Skip to main content

Integration Guide

This guide is designed to provide the tools and knowledge to fully understand and configure Identity Manager to match your project's needs.

Target Audience

This guide is meant to be read by integrators who configure Identity Manager to match their project's needs.

Prior Knowledge

A basic knowledge of Identity and Access Management (IAM) and more precisely of Identity and Governance Administration (IGA) is required to really understand, implement and use Identity Manager's features.

Netwrix Identity Manager (formerly Usercube)strongly recommends starting from the Introduction Guide to fully benefit from the Integration Guide's content.

Technical skills

As Identity Manager is a web application, some classic devops skills are needed:

  • Web servers, especially IIS: declare a web site; configure an application pool.
  • SQL Server: query data in the database with SQL, including with joins; insert/update data with SQL; for advanced use, an understanding of database indexes.
  • Coding: very basic C# skills; PowerShell scripts.
  • XML and JSON syntax for configuration files.
  • Git or other source control tools.

The other technical skills greatly depend on the connectors needed for your projects. The most frequent ones are:

  • Excel and CSV
  • LDAP and Active Directory: understanding of LDAP attributes and of group membership.
  • Microsoft Entra ID (formerly Azure Active Directory)
  • Exchange
  • REST API programming

Set Up

Optimize

  • Modify the Identity Data Model

    How to make data model properties evolve according to the organization's needs.

  • Create an HR Connector

    How to create a connector dedicated to the automation of identity management (creation, update, deletion), via the synchronization of HR data into Identity Manager and internal provisioning.

  • Manage Risks

    How to use the risk management module to identify entitlement assignments that pose a security risk, especially about segregation of duties and high privileges.

  • Create a Policy

    How to define policies to organize roles and rules.

  • Automate the Review of Non-conforming Assignments

    How to automate the review of non-conforming assignments through automation rules.

  • Automate Assignments

    How to automate entitlement assignment.

  • Automate Role Assignments

    How to manually build rules to automate the assignment of roles to identities.

  • Perform Role Mining

    How to use role mining to suggest role assignment rules based on existing assignments, in order to push the automation wall further.

  • Remove Redundant Assignments

    How to remove redundant assignments, i.e. manual assignments of roles and resource types that are assigned by a rule too.

  • Create a Composite Role

    How to define composite roles in order to create sets of single roles easy to assign.

  • Configure a Parametrized Role

    How to reduce the number of roles in the model by configuring roles with parameters.

  • Perform a Simulation

    How to assess the impact of a modification on the role model, including the role catalog, role assignment rules and resource correlation rules, using a dedicated policy.

Administrate

In the Admin section you can do the following:

  • Generate Reports

    How to use Identity Manager's reporting modules to produce IGA reports for auditing and governance purposes.

  • Review Orphaned and Unused Accounts

    How to remediate license and security issues caused by orphaned and/or unused accounts.

  • Provision

    How to write to a managed system.

  • Review Provisioning

    How to review provisioning orders before generation.

  • Provision Manually

    How to use Identity Managerto manually write to the managed systems.

  • Provision Automatically

    How to use Identity Manager to automatically write to the managed systems.

  • Review Non-conforming Assignments

    How to review non-conforming assignments, i.e. approve or decline the suggestions made by Identity Manager after every synchronization. The aim is to handle the differences between the values from the managed systems and those computed by Identity Manager's role model.

  • Reconcile a Role

    How to review non-conforming permissions, i.e. approve or decline the role suggestions made by Identity Manager after every synchronization. The aim is to handle the differences between the navigation values from the managed systems and those computed by Identity Manager according to the role catalog.

  • Reconcile a Property

    How to review unreconciled properties. The aim is to handle the differences between the property values from the managed systems and those computed by Identity Manager according to provisioning rules.

  • Review an Unauthorized Account

    How to remediate unauthorized accounts. The aim is to review the accounts whose assignments don't comply with the rules of the role model.

  • Perform Access Certification

    How to certify existing access by reviewing a specific range of assigned permissions for auditing purposes.

  • Schedule a Certification Campaign

    How to create and schedule access certification campaigns, defining their scope.

  • Execute a Certification Campaign

    How to execute access certification campaigns, i.e. review specific entitlement assignments and deprovision inappropriate access.

  • Request Entitlement Assignment

    How to send a manual request to add, update or remove an entitlement for an identity.

  • Review Assigned Roles

    How to review user permissions grouped by roles.

Global Process

How do the process activities success each other.

NETWRIX recommends working with a SaaS installation and with the User Interface as long as possible, because identity management is optimized by mastering identities inside Identity Manager.

Be aware that the integration of an IGA tool is an iterative process. There is no simple linear process. This user guide provides the following processes that can follow one another and intertwine.

Maintain