Symantec IGA

  • 1.  CA Identity Portal: Can handle multiple accounts that mapped to same CorpUser?

    Posted Oct 22, 2018 03:35 AM

    CA Identity Portal 14.2

    Customer use case....

    Beside request access for employee himself. User can request access for their "Service Account".

     

    Firstly, employee already have an account for himself in target application.(which employee have no problem manage his Access via Identity Portal).

     

    Now the situation become complicated, when user is allow to request additional account, which is "service account" in the same target application.

     

    After that, employee is also allow to Manage access on this service account on same target application.

    Note: Employee is allow to request "Create Service Account", "Modify Access for Service Account" and "Delete Service account".

     

    Q) Can Identity Portal handle multiple account that belong to the same person/employee during Manage Access ?

    Q) With the above use case, can Identity Portal handle it ? or we have to use Identity Manager portal ?



  • 2.  Re: CA Identity Portal: Can handle multiple accounts that mapped to same CorpUser?

    Broadcom Employee
    Posted Oct 22, 2018 04:43 AM

    Yes, the identity suite can handle one user to multiple accounts (even on the same endpoint). You only need to make sure of a unique ID in the account template for each account.

    e.g. user gil can have a gil account on AD as well as a gil-service account on the same AD.



  • 3.  Re: CA Identity Portal: Can handle multiple accounts that mapped to same CorpUser?

    Posted Oct 22, 2018 04:50 AM

    Hi GIL,

    My concern is on "Manage Access".If a CorpUser have multiple accounts mapped on same target system.

    When this user make request, how does we know whether his is make request for which account for "gil" or "gil-service" ?

    Will identity portal prompt which account to the "Access" will apply to ?

     

    regards,

    William



  • 4.  Re: CA Identity Portal: Can handle multiple accounts that mapped to same CorpUser?

    Broadcom Employee
    Posted Oct 22, 2018 05:10 AM

    There are two approaches you can take:

     

    1. Create two target permissions, each pointing to a specific provisioning role with an account template for the requested user.
    2. Build a form for the execution plan in which the user can enter the user id and populate this in the account template.

     

    I think option 1 is safer, if you have a set number of service accounts. If a user can have an arbitrary number of accounts, then option 2 might be the way to go.



  • 5.  Re: CA Identity Portal: Can handle multiple accounts that mapped to same CorpUser?

    Posted Oct 22, 2018 09:57 PM

    Thanks for the advice, Gil.