Only a partial course catalog is displayed. Please log in to see the complete catalog.


Identity Governance Courses (43):

What’s new in IGI 5.2.4 Service Center

IBM Identity Governance and Intelligence version 5.2.4 introduces some enhancements, and a new look and feel, to the user interface.

This video demonstrates the new functionalities on the Service Center, available to a Business User.

Agenda:

  • Updates in the Service Center User Interface
  • Customization of the login and logout pages
  • Column customization in Access Certification
  • Signoff updates in Access Certification
  • Password synchronization
  • Feedback survey

IGI Integration with Secret Server

Overview: This course demonstrates how to use IBM Identity Governance and Intelligence to manage user accounts and support data, such as Groups, Folders, and Secrets on the Secret Server solution.

The first part of the video focuses on creating and configuring an Enterprise Connector between IGI and Secret Server, while the second part demonstrates some relevant integration features, like user account creation, entitlement management, groups, folders, and secret shares management.


IGI Rules Development Toolkit

Overview: The Identity Governance and Intelligence, or IGI, Rules Development Toolkit is a project for the Eclipse Java IDE, designed to assist the IGI administrator in developing and troubleshooting Java rules for IGI.

This video demonstrates how to download, install, execute and use the IGI Rules Development Toolkit.

Identity & Governance Meet the Experts Open Mic

IBM Security Identity Manager (ISIM) product experts answered client questions about identity and governance during this Security Learning Academy Live session at Think 2018, 19 March 2018.

IBM Security Identity Governance and Administration Data Integrator (ISIGADI) Tips and Troubleshooting Open Mic

This Open Mic session was broadcast live from Think on 19-Mar-2018

Chris Weber from the IBM Support team delivered the "IBM Security Identity Governance and Administration Data Integrator (ISIGADI) Tips and Troubleshooting" Open Mic LIVE at the 2018 Think conference.

Agenda:

  • Logs and logging settings
  • IGI SDK
  • Creating new IGI admin ID
  • Verify assembly line
  • ISIGtoISIM assembly line
  • Delta assembly line
  • Validate assembly line
  • ISIM person attribute mapping

IGI Performance Tuning Guide 5.2.3

IBM Security Identity Governance and Intelligence Performance and Tuning Guide 5.2.3 covers the following topics.

Topics covered:

  1. Statistics Enablement for the Database
  2. Tuning the Rule Engine Scan Rate
  3. Tuning the Rule Engine Cache
  4. Task Planner
  5. Improving Rule Engine Concurrency
  6. Reducing I/O Wait Time
  7. Bulk Load
  8. Collecting Java Core Dumps
  9. PostgreSQL Database
    1. Embedded PostgreSQL Database
    2. NFS Mounted PostgreSQL Database
  10. User Interface Dashboards
  11. Improving Access Request Module Response Time
  12. The Internal Security Directory Integrator
  13. System Hierarchy Refresh
  14. Enabling FIPS and SSL
  15. Clearing the Event Queues
  16. Enabling SNMP for Performance Monitoring
  17. DB Connection Pool
  18. Multi-threaded Enterprise Connector
  19. Tuning the Directory Server
  20. General Tips

IGI Access Recertification and SoD Demonstration

IBM Identity Governance and Intelligence is unique among identity governance tools in basing access recertification and SoD detection on conflicting business activities rather than application permissions.

The business activities approach uses plain English rather than arcane IT terminology to make sure the requester, approver and risk managers easily understand the access being requested and the risk it implies.

IGI Integration with the CyberArk Privileged Account Security Solution

Overview

This course demonstrates how to use IBM Identity Governance and Intelligence to manage users, and user accounts, on the CyberArk Privileged Account Security server.

The first part of the course focuses on installing the adapter and configuring a connection with a CyberArk server, while the second part demonstrates some relevant adapter features, like user and account creation, entitlement management, account suspension, password change, and finally, user deletion.

Identity Governance Business Drivers

This video explains the whys and wherefores of Identity Governance, starting with the "pain chain" of the gaps between auditors, business managers and IT when it comes to answering the question, "does employee Jane Doe have the proper access privileges (and no more) to perform her duties per our company's policy?"

The video continues on to explain key capabilities such as access certification, role mining and modeling, separation of duties and access risk analytics. These capabilities (and more) are provided by IBM Security Identity Governance (formerly CrossIdeas IDEAS).

The video concludes with a role play of a company that's failed an audit and must address that failure within a 6 month window, applying the capabilities described in the first half of the video.

