Skip navigation
All Places > CA Security > CA Identity Management > Blog > Authors kumni04

CA Identity Management

2 Posts authored by: kumni04 Employee

Goal #1: Simplify Application Onboarding


In part I of this blog, I presented an overview of the five goals we want to achieve to ensure that our identity and access management (IAM) Ops Software Factory runs smoothly. Well, I’m finally back with part II. Today, my IMAG Jedis, wherever you are in this universe, together we will focus our attention on simplifying application onboarding.


We all know that enterprise-scale IAM operations is much more than just onboarding identities and managing their lifecycle. Think about it: When was the last time you even considered onboarding only user identities, as if doing so were tantamount to achieving singularity in a blackhole? It was inevitable (and right) that IAM operations move on from user onboarding to aligning application onboarding to meet the demands of modern business. No longer can we think of user identities and application accounts separately. From HR to commerce and everything in between, each identity has an associated entity in the form of a CA Identity Suite application endpoint.


Each endpoint is critical to your business and user experience, and endpoints are often tied to one or more enterprise processes. From provisioning to workflow to accountability, the fabric of your enterprise DNA has many aspects. Let’s start by asking ourselves these questions:

  • How can users access the application faster?
  • How can the application be integrated faster so that the business doesn’t have to wait as long?
  • How can I govern access to business applications?
  • How can I use what others are already doing to accelerate value?


To enable your business processes—and answer the above questions—enterprise applications need to be integrated with a solution such as CA Identity Suite in an agile manner that consists of:

  • Connectivity to the applications
  • Management of accounts and entitlements within the applications
  • Control of access to the applications


OK, assuming you’re convinced that simplifying application onboarding is the way to go, how do you get it done?


CA Identity Suite Deployment Xpress lets you onboard an application’s various user populations with a wizard-based approach. Deployment Xpress’s predefined business process use cases (such as employee onboarding and contractor termination) allows you to integrate applications more easily and quickly, giving users faster access. Better yet, Deployment Xpress Market Place allows you to download and leverage best practice use cases on the fly. The use cases ship with pre-built, simple-to-use, intuitive user interfaces that can be branded with your corporate theme in CA Identity Portal, which enhances your user and customer experience.


If you want to integrate applications using APIs with CA Identity Suite, CA API Gateway is tailor made to your needs. In this approach to application onboarding, you don’t have to rely on OOTB connectors or invest in developing extensive custom connectors: You can simply follow a policy-based low-to-no-code approach.


Last but not the least, we need to remember governance. Like it or not, we all need to run periodic certification campaigns to ensure that access is validated and verified across all enterprise applications. The new AppXpress capability and services allow you to onboard connector and connector-less applications into CA Identity Suite in a matter of minutes, align them to master user data and run campaigns through your consolidated CA Identity Governance universe.


I highly recommend that you develop questionnaires, templates and job aids to help your application owners, business stakeholders and operations managers create more structured and simplified application onboarding. If you have questions or comments, or need help, please post your thoughts below.


Next up: The challenge of creating an enterprise IAM framework that supports security and compliance needs without having to deal with performance issues that impact your CX. 

I’ve received requests from many of you to discuss best practices for performance tuning of CA Identity Suite, so that is today’s topic.


Call me biased, but I am firmly convinced that CA Identity Suite is the most comprehensive identity and access governance (IMAG) solution in the industry—and the most scalable. CA Identity Suite comprises three key applications:

  • CA Identity Manager
  • CA Identity Governance
  • CA Identity Portal

These applications, embedded in your business processes and your IT infrastructure, are supported by several commercial technologies such as application servers, databases, LDAPs and operating systems. In the last 18 years, I’ve done almost countless IMAG assessments and CA Identity Suite health checks for customers of all sizes in a wide variety of industries. Those health checks all start with one seemingly simple question: What constitutes optimal performance, now and in the future? But as simple as it seems, you’ll be surprised how elusive the answer can be.


Performance tuning is easier to accomplish if we first establish qualitative metrics (such as the customer experience) and quantitative metrics (such as transaction speed) for the business process in question, say, user login. Your qualitative and quantitative metrics for user login (or any other process) will drive the metrics for individual solutions and components.


During this stage, it’s important to understand that each enterprise has its own unique metrics. To be successful, your organization needs to establish its own particular metrics rather than duplicate or approximate those of another enterprise—even if that enterprise is a leader in your industry.


After determining your metrics, you need to construct your test scenario, test data and test data automation. You then need to run them using a performance testing tool such as CA BlazeMeter and a testing automation tool such as CA Test Data Manager (CA TDM) to generate test data and verify results.


Testing your use case for metrics is not enough; you need the right set of eyes and ears to find out what’s going on. Gone are the days when monitoring server uptime, process, CPU and hard disk utilization were enough. The Application Economy demands a much more effective monitoring system that contributes to a successful digital transformation and a superior customer experience. This requires sophisticated low-level monitoring of components that can monitor the business process.

That’s where CA Application Performance Management (CA APM) enters the picture. Having worked with most of the performance monitoring tools on the market, I can assure you that none comes close to the capabilities and insights provided by CA APM (formerly CA Wiley). CA APM monitors CA Identity Suite tasks, events and business logic, providing full drill-down monitoring of low-level entities within a business process.


The powerful combination of CA BlazeMeter, CA TDM and CA APM allows performance testing and tuning for continuous delivery (#Agile) of CA Identity Suite. These tools provide the necessary insights for tuning the performance and adjusting the capacity of these CA Identity Suite components:


  • CA Identity Manager Server, CA Identity Portal and CA Identity Governance Server JVMs running on IBM WebSphere, Oracle WebLogic, RHEL WildFly or RHEL JBoss EAP
  • CA Identity Suite runtime and operations databases running on Oracle and/or Microsoft
  • CA Identity Suite user stores running on CA Directory, LDAP, Active Directory and other support databases such as Oracle and Microsoft
  • CA Identity Suite provisioning server and directory running on CA Directory
  • Supported operating systems such as Windows Server, RHEL, and Oracle Solaris
  • Network components

Whether you have performance issues or you want to build a highly scalable, high-performing CA Identity Suite infrastructure to enable your digital transformation, the CA Services team has the expertise to help you do precisely that. CA Services tunes the performance of Identity Manager by conducting technical health checks and, if requested, a full business process review. CA Services also specializes in performance testing and SaaS-based monitoring.


Please feel free to reach out to CA Services to find out how to engage us to facilitate your digital transformation and create a superior customer experience.