M960 - Access Panel Solution Developer

3 Day Course

Course History and Future Events

Not Scheduled

Description

Access Panel replaces or enhances MIM BHOLD, MIM PAM Portal, and various MIM Portal functions. It is a multi-modal IAG solution including traditional RBAC, ABAC, attestation, and just-in-time permissions. Access Panel is a true SaaS application running natively on Azure App Services, with the option of running on-premises.

This course is for the identity solution developer who is planning or participating in an Access Panel implementation, or who is engaged in a project to extend the functionality of an existing Access Panel deployment.

This course looks at how to design and implement greenfield IAG implementations, as well as phased replacement of an existing solution (with an emphasis on the Microsoft Identity Manager portal products.

Who Should Attend

• Consulting firms, independent consultants, and internal IT staff responsible for a successful implementation or expansion of Access Panel deployment.
• MIM or Identity Panel Suite solution developers wanting to expand their skills.

With a properly licensed Access Panel you can perform the following:

• Create and manage criteria based membership in resources (including AD groups, Azure groups, licenses, and roles, on-premises line-of-business app permissions, SaaS application groups).
• Create dynamically populated RBAC roles and associate them to resources
• Enforce separation of duties by role
• Assign expiration and renewal policies to resources
• Manage ownership replacement due to employee turnover
• Manage access granting and revocation due to position changes or termination
• Configure just-in-time elevation of privilege for high risk and administrative groups and roles
• Delegate resource administration to application owners
• Perform attestation of membership assignments
• Perform attestation of group and resource criteria
• General security principal attestation of users
• Attestation of compliance processes

Prerequisites

• Course A850
• Course A860

Agenda

• Access Panel Overview
• Working with Access Panel virtual silos and object types
• Workflows for managing entitlements
• Understanding Access Panel Policies
• Configuring and Managing Ownership
• Configuring and Managing Just-in-Time
• Configuring and Managing RBAC
• Configuring and Managing Attestation Campaigns

Course Outline

• Access Panel Overview
  
  • Features and capabilities of Access Panel
  • Access Panel architecture and processing model
  • When to use Access Panel and when to use Service Panel or HyperSync Panel
• Working with Virtual Silos
  
  • Understanding Virtual Silos
    • User Silos
    • Resource Silos
    • Role Silos
    • Application Silos
  • Designing Principal Silos
    • Custom and control attributes
    • Silo workflows
    • Entitlement workflows
• Understanding Access Panel Policies
  • Communications Settings
  • Request Policies
  • Expiration Policies
  • Review Policies
• Managing Resource settings
• Managing Ownership
  • Configuring ownership inheritance
  • Ownership turnover and replacement
• Managing Just-in-Time
  • Configuring Just-in-Time
  • Operating Just-in-Time
• ABAC
  • Configuring Criteria for Resources
  • Bulk assign resource criteria
• RBAC
  • Configuring RBAC Roles
  • Operating RBAC resource assignments
  • Managing RBAC inheritance
• Attestation (Access Reviews)
  • Configuring attestation campaigns
    • Principal Oriented Campaigns
      • Users
      • Resources
      • Roles
      • Applications
    • RBAC assignment campaigns
    • Resource entitlement campaigns
• Reporting and compliance
  • Audit log reporting
  • Feeding data to a SIEM
  • Campaign management reporting
  • Application specific compliance reports