pre-con ed (lab): ca identity suite—raising the bar on user productivity and system efficiency
TRANSCRIPT
World®’16
CAIdentitySuite—RaisingtheBaronUserProductivityandSystemEfficiencyMatthewK.Miller– Sr.PrincipalConsultant– CATechnologies
SCX02E
SECURITY
1 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ForInformationalPurposesOnlyTermsofthisPresentation
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.Thepresentationprovided atCAWorld2016isintendedforinformationpurposesonlyanddoesnotformanytypeofwarranty.Someofthespecificslideswith customerreferencesrelatetocustomer'sspecificuseandexperienceofCAproductsandsolutionssoactualresultsmayvary.
CertaininformationinthispresentationmayoutlineCA’sgeneralproductdirection.Thispresentationshallnotserveto(i)affecttherightsand/orobligationsofCAoritslicenseesunderanyexistingorfuturelicenseagreementorservicesagreementrelatingtoanyCAsoftwareproduct;or(ii)amendanyproductdocumentationorspecificationsforanyCAsoftwareproduct.Thispresentationisbasedon currentinformationandresourceallocationsasofNovember1,2016,andissubjecttochangeorwithdrawalbyCAatanytimewithout notice.Thedevelopment,releaseandtimingofanyfeaturesorfunctionalitydescribedinthispresentationremainatCA’ssolediscretion.
Notwithstandinganythinginthispresentationtothecontrary,uponthegeneralavailabilityofanyfutureCAproductrelease referencedinthispresentation,CAmaymakesuchreleaseavailabletonewlicenseesintheformofaregularlyscheduledmajorproductrelease.SuchreleasemaybemadeavailabletolicenseesoftheproductwhoareactivesubscriberstoCAmaintenanceandsupport,onawhen andif-availablebasis.Theinformationinthispresentationisnotdeemedtobeincorporatedintoanycontract.
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Agenda
CAIDENTITYSUITEOVERVIEW
CAIDENTITYANALYTICS&LAB
ACCESSREQUESTRECOMMENDATIONS&LAB
CERTIFICATIONCAMPAIGNS&DEMONSTRATION
MOBILEEXPERIENCE&DEMONSTRATION
1
2
3
4
5
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MainConceptsofCAIdentitySuite
BridgingtheGap SimplicityOneStopShop
Concepts
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAIdentitySuite12.6.8KeyBenefits
§ Strengthensoperationalefficiencies– Addsanalyticsthatprovideinsightintotheperformanceoftheidentityandaccessgovernanceprocess.Withidentity
performanceanalytics,customerscanquicklyaddressissuesandtunetheirprocessestohelpidentityandeliminatebottlenecks,meetservicelevelcommitmentsandimprovegeneralidentityoperations.
§ Improvestheuserexperienceanduserproductivity– Addsnewpersonalization capabilitiesandoptionsforusersresponsibleforaccesscertification;providesmore
informationthewaytheuserwantstoseeit.– Providescontext-basedsuggestionswhichhelpusersgettheaccessthattheyneedtosuccessfullydotheirjob.– Providescomprehensivemobilesupportsoeverythingausercandoathis/herdesk,canbedoneviamobile.
§ Improvestime-to-value– Simplifiesdeploymentthroughout-of-the-box,pre-configuredcustomerusecases,helpingtoreducethetimeittakes
togetcommonuserscenariosupandrunningforfastertime-to-value.
©2016CA.AllRIGHTSRESERVED.
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SystemEfficiencyConfiguringCAIdentityAnalyticsAdministrating>AdministratingCAIdentityPortal>CAIdentitySuiteAdministration>AnalyticsDashboard
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
IdentityAnalyticsEmpoweringtheBusinesstoAchieveOperationalExcellencewithReal-timeAnalytics
§ OperationalExcellenceConsoleforManagers§ Centralizeddashboardprovidingaunique
viewofallidentitylifecycleprocesses§ Allowmanagerstoanalyzeprocessesanddrill
downintopotentialproblemsandremediatethem
§ Improvesefficiencyandproductivityoftheenterprise
§ SLAstatisticsgiveprojectsponsorsbusinessjustificationforprojectROI
©2016CA.AllRIGHTSRESERVED.
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhoCanSeeAnalytics?
Profile ScopingRule:Profilescanbelimitedtoasubsetof
usersbasedonuserattributes,entitlements,groupmembership
oracombination
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatTypesofAnalyticsGathered?
