M970 - Access Panel and Service Panel Developer

4 Day Course

Course History and Future Events

Recent and future M970 Course Locations and Dates Include

• Redmond, WA, U.S. - 22-23 May 2025 - M970 - Service Panel and Access Panel Developer
• Helena, MT, U.S. - 19-20 May 2025 - M970 - Service Panel and Access Panel Developer
• Cambridge, U.K. - 12-14 May 2025 - M970 - Access Panel and Service Panel Developer
• Dallas, TX, U.S. - 18-20 March 2025 - M970 - Service Panel and Access Panel Developer
• Bengaluru ಬೆಂಗಳೂರು, India - 19-21 March 2025 - M970 - Access Panel and Service Panel Developer
• London, U.K. - 6-8 November 2024 - M970 - Access Panel and Service Panel Developer
• Reading, U.K. - 18-20 September 2024 - M970 - Access Panel and Service Panel Developer
• Kansas City, U.S. - 1-3 May 2024 - M970 - Access Panel and Service Panel Developer
• London, U.K. - 25 November 2021 - A970 - Access Panel Solution Developer
• Reykjavík, Iceland - 22 July 2021 - A970 - Access Panel Developer

Description

Access Panel replaces or enhances MIM BHOLD, MIM PAM Portal, and various MIM Portal functions. It is a multi-modal IAG solution including traditional RBAC, ABAC, attestation, and just-in-time permissions. Access Panel is a true SaaS application running natively on Azure App Services, with the option of running on-premises.

This course is for the identity solution developer who is planning or participating in an Access Panel implementation where Service Panel is also to be deployed, or who is engaged in a project to extend the functionality of an existing Access Panel plus Service Panel deployment.

This course looks at how to design and implement greenfield IAG implementations, as well as phased replacement of an existing solution (with an emphasis on the Microsoft Identity Manager portal products.

This is a new course being developed with the new version of Access Panel and Service Panel. This course combines M960 - Access Panel Solution Developer and M950 - Service Panel Solution Developer.

Who Should Attend

• Consulting firms, independent consultants, and internal IT staff responsible for a successful implementation or expansion of Access Panel deployment.
• MIM or Identity Panel Suite solution developers wanting to expand their skills.

With a properly licensed Access Panel you can perform the following:

• Create and manage criteria-based membership in resources (including AD groups, Azure groups, licenses, and roles, on-premises line-of-business app permissions, SaaS application groups).
• Create dynamically populated RBAC roles and associate them to resources
• Enforce separation of duties by role
• Assign expiration and renewal policies to resources
• Manage ownership replacement due to employee turnover
• Manage access granting and revocation due to position changes or termination
• Configure just-in-time elevation of privilege for high risk and administrative groups and roles
• Delegate resource administration to application owners
• Perform attestation of membership assignments
• Perform attestation of group and resource criteria
• General security principal attestation of users
• Attestation of compliance processes

Prerequisites

• Course A812
• Course A820
• Course A850
• Course A860
• Course A890

Agenda

• Service Panel Overview
• Access Panel Overview
• Working with Access Panel virtual silos and object types
• Workflows for managing entitlements
• Understanding Access Panel Policies
• Configuring and Managing Ownership
• Configuring and Managing Just-in-Time
• Configuring and Managing RBAC
• Configuring and Managing Attestation Campaigns

Course Outline

• Service Panel Overview

  • Features and capabilities of Service Panel
  • Service Panel architecture and processing model
  • Service Panel Use Cases

  Overview

  • Application Overview
    • Identity Panel
    • Service Panel
    • Access Panel
  • High level architecture overview
    • Relationship between Apps
    • Provider framework – panel connections
    • The Graph Architecture (and join rules – what they are, not sticky)
    • Policy framework
    • Request policies
    • Campaigns and attestation high-level
    • Workflows & actions
      • Discuss old provider framework – fixtures etc.)
    • Where data is stored
      • Silos - from scans
      • Generated within Identity Panel e.g. Service Panel store for Service Accounts
        • Sync silos
        • HV
        • Projected silos
    • Synchronization & performance
    • Security audiences
  • UI Overview
    • Dashboard
    • Theme
    • Identity display
      • Card view
      • List view
      • Thumbnail
      • Layout, sections, colors, icons etc.
      • Difference with Time Traveler (history/graph) and Service Panel (now/identity/projected silo)
    • Search – Time Traveler and Service Panel
    • Reports – Identity Panel reports published in Service Panel (report publishing facility) with Service Panel security applied
    • Forms
      • Dashboard forms e.g. create an id or perform an action
      • Forms associate to an account e.g. user updates, self-service updates
      • Forms that are called from APIs e.g. Ticketing system, bulk updates
    • Attestation – config and end user 

  Common Configuration

  • Join rule config
  • Projected Silos – multiple, audiences etc. (Settings/security/ role – new - admins can impersonate users to test things); initial load; config changes and graph reload
  • Projected Silos attributes
    • Decorators
    • Risk Attributes
    • Job Attributes
    • Reference attributes
  • Projected silo sync[AS2] 
  • Theme settings[AS3] 
  • Request policies (used in both AP and SP - detail to follow)

  Service Panel Config

  • Dashboard layout
  • Modules
  • Sidebar
  • Forms
    • Data sources
    • Create Forms
      • Initiating a silo as a data source
    • Form approval and emails (Request policies for approval)
    • Form actions
    • Edit Forms
    • Shared sections
    • Form submission troubleshooting
    • Calling forms with fixture or action; calling forms with an API call
  • Auxiliary attributes -masking data e.g. 24hr override for HR emp status
  • Augmenting attributes – mastering data - providing a value where none is present e.g. telephone number .

   

  Access Panel

  • Dependency on Service Panel
  • Configuration
    • Access Panel Sidebar Links
    • Request Policies (see later for detail)
    • Resource Definitions
      • Scoping
      • Audiences
      • Actions
      • Thresholds
      • Entitlements
    • Projected Silo Access Panel Settings
      • Job Attributes
      • Risk Attributes
      • Resource and Identity types
  • Access Policy
    • Synchronization – policy sync
    • Criteria
    • SOD
    • JIT
  • Attestation
    • Survey (form response rather than approve reject) e.g. contractor certification, group ownership; group/application, obsolete groups, ownership of non-person accounts
    • Entitlement
    • Campaign lifecycle (definition, instances, starting, enrolling, request lifecycle)
    • Synchronization – Campaign sync; request sync
    • Timing
      • Once
      • Recurring
      • Delay time, start date etc.
    • Request Policies
      • Timing and Expiration
      • Recipient Chains
      • Communications
      • Activities
      • Request display
    • Scope
      • Testing criteria
    • Testing campaign flows
    • Campaign reports
    • Campaign control (terminate early, resetting a request, changing the recipient)
    • End user request experience