IGI Clustering and High Availability Open Mic

This Identity Governance Clustering and High Availability Open Mic webcast was broadcast on 14-July-2017

Agenda:

  • Overview and Architecture
  • Virtual Appliance setup and configuration
  • Front-end: Web Load Balancer
  • Back-end: DB2
  • Back-end: IBM Security Directory Server

Goal:

  • Provide guidelines about how to set up clustering and high availability in IBM Identity Governance and Intelligence, presenting a sample solution by Virtual Appliance, front-end and back-end points of view.


Configuring Certification Campaigns in IGI Overview, with Lab

Notice: This course and lab will be retired on 12-April-2019

<< link to updated course >>

If you are currently working on this lab, please complete your work by this date. The course and lab guide will remain available, but the connection to the lab environment will be removed.

If you have not begun work on this course, it is strongly recommended that you enroll in the updated replacement to this course now.

Certification campaigns are a formal process that automates the periodic review of a given relationship. They enable critical access decisions by nontechnical line of business managers.
IGI supports five different certification campaign types.

  • User assignment - Review individual user entitlements
  • Organization unit assignment - Assess where entitlements are visible
  • Risk violation mitigation - Review unmitigated risk violations
  • Entitlement - Examine the contents of each entitlement
  • Account - Review account access for target applications under management

Certification campaigns are created and configured by the IGI Administrator in Access Governance Core, and then executed by reviewers, using the Service Center.
This lab lets you practice a complete and fully functional user assignment certification campaign.

IBM Certified Associate - Security Identity Governance V5.1

An IBM Certified Associate - Security Identity Governance V5.1 is an individual with entry level knowledge and experience with IBM Security Identity Governance V5.1 . This individual is knowledgeable about the fundamental concepts of IBM Security Identity Governance V5.1 through hands on experience. The associate should have an in-depth knowledge of the basic to intermediate tasks required in day-to-day use of IBM Security Identity Governance V5.1 . The individual should be able to complete these tasks with little to not assistance from documentation, peers or support.


Key Areas of Competency

  1. IBM Security Identity Governance UI from an admin and end user perspective
  2. Identify the key IGI features
  3. Understand the benefits of using IGI for identity and access governance.

Configuring Password Synchronization in IGI 5.2.4

Password synchronization is the process through which a user maintains a single password across multiple applications. Administrators can associate account configurations with a password sync group and then define password policies to manage password synchronization for the password sync group.

IGI Account Expiration Feature

This video shows how to provision and manage temporary accounts in IBM Identity Governance and Intelligence.

IGI Access Risk Control Modeling Overview, with Lab

Notice: This course and lab will be retired on 12-April-2019

<< link to updated course >>

If you are currently working on this lab, please complete your work by this date. The course and lab guide will remain available, but the connection to the lab environment will be removed.

If you have not begun work on this course, it is strongly recommended that you enroll in the updated replacement to this course now.


Identity Governance and Intelligence enforces segregation of duties (SoD) checks, based on relationships established between the Business Activities (BA) layer and the Role-Based Access Control (RBAC) model.

Companies invest in roles to better model “who-can-do-what”, while auditors do not trust roles; they trust user permissions and assignments. Except for simple scenarios, the number of permission and role combinations to review becomes unmanageable quickly. In this scenario, it is difficult to conduct SoD analysis using roles.

This video and lab demonstrate how Identity Governance and Intelligence enforces segregation of duties (SoD) checks, based on relationships established between the Business Activities (BA) layer and the Role-Based Access Control (RBAC) model.

IBM Identity Security Adapters

IGI leverages on the Enterprise Connectors application to align its data with the peripheral target systems.

This course demonstrates how to achieve data alignment between the centralized database of IBM Security Identity Governance, and peripheral target systems. The first part of the video focuses on configuring a connection with a peripheral target system, while the second part demonstrates account creation and removal on a remote Active Directory domain.

IGI Overview, with Lab

Notice: This course and lab will be retired on 12-April-2019

<<link to updated course>>

If you are currently working on this lab, please complete your work by this date. The course and lab guide will remain available, but the connection to the lab environment will be removed.

If you have not begun work on this course, it is strongly recommended that you enroll in the updated replacement to this course now.


IBM Identity Governance and Intelligence (IGI) is a network appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

IGI has a robust and intuitive user interface, divided into two areas. Administration Console is reserved for administrators. Service Center is where the applications for business users are contained.

This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface. Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional copy of IGI with more than 2300 sample user records.

A Day in the Life of a Line of Business Manager working with IGI

Notice: This course and lab will be retired on 12-April-2019

<< link to updated course >>

If you are currently working on this lab, please complete your work by this date. The course and lab guide will remain available, but the connection to the lab environment will be removed.