Analytics Tracking:AccessCatalogItems(Add,Remove,Modify)IdentityProcesses
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AccessCatalogItems
ProvisioningRoleasdefinedinCAIdentityManagerAnalyticsGathered
Numberoftimesrequested/removedDurationofprovisioning(min/max/avg)Associatedapprovals(ifapplicable)
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
IdentityProcesses
IdentityPortalTaskislinkedtoIdentityManagerAdminTaskAnalyticsGathered
NumberoftimesprocessedDurationofprocess(min/max/avg)Associatedapprovals(ifapplicable)
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AnalyticsDashboardOverview Once enabled,analyticsdataiscollectedandavailable
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DefineAnalyticsViews
Analytics Viewsarethemetricsgathered
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CreatingAnalyticsViews
Only2AnalyticsViewsmaybeenabledglobally
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TypesofAnalyticsViews
Requester:attributesabouttheindividualsubmittingthetask/makingtherequestSubjectoftheRequest:attributesabouttheindividualbeingprocessed/receivingaccessAformproperty:attributegatheredfromtheformsubmittedaspartoftheprocess/request
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
What’stheDifference?
JeffAndrewsManager
ElizabethTalbotUser
Title=ManagerUserID=andje01
Title=DeveloperUserID=talel01
JeffRequestsAccessforElizabeth
Requester|Title=ManagerSubjectoftherequest|Title=Developer
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
What’stheDifference?
JeffAndrewsManager
ElizabethTalbotUser
Title=ManagerUserID=andje01
Title=DeveloperUserID=talel01
ElizabethRequestsAccessforHerself
Requester|Title=DeveloperSubjectoftherequest|Title=Developer
Requester|ManagerID=andje01
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
What’stheDifference?
JeffAndrewsManager
Title=ManagerUserID=andje01
JeffCreatesNewContractor
FormProperty|ContractPeriod=90DaysRequester|ManagerID=andje01
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhataretheDataPoints?
Durationtocompleteintimescale
Numberofrequestsstartedonthedate
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HowdoIReadtheCharts?
Averagedurationoverthecourseofthetimeframe
Totalrequestsoverthecourseofthetimeframe
Longestdurationoverthecourseofthetimeframe
Shortestdurationoverthecourseofthetimeframe
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HowdoIReadtheCharts?
RequestscreatedonJanuary3rdtookonaverage9days
1request wassubmittedonJanuary3rd
31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HowdoIReadtheCharts?
Hoverovertoviewresultoftheprocessoverthecourseof thetimeframe
Hoverovertoviewresultoftheprocessoverthecourseof thetimeframe
Hoverovertoviewresultoftheprocessoverthecourseof thetimeframe
36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
BreakingDowntheWorkflow
Dataavailable onlyifaworkflowisassociatedtotheIDMtask
38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WorkflowDetails– Level2
Selectanactortogetadditionaldetails
39 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WorkflowDetails– Level3
Outcomesproducedbytheactorselected
43 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ConfiguringCAIdentityAnalyticsLab
§ Set-upAnalyticsCapability
§ DefineAnalyticsViews
§ Showanalyticsaroundsalesforce.comaccessrequests– ProvidemetricsonManagersapprovingaccess– Providemetricsondepartmentsrequestingtheaccess
§ WillshowSLAoncompletedtransactions
45 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Validate/Modify‘CreateWebServices’AdminTask
*CreateWebServices*
47 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EnsureWebServicesConfigurationExists
ShouldAlreadyExistforCAIdGIntegration
48 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CreateWebServiceifitDoesn’tExist ONLYPERFORMIFNOWEBSERVICE
DEFINITIONEXISTED
50 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
OpenIdentityPortalCAIdM Connector
ONLYPERFORMIFNOWEBSERVICE
DEFINITIONEXISTED
51 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EnterWebServiceDefinitiontoConnector
WebServicesName
WebServicesURL
ONLYPERFORMIFNOWEBSERVICE
DEFINITIONEXISTED
52 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SaveConnector
ONLYPERFORMIFNOWEBSERVICE
DEFINITIONEXISTED
63 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RestarttheCAIdentityManagerConnector
Waitfortheconnectortorestart
91 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AnalyzeShowsBreakoutofAnalyticsViews;thenClickWorkflowonTop
93 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatWeAccomplished
§ Set-uptheAnalyticsfeature
§ DefinedAnalyticsViews
§ Showedanalyticsaroundsalesforce.comaccess– Managersapprovingaccess– Departmentsthathadusersrequestingtheaccess
§ SawtheSLAfortwocompletedtransactions
95 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Real-TimeDecisionSupportToolsContextBasedRecommendations
§ Easy-to-useaccessrequestprocessthroughanintuitive'ShoppingCart‘experiencejustgotsmarter.
