# Groups and populations are used to provide sets of identities to include in various activities. For example, the refresh task can be limited to a pre-defined set of identities, or a pre-defined set of identities can be certified.
# We will also be using rules to assign ownership to each group.
# A rule is used to assign owners to groups generated from a group factory.
# Additionally, we want to use Advanced Analytics to define some populations based on specific criteria. Populations are similar to groups, except that they are driven off of multiple search criteria whereas Groups are statically defined based off a single Identity attribute.
Using Group Factories to Generate Groups :-
# Navigate to Setup ---> Groups and click on Create New Group and fill in the following fields :
# Provide the following information
# Group Owner - Assign Manager : return group.getName();
# Click on save.
# Run the task : Refresh Groups.
Note :-
These group themselves are not dynamic. You must run the Refresh Groups task
periodically to update them. Between runs of Refresh Groups, the groups themselves
remain static, but the membership is always based off a dynamic query.
Generate Populations :-
Populations can be generated off any of the data that is available via the Advanced Analytics feature
of IdentityIQ.
For our implementation, we want to generate two populations.
- Active Managers who are not Contractors in Asia-Pacific Region only
- All users who have Privileged accounts on any application
- All users who doesn't has Active Directory
1. Navigate to Intelligence ---> Advanced Analytics
2. Under the Identity Search tab, click Clear Search and enter the following search criteria :
a. Is Inactive: False
b. Is Manager: True
c. Region: Asia-Pacific
d. Status: Employee
e. Click Run Search
e. From the Result Options drop down menu, select Save Identities as Population
f. Name: Active Managers - Asia-Pacific
g. Click Save
Create another Population with the following criteria :
a. First click Refine Search, then click Clear Search to reset everything
b. Privileged Account: True
c. Click Run Search
d. You should see results showing all users with Privileged accounts
e. Save as a Population with the following name: Identities with Privileged Accounts
Create another Population with the following criteria :
a. First click Refine Search, then click Clear Search to reset everything
b. Click on Advance search --> Application is not equal to Active directory
c. Click Run Search
d. You should see results showing all users without Active directory account.
e. Save as a Population with the following name: Identities without AD Accounts
# Navigate to Setup ---> Groups and select the Populations tab
a. Confirm that you have three populations defined :
Notes :-
- By default, these populations are only visible to the user who created them. You can edit the populations and make them Public.
- Populations are dynamic queries, so every time you view a population, you are viewing its current members at that point in time.
No comments:
Post a Comment