Application On-boarding
Application on-boarding refers to the process of adding an application to OpenIAM such that the application can participate in the one or more of the following operations:
- Joiner, mover, and leaver (JML) processes
- Request/approval workflows.
- Audit and compliance activities.
It may not be possible to integrate the full universe of application. As such applications can be segregated into the following types:
- Automated applications - applications which can be integrated using connectors
- Manual applications - applications which cannot be integrated using connectors.
- Applications of little significance with no audit impact. The business may decide not integrate these applications.
The sections below describe how you can on-board applications in the first two categories.
Automated applications
Automated applications integrate with the target application using connectors. Connector enable direct communication with the application to allow for near real time updates to identity information resulting from the JML processes. In addition to the automation, organizations also benefit for the audit logs resulting from these operations and help to improve security and compliance. To integrate applications using connectors, follow the steps described below:
| Topic | Documentation and Examples |
|---|---|
| 1. Deploy and register the connector | |
| RPM connector | Connector Registration using RPM |
| Docker connector | Connector Registration using Docker |
| Local connector | LDAP connector |
| Remote connector | AD PowerShell connector |
| Other connectors | Connectors overview |
| 2. Establish a connection to your application | Connecting process overview |
| 3. Import data from applications to OpenIAM | |
| Import entitlements from applications | Overview on the OpenLDAP Connector example |
| Import existing users + entitlements | Overview on the OpenLDAP Connector |
Manual applications
Unlike automated applications, where a connector enables near real time integration with the business application to support JML processes, the integration with manual applications is limited to importing data that has been exported from the application. The primary benefits of this level of integration is to be able to:
- Have a complete view of a user's access across applications
- Support governance activities such as access certifications
- Support request/approval workflows
Onboarding of applications which lack connectors is described in the following sections.
- Register application in OpenIAM
- Load application entitlements
- Load existing users and their entitlements
Automated provisioning
After you have connected your application and imported users and entitlements for them, it is important to implement the automated user life cycle management. It is a critical part of the OpenIAM identity governance solution.
The overall solution and steps to allow you to implement automated user life cycle management in your environment is described in Automated Provisioning Section.
The section on Automated Provisioning will provide details related to:
- Validate provisioning
- Define birthright access
- Implementing joiner, mover, leaver rules
- Custom scripts to support automated provisioning creating groovy scripts for special attributes
- CSV files and connectors
- Reconciliation