§ AdviceToolssuchasreal-timecontext-basedaccessrecommendations
§ Recommendationsandsuggestionsarecalculatedanddisplayedinreal-timeduringaccessrequests
§ Suggestionsarecontext-based,i.e.Basedonusers’attributes,currentaccessandrequestedaccess
99 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Recommendations
§ ReverseofanSoDrule;whatyouMAYwantvs.whatyouCAN’Thave
§ Basedonwhoauseris(attributes)orwhatauserhas(existingaccessprivileges)
§ Dynamicallycalculatesuponaddingentitlementstoshoppingcart
§ Canstillbegovernedbyapprovalworkflows
101 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SuggestionDefinition
Message thatappearstotheuserprovidingcontext
102 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SuggestionDefinition
Whichtargetpermission(s)willberecommendedtotheuser
104 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
SuggestionDefinition
§ User’sattribute:basedonwhoauseris
§ User’sPermissions:basedonwhatauserhas
§ Group:supportforcomplexcombinationsofattributesandpermissions
We’llconfiguresuggestions foreachoftheseinthelab
105 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhythisissomethingYouShouldUse
§ Enableuserstogaincommonaccessthatmaynotapplytobirthrightaccess– Decreaseentitlementclutter
§ Providecontexttonewusers– WhatdoIneed?
§ Complementaryaccesstoapplicationsforincreasedproductivity– AmIgettingthefullbenefitoutofanapplication?
107 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Real-TimeDecisionSupportToolsLab
§ ConfigureUserPermissionsSuggestion– Willsuggestsalesforce.com– WillrecommendifuserhasaccesstotheCRMApplication
§ ConfigureaComplex(Group)Suggestion– WillsuggestCAServiceManagement– Tier1Supportaccess– WillrecommendifuserisamemberoftheHelpDeskLDAPGroup,OR– WillrecommendifauserisintheITServicesDepartmentandhas
Tier2Supportaccess
131 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ExistingCRMAccessPresentstheRecommendation
Noticeshe hastheCRMaccess
132 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HoverOvertheSuggestion
Clickingherewill addtheaccesstotheshoppingcart.
Willclear thesuggestion.
135 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ExistingCRMAccessPresentstheRecommendation
Karahas2recommendations, butnottheoneforServiceManagement;sheisinITServices,butdoesn’thaveTier2access
137 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AddTier2SupporttotheShoppingCart
Nowthatshehas Tier2accessinhercart,shesatisfiesbothconditionsforthefirst
recommendationcritieria
140 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GreghasHelpDeskGroupAccess
Gregsatisfies theconditionforthesecondrecommendationcriteria.
141 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatWeAccomplished
§ ConfiguredaUserPermissionsSuggestion– Suggestedsalesforce.combasedonauser’sexistingentitlement:
CRMApplication
§ ConfiguredaComplex(Group)Suggestion– SuggestCAServiceManagement– Tier1Supportaccessbasedontwo
differentconditions;§ IfuserisamemberoftheHelpDeskLDAPGroup,OR§ IfauserisintheITServicesDepartmentandhasTier2Supportaccess
142 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CertificationCampaigns
§ Simplifiesandcentralizesallnecessarycomplianceactivitiesinoneplace.
§ Businessentitlementscataloguesimplifiescertifications
§ Riskanalysishighlightsriskyaccessto:– Enablereal-timeremediation– Improvepolicyenforcement– Simplifyregulatorycompliance
§ Easilycustomizablefortheneedsofeachrole/user
CertifyUsersAccessinaFriendlyEfficientMethod
CRMCustomerview
UpdateHRreports
ViewBillingReports
144 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TableofContents
Listofallactivecertificationsassignedtotheuser.
Clickingonacampaignexpandstothelistof
users
145 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TableofContents– Sortablility
Organizesbyusers
Organizesbyresources/entitlements
Organizesbyroles
147 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PersonalizedView
MetadatastoredinCAIdentityGovernance
148 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
IdentityOnTheGOTheMostComprehensiveMobileApplicationintheMarket
Requestapproval Passwordmanagement CertificationcampaignsBranding Performaccessrequests
149 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MobileExperiencecanbeBranded
TheMenuwillexposeallin-scopemodulesfortheuser
Asubsetofthein-scopemodulesaredisplayedfortheuser
150 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MobileAccessRequests
Shoppingcartexperienceinamobileformat
151 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MobileAccessApprovals
Approvalandimplementationworkflowsexposed
Approvalactions:Approve,Reject,Reserve,Reassign
153 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MustSeeDemos
OnboardEnterpriseUsers
CAIdentitySuite,CAIdentityServiceCAAPIManagement
SECSE001
EnableaHybridLaunchpad
CAIdentityService
SECSE003
StreamlineIdentityGovernance
CAIdentitySuite
SECSE005
ControlPrivilegedAccess
CAPrivilegedAccessManager
SECSE004
154 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Security
FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw