded by

CA

CA Identity Suite 14.x: CA Identity Manager – Implement Provisioning 200

Role Task2 Event3

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.