Identity Governance Courses

Identity Governance Courses Courses:

A day in the life of a line-of-business manager, with lab

Overview
IBM Security Identity Governance and Intelligence, or simply IGI, is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers Line of Business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

This lab provides a real business user experience. You imitate a day in the life of a Line of Business manager, who uses IGI to manage accesses for his team members.

Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional Identity Governance environment, with many sample user records, roles, and risk definitions.

The Identity Governance and Intelligence user interface is divided into two areas. The Administration Console is reserved for administrators, while the Service Center is where the applications for business users are contained. In this lab we use the Service Center only.

Objectives

  • Overview of the Service Center
  • Working on pending requests
    • Submitting a request
    • Evaluating, approving or rejecting requests as a user manager
    • Verifying the new role
  • Requesting roles for team members
    • Requesting a role for a team member
    • Evaluating and approving requests
    • Verifying the new role
  • Certification campaigns
    • Evaluating running certification campaigns
    • Redirecting evaluation to another reviewer
    • Tracking progresses
    • Generating certification campaign reports

IGI overview, with lab

Overview

IBM Security Identity Governance and Intelligence (IGI), is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business (LOB) managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

Objectives
This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface.

  • Tour of the Administration Console
  • Tour of the Service Center
  • Access Governance Core
  • Managing the exchange of data
    • Loading data by using the Bulk Data Load tools
    • Loading data by using the Enterprise Connectors
  • Role lifecycle management
    • Exploring roles
    • Exploring role mining
  • Access risk control modeling
  • Certification campaigns
  • Reporting
  • Automating tasks
  • Tour of the Virtual Appliance console

Configuring certification campaigns in IGI overview, with lab

Overview

Certification campaigns are a formal process that automates the periodic review of a relationship, and enables critical access decisions by nontechnical line-of-business managers.

Identity Governance and Intelligence (IGI) supports five different certification campaign types.
  • User assignment - review individual user entitlements
  • Organization unit assignment - assess where entitlements are visible
  • Risk violation mitigation - review unmitigated risk violations
  • Entitlement - examine the contents of each entitlement
  • Account - review account access for target applications under management

Objectives
  • Creating and running a user assignment certification campaign
    • Configuring a certification dataset
    • Creating the certification campaign
    • Starting a certification campaign
    • Running the certification campaign as a reviewer
    • Supervising a certification campaign
    • Handling exceptions in a certification campaign
  • Reviewing unmitigated risks with a certification campaign
    • Creating the certification campaign
    • Running the certification campaign
    • Understanding the effects of the unmitigated risks review

IGI access risk control modeling overview, with lab

Overview
The Access Risk Controls module of IBM Identity Governance and Intelligence (IGI) enforces Segregation of Duties (also known as Separation of Duties, or SoD) checks, based on relationships established between the Business Activities layer (BA) and the Role-Based Access Controls model (RBAC).

Risk is often defined in terms of the likelihood of an event, and the cost, or impact, of the consequences if the event occurs. Segregation of Duties is the principle of organizing complex structures by dividing tasks and responsibilities between the members of an organization, to prevent any member from having complete control of any transaction from initialization to completion.

IGI defines a Segregation of Duties risk as a combination of conflicting Business Activities.

Objectives

  • Getting familiar with business activities and risks
    • Business activities, permissions, and risk relationships
    • Add new business activities
    • Map business activities to permissions
    • Map permissions to business activities
  • Define Segregation of Duties (SoD) risk and assign mitigation controls
    • Define a new Segregation of Duties risk
    • Assign a mitigation to a Segregation of Duty risk
  • Check for Segregation of Duty risk violations
    • User risk violation analysis
    • Assign a mitigation to a risk violation

IGI role lifecycle management overview, with lab

Overview

In the IGI data model, an entitlement identifies a structured set of permissions. These permissions are assigned to a user to allow access to the resources of an organization.

Permissions, IT roles, business roles, and external roles are collectively referred to as entitlements.
Entitlements are structured in a hierarchy. This lab will teach you how roles are created and managed in IGI.

Objectives
  • Role definition
    • Creating a new role
    • Adding entitlements to a role
    • Publish the new role
    • Add scope to the new role
    • Assign the role to a user
    • Verify success
  • Role consolidation
    • Observing and consolidating existing entitlements
    • Analyze the new role for impact and risk
    • Publish the new role
    • Add scope to the new role
    • Consolidate the new role
    • Verify success
  • Role mining
    • Prepare for the role mining process
    • Create a data snapshot for data exploration
    • Review the analysis for potential roles
    • Use role mining to discover a new role
    • Analyze the discovered roles
    • Release the role to Access Governance Core
    • Publish the new role