1-Day Course
Course History and Future Events
Description
This is a workshop where there will be a concentration on labs and open Q&A. This course assumes you are already familiar with MIM and/or have attended course A951.
This course looks at how to design and implement solutions by applying Patterns and Practices for migrating from MIM or implementing a new Service Panel solution.
Who Should Attend
- Those who have attended A951 to learn the latest Patters and Practices for migrating from MIM, or implementing a new Service Panel solution.
- Consulting firms, independent consultants, and internal IT staff responsible for a successful implementation or expansion of a Service Panel deployment.
Prerequisites
- Must have attended W901 - HyperSync Patterns and Practices Primer for Experts.
- Own a subscription to the Knowledge Package for Developers or the Knowledge Package for Administrators or considering consulting on the Identity Panel Suite.
Agenda
The Patterns and Practices toolkit is a work-in-progress collection of PDFs that are being created and published according to the tree structure below. The items in bold represent current state, and are available to course attendees on request.
Selections from the available patterns will be introduced with a walk-through in a reference lab configuration, then associated config files and instructions will be supplied to candidates to install and configure in their own labs.
SoftwareIDM Patterns and Practices Toolkit
Access Required
© SoftwareIDM
- User Lifecycle
- Application (pre-HR)
- Verified ID (or equivalent for 100 pt check etc.)
- Letter of Offer
- Acceptance
- Pre-start access
- Joiner
- Account Provisioning
-
HR Provisioning (Org structure occupant, independent of whether or not application process precedes it)
- HR Contingent Worker (Org structure occupant)
- Contingent Worker Provisioning (non-HR)
- Guest provisioning (vendor/service provider)
- Other provisioning (contingent worker/interested party)
-
HR Provisioning (Org structure occupant, independent of whether or not application process precedes it)
- Multiple HR feeds
- HR feed masking/overriding
- Generate non-HR employee ids
- Immutable/correlation id
- Unique name generation
- Provisioning in advance of start date (in HR, not in HR yet)
- Provision before start date
- Use SvP to pre-create an employee in advance of HR
- Account Provisioning
- Mailbox provisioning (on prem AD or M365)
- M365 group based licensing, set remote mailbox
- Home folder provisioning
- Birthright access
- Azure license group/assignment
- VPN
- Internet users etc.
- Sign conditions of use agreement
- Activation
- Advance account activation
- Manager-driven initial Access/Activation (incl. notifications)
- Notifications (new account, manager, initial pwd, etc.) [TODO:enumerate password delivery options]
- Admin/Secondary account provisioning
- Out-of-band setup, e.g. mailbox scripts
- Location or Job based provisioning templates
- Email suffix
- OU/Domain target
- Azure tenancy
- Share/home folder locations (persona)
- Mover/Changes
- Change profile (personal details)
- Change profile (employment details)
- Change Org Structure (manager/subordinates)
- Change roles
- Non-employee manager reassignment
- Account dormancy
- Dormant account reclaim
- Name change
- Account name/email change (with notification/approval)
- Multi-domain/forest
- Primary domain
- Domain move
- Cross-domain join
- SID history management
- Account changes notes
- Leaver
- Non-employee re-certification
- Immediate/Emergency termination (walked)
- Termination on elapsed date
- Delayed termination
- Delayed archiving workflows
- Out-of-band cleanup
- Entitlement cleanup
- Litigation holds
- Re-joiner
- Rejoin as Non-HR contingent worker
- Rejoin as former employee
- Search and verify for previous account
- Rejoin as HR employee
- Rejoin as former Non-HR contingent worker
- Merge identity (user with multiple accounts)
- Re-certification of entitlements
- Rejoin as Non-HR contingent worker
- Password Management
- SSPR
- Service desk password reset
- Password synchronization
- Non-person and Special Account Management
- Service accounts
- Request authorization
- Metadata (ownership, application assignment)
- Decommissioning
- Test accounts
- VIP accounts
- Change approval for VIP accounts
- Board members
- Auditors
- Guest accounts
- Guest Lifecycle management
- Guest Invitations
- Service accounts
- Reference Data Management (Locations, Org Units, etc.)
- Ref Data Lifecycle Management
- Overrides (time-bound)
- Group Lifecycle
- Criteria Groups
- Exception management
- Group policy templates
- Job based granularity of group grants
- Group creation
- Request/approve
- Security groups
- Distribution groups
- Group ownership
- Pooled ownership
- Position derived ownership
- Membership request
- Approval
- JIT/PAM
- Out-of-band
- Mailbox setup
- Post removal cleanup
- Expiry and Extension
- Attestation
- Roles
- Link to groups
- Criteria assignment
- Hierarchical roles
- Attestation/certification
- Criteria Groups
- System Operations
- Availability monitoring (panel check, status page)
- Backup and Recovery (on-premises only)
- Timing (operational efficiency)
- System health
- Supported OS
- Supported dependencies
- Secure networking
- Connected system availability
- Schema changes
- Updates and compatibility
- Secret Management
- Threshold triggering
- Change Management (promotion of configuration)
- Housekeeping
-
Compliance and Reporting
- JML Reporting
- Leavers reporting
- License utilization
- Pending changes
- Exports
- Imports
- Sync Errors
- Requests and Approval history
- SLA adherence
- Change volume
- Policy violations [TODO: expand definition of policy violations]
-
Data integrity
- Mismatched accounts
- Enablement conflicts
- Expiry
- Ambiguous joins
- Incorrect joins
- Uniqueness conflicts
- Manager tree integrity
- Valid manager (e.g. employee)
- Unresolved references
- Dormant accounts
- AD flags (Password never expires, not required)
- Event syndication (to SIEM)
- IdP request logs
- Sync activity
- Data syndication to BI
- Org has a Power BI team that wants Identity data
- Org was dumping MV data into tables for reporting
- Groups with no members
- Groups with no owner
- Groups with no changes (e.g. add/remove in n years)
- JML Reporting
- Application (pre-HR)
Note: referenced JSON files for the above can be found here.
Comments
0 comments
Article is closed for comments.