Business Development on NetIQ IDM

By Novell Consulting Ukraine (NCU)

Overview on value add of NCU

• Built new integration modules (drivers)• Build a Risk Assesment System inside NetIQ IDM• Enhanced user interface features of the portal IDM

UserApplication• Comprehensive Separation of Duties management on

the application request stage.

• Other examples of enhancements made to NetIQ IDM

Built new drivers

Why ?

Customers demands:Automation of access permissions and objects management for Microstrategy (provider of enterprise software platforms for Data Analytics & Audits).Who uses Microstrategy: SWIFT, 1st Financial Bank USA, Adidas, First National Bank, Bayer Healthcare, BNP Paribas, UniCredit, Deutsche Bank AG, DHL, Samsung Electronics, eBay, Facebook, Hyundai Mortor Company etc.http://www.microstrategy.com/us/about-us/customers/customer-list

Current NetIQ Deliverables:None: There are no off shelf integration modules for the leader in analytic and audit industry: MicroStrategy.

IDM integration module for Microstrategy

IDM integration module for Microstrategy

NCU developments:• Fully-functional driver, built according to IDM and SDK architecture from NetIQ• Complete Java implementation, uses Java Web API from MicroStrategy SDK• Allows bi-directional synchronization of User, Group, Report data and other

MicroStrategy metadata with NetIQ IDM• Delivered with built-in policy set, that lets achieve a result out of box• Tested with MicroStrategy version 9.x in an actual project in Ukraine

Future NetIQ Deliverables:Off shelf integration modules for the leader in analytic and audit industry: MicroStrategy.

• components: IDM 4.x

• deliverables: .jar, .xml

• services: installation, configuration, documentation

• support: updates & upgrades, 2nd line support

IDM integration module for Microstrategy Deliverables by NCU

Risk Assessment System inside NetIQ IDM

Why ?

Risk Assessment for applied and authorized permissions

Customers demands:Pro-active reaction to redundant permissions risks (do not allow to apply for the critical permission set on the access request stage). Receive comprehensive authorized permissions assessment for damages forecast and re-assessment planning.

Current NetIQ Deliverables:There are no Risk Assessment components inside NetIQ IDM. The feature is arranged in an off-line mode through reporting - and a refined version through Access Review.

Risk Assessment for applied and authorized permissions

NCU developments:• Data and Permissions Risk Assessment module for NetIQ IDM

(Abuse of permissions risk, Permissions loss risk, Permissions delegation risk, Information distortion risk, Data breach risk etc.)

• Pro-active analysis of risk level feature during access request application stage

• Worlds best practices in Risk Assessment reports• Administration setting tools

Future NetIQ Deliverables:Pro Active Risk Assessment for applied and authorized permissions inside NetIQ IDM

Risk Assessment System module Features

● Risk Assessment based on complex evaluations of object (User, System, Role, Activity)

● Operational risk evaluation during role permission assignment in the request application (form dashboards)

● Risk Analysis and Assessment (parameterized linked reports/sub-reports in JasperReport©)

● Risk Forecasting based on evaluations and executed activities (permissions assignment and revocation)

Permissions Request Form with Risk Indicator

Permissions Request Form with Risk Indicator

Risk Assessment (HeatMap)

Risk Assessment (HeatMap)

Risk Assessment (HeatMap subreport)

Critical Level Analysis

Critical Level Analysis

Critical Level Analysis

Critical Level Analysis

Risk Assessment System module Conclusion

● Risk Assessment based on characteristics of the objects used in access approval and maintenance

● Prevention/notification during assignment of roles associated with risks

● Risk Analysis and Forecasting● Assessment Indicator settings according to Customer demands● Analysis visualization for critical areas retrieval and assessment● “Heat Map” building for analysis acceleration● Assessment engine scaling according to object characteristics, risks,

object evaluations

• components: IDM 4.x UserApplication, EAS; Jasper Report 5.6/6.0 (community edition), jqgrid (opensource js-framework)

• deliverables: .war (.jar, .js), .xml (PRD), database schema (postgresql), report templates

• services: installation, configuration, documentation

• support: updates & upgrades, 2nd line support

Risk Assessment System module Deliverables by NCU

Enhanced user interface features of the portal IDM UserApplication

IDM User Application interface features extension

Customers demands:The ability not only to manage user group/target system role membership though IDM, but also to manage (create, edit) roles/access-groups in target systems WITHOUT system administrator's help.

Current NetIQ deliverables:Building tools for Simple forms, suitable for requests with short number of controls (fields, checkboxes etc.)

Example: User Application + jqGrid

Example: User Application + jqGrid

User Application + jqGrid

• Open Source jqGrid solution integration with UserApplication Interface.

• jgGrid controls binding with IDM role-based system.• As a result — ability to build more robust target system

permission management interfaces.

When need such features:• Integration with systems that does not have native

interfaces for permission grouping or systems with inconvenient interfaces.

• Demand to create and transfer to business the interfaces for target system object creation (particularly topical in banking).

Comprehensive Separation of Duties management

Customers demands:Prevent the registration request on conflict roles (SoD), having invested the role of the lower levels.

Current NetIQ Deliverables:NetIQ IDM does not check SoD policies in online forms and between role model levels. NetIQ IDM does not communicate with the user in case of policy violation.

Avoiding conflict of roles order

SoD Online control from UserApplication forms

• SoD validation on all built-in levels in UserApplication forms.• SoD violation notification.• SoD policies creation

interface stays unchanged.

BusinessBusinessRole 1Role 1

BusinessBusinessRole 2Role 2

CommonCommonRole 1Role 1

CommonCommonRole 2Role 2

CommonCommonRole 3Role 3

Prohibitedroles combi-nation (SoD)

Other examples of enhancements made to NetIQ IDM

• Optimized existing drivers (ActiveDirectory, Lotus Notes)• Digital Signature solution made