If you have not begun work on this course, it is strongly recommended that you enroll in the updated replacement to this course now.


This video and hands-on lab provide a real business user experience by guiding you through tasks typically performed by a line-of-business manager who uses BM Identity Governance and Intelligence (IGI) to manage accesses for his team members.

Identity Governance Troubleshooting Open Mic

This Open Mic web seminar was originally broadcast on 16-May-2017

Agenda

  • Support Files contents
  • Accessing different logs and other files through the IGI appliance interface
  • Changing logging levels
  • Logging statements in rule code
  • Miscellaneous issues

IGI Role Lifecycle Management Overview, with Lab

Notice: This course and lab will be retired on 12-April-2019

<< link to updated course >>

If you are currently working on this lab, please complete your work by this date. The course and lab guide will remain available, but the connection to the lab environment will be removed.

If you have not begun work on this course, it is strongly recommended that you enroll in the updated replacement to this course now.


In the IBM Identity Governance (IGI) and Intelligence data model, an entitlement identifies a structured set of permissions. Permissions grant to users accesses the resources of an organization. Permissions often have obscure names that make it difficult to understand what they really represent. For these reasons, permissions are grouped into named roles in IGI.

IBM Identity Governance and Intelligence offers a number of approaches for role management, role definition, role consolidation and role mining.

In the role definition approach, the administrator defines a role upon existing knowledge of what that role should contain, simply by adding permissions and other roles. In a role consolidation, you replace a set of common entitlements with a more easily understood role. In role mining, you search for prospect roles in the business organization by seeing what entitlements have already been assigned to users in similar roles leveraging the advanced role mining features of Identity Governance and Intelligence.

This video and lab guides you to discovering the approaches that IGI offers for role management.

Upgrading IGI Firmware from V5.2.2 to V5.2.3

This is the first video from Amrin Maria Khan from her IGI 5.2.3 series. She will discuss the Firmware Upgrade of IBM Security Identity Governance and Intelligence Virtual Appliance from V5.2.2 to V5.2.3 using firmware update transfer utility.

IBM Identity Governance Implementation Overview

This video describes the whys and wherefores of Identity Governance, starting with the "pain chain" of the gaps between auditors, business managers and IT when it comes to answering the question, "does an employee have the proper access privileges to perform duties per our company's policy?" The video explains key capabilities such as access certification, role mining and modeling, separation of duties and access risk analytics. These capabilities are provided by IBM Identity Governance. The video concludes with a role play of a company that's failed an audit and must address that failure within a 6 month window.

Configuring IBM DB2 Server for IBM Identity Governance and Intelligence Virtual Appliance

This video discuses configuring an IBM DB/2 database for IBM Security Identity Governance V5.2.3. This includes providing pre-requisites for DB2 configuration and installation and configuration of the DB2 Server.

Changing the Default DB User Password in IBM Identity Governance and Intelligence v5.2.3

This video shows you how to change the default password in Identity Governance and Intelligence.The default password across the IGI database schema is “ideas”. It is always recommended to change the password before the IGI database configuration.

Using and configuring new features in IBM Identity Governance and Intelligence 5.2.3

IBM Identity Governance and Intelligence version 5.2.3 delivers enhancements in the virtual appliance deployment, product and security integration, and in the technical foundation.
New features include:

  • Support for US FIPS 140-2 (Federal Information Processing Standard)
  • Improved account management
  • Converged Target Administration with Enterprise Connectors module
  • Fulfilment status visible in the user interface (a.k.a. What is and what should be)
  • Password management via custom rules
  • SSH session timeout
  • Option for authenticating users from an external user registry to the Local Management interface
  • Usability improvements
  • Additional language support, bidirectional support

This video demonstrates how to configure and use the main new features and improvements of IGI 5.2.3.

Managing the exchange of data in IGI

This video shows how to configure Enterprise Connectors to import user identities via a CSV (Comma Separated Value) file, as the student exercise in Unit 3 - Exercise 2 of the TW400G IBM Identity Governance and Intelligence Foundations class. This video does not include audio. It is intended that the instructor provides narration for the students.

TW400 IBM Identity Governance and Intelligence Foundations

IBM Identity Governance and Intelligence is an advanced identity governance system. This course provides the foundational skills necessary to operate, administer, and accomplish the major business functions and analyses provided by Identity Governance and Intelligence. This course provides instruction and hands-on labs for managing the import of data and data exchange with target applications, managing the lifecycle role, modeling access risk control, running certification campaigns, designing workflow processes, and designing and administering reports.

 
View enrollment options

Introduction to IBM Identity Governance and Intelligence

This is the Instructor Demonstration of the Virtual Appliance Command Line Interface and Virtual Appliance console as in the TW400G IBM Identity Governance and Intelligence Foundations class - Unit 1 - Lesson 2. This video does not include audio. It is intended that the instructor provides narration for the students.

What’s new in IGI 5.2.4. User Interface

IBM Identity Governance and Intelligence version 5.2.4 introduces some enhancements, and a new look and feel, to the user interface.
This video demonstrates three scenarios with some of the new user interface functionalities available to a line of business manager.


Closed captioned in English, Italian and Spanish

IGI Business User Badge

IGI Business User badge logo

The IGI Business User badge focuses on the skills required of the IGI business user as detailed on the IGI Business User roadmap

To earn the IGI Business User badge, you must complete each of the 7 required courses and pass a 35 question quiz with a score of 80% or higher.

Items listed in the Additional Resources section are optional and there for your assistance only.

All courses are free of cost and can be found on the Security Learning Academy in the Identity, Access and Governance > Identity Governance category.

Reporting

This video shows how to find, run, download, and customize reports. The video also demonstrates how to assign report entitlements to manage access to the sensitive data often contained in IGI reports.

Note: This video was recorded during the IGI v5.2.0 Train-the-Trainer session (August 2016).

IGI Virtual Appliance Overview and Configuration

This video is an overview of the IBM Identity Governance and Intelligence Virtual Appliance, and demonstrates how configure the main appliance parameters using the Command Line Interface and the Virtual Appliance console.

The Command Line Interface is particularly useful during the early stages of an installation, when the application has not been deployed yet, or to troubleshoot any condition that prevents you from accessing the graphical Virtual Appliance console. In the first part of the video we demonstrate how to use the Command Line Interface to move across menus, work with Virtual Appliance partitions, check fix packs installed, configure the main network parameters, and test the main connection parameters.

 We also demonstrate how to use the Virtual Appliance graphical console for the initial configuration and basic maintenance. We show how to configure the connection to an external database server, install a fix pack, and configure the NTP protocol to synchronize time among all components of the Identity Governance solution.

IGI Virtual Appliance Installation

The IBM Identity Governance and Intelligence Virtual Appliance is an appliance-based solution that delivers the Identity Governance and Intelligence application.

This video demonstrates how you can install the Identity Governance and Intelligence Virtual Appliance, and perform the initial configurations.

IGI Virtual Appliance Monitoring and Maintenance

This video shows how you can monitor the main resources of the IBM Identity Governance and Intelligence (IGI) Virtual Appliance, and demonstrates how you can investigate and troubleshoot issues.

The first part of the video demonstrates the usage of the widgets on the main Virtual Appliance Dashboard, and the Monitoring menu facilities that you can use to monitor the memory, CPU, and storage used by the IGI Virtual Appliance. The video also shows how you can monitor the IGI Virtual Appliance remotely from any SNMP monitoring application, accessing to hundreds of status variables.

The second part of the video demonstrates how you can configure an appropriate log level to capture enough logging messages and access specific log files. The video then demonstrates how we can create and download the Support File, a single package that captures all the log files at once, after an issue occurred or after having successfully recreated an issue to troubleshoot. The Support Files captures logs from both the Virtual Appliance and the Identity Governance application, and it is ultimately required and used by IBM Support to assist in troubleshooting issues.


Loading data with the Bulk Data Load tools

Bulk Data Load allows the administrator to add a large quantity of data to the AG Core database. This method is suitable for large quantities of data that do not change over
time. Bulk Data Load is therefore appropriate for the initial data load following a new installation and when important changes are in the AG Core database.

Note: This video was recorded during the IGI v5.2.0 Train-the-Trainer session (August 2016).

Integration with Managed Resources - Identity Brokerage Adapters

This video describes the initial loading of data into IGI from external sources as well as the exchange of data between IGI and authoritative data sources and target applications, using the Identity Brokerage Adapters and the Enterprise Connectors mechanisms.

Identity Brokerage Adapters allow managements of targets, where a target represents a user repository for a resource, such as an operating system, a database application, or another application that IGI manages. For example, a managed resource might be a Lotus Notes® application, and a service can be defined for a Lotus Notes User Repository.
A large number of Identity Brokerage Adapters are already supported, and new adapters are being added.

Enterprise Connectors are an alternative choice for periodic HR feeds, or any integration where data changes over time, even on a hourly or daily basis. Enterprise Connectors can be easily scheduled for periodic execution.

Note: This video was recorded during the IGI v5.2.0 Train-the-Trainer session (August 2016).


A day in the life of a line-of-business manager, with lab

Overview
IBM Security Identity Governance and Intelligence, or simply IGI, is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers Line of Business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

This lab provides a real business user experience. You imitate a day in the life of a Line of Business manager, who uses IGI to manage accesses for his team members.

Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional Identity Governance environment, with many sample user records, roles, and risk definitions.

The Identity Governance and Intelligence user interface is divided into two areas. The Administration Console is reserved for administrators, while the Service Center is where the applications for business users are contained. In this lab we use the Service Center only.

Objectives

  • Overview of the Service Center
  • Working on pending requests
    • Submitting a request
    • Evaluating, approving or rejecting requests as a user manager
    • Verifying the new role
  • Requesting roles for team members
    • Requesting a role for a team member
    • Evaluating and approving requests
    • Verifying the new role
  • Certification campaigns
    • Evaluating running certification campaigns
    • Redirecting evaluation to another reviewer
    • Tracking progresses
    • Generating certification campaign reports

IGI overview, with lab

Overview

IBM Security Identity Governance and Intelligence (IGI), is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business (LOB) managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

Objectives
This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface.

  • Tour of the Administration Console
  • Tour of the Service Center
  • Access Governance Core
  • Managing the exchange of data
    • Loading data by using the Bulk Data Load tools
    • Loading data by using the Enterprise Connectors
  • Role lifecycle management
    • Exploring roles
    • Exploring role mining
  • Access risk control modeling
  • Certification campaigns
  • Reporting
  • Automating tasks
  • Tour of the Virtual Appliance console

IGI access risk control modeling overview, with lab

Overview
The Access Risk Controls module of IBM Identity Governance and Intelligence (IGI) enforces Segregation of Duties (also known as Separation of Duties, or SoD) checks, based on relationships established between the Business Activities layer (BA) and the Role-Based Access Controls model (RBAC).

Risk is often defined in terms of the likelihood of an event, and the cost, or impact, of the consequences if the event occurs. Segregation of Duties is the principle of organizing complex structures by dividing tasks and responsibilities between the members of an organization, to prevent any member from having complete control of any transaction from initialization to completion.

IGI defines a Segregation of Duties risk as a combination of conflicting Business Activities.

Objectives

  • Getting familiar with business activities and risks
    • Business activities, permissions, and risk relationships
    • Add new business activities
    • Map business activities to permissions
    • Map permissions to business activities
  • Define Segregation of Duties (SoD) risk and assign mitigation controls
    • Define a new Segregation of Duties risk
    • Assign a mitigation to a Segregation of Duty risk
  • Check for Segregation of Duty risk violations
    • User risk violation analysis
    • Assign a mitigation to a risk violation

Configuring certification campaigns in IGI overview, with lab

Overview

Certification campaigns are a formal process that automates the periodic review of a relationship, and enables critical access decisions by nontechnical line-of-business managers.

Identity Governance and Intelligence (IGI) supports five different certification campaign types.
  • User assignment - review individual user entitlements
  • Organization unit assignment - assess where entitlements are visible
  • Risk violation mitigation - review unmitigated risk violations
  • Entitlement - examine the contents of each entitlement
  • Account - review account access for target applications under management

Objectives
  • Creating and running a user assignment certification campaign
    • Configuring a certification dataset
    • Creating the certification campaign
    • Starting a certification campaign
    • Running the certification campaign as a reviewer
    • Supervising a certification campaign
    • Handling exceptions in a certification campaign
  • Reviewing unmitigated risks with a certification campaign
    • Creating the certification campaign
    • Running the certification campaign
    • Understanding the effects of the unmitigated risks review

IGI role lifecycle management overview, with lab

Overview

In the IGI data model, an entitlement identifies a structured set of permissions. These permissions are assigned to a user to allow access to the resources of an organization.

Permissions, IT roles, business roles, and external roles are collectively referred to as entitlements.
Entitlements are structured in a hierarchy. This lab will teach you how roles are created and managed in IGI.

Objectives
  • Role definition
    • Creating a new role
    • Adding entitlements to a role
    • Publish the new role
    • Add scope to the new role
    • Assign the role to a user
    • Verify success
  • Role consolidation
    • Observing and consolidating existing entitlements
    • Analyze the new role for impact and risk
    • Publish the new role
    • Add scope to the new role
    • Consolidate the new role
    • Verify success
  • Role mining
    • Prepare for the role mining process
    • Create a data snapshot for data exploration
    • Review the analysis for potential roles
    • Use role mining to discover a new role
    • Analyze the discovered roles
    • Release the role to Access Governance Core
    • Publish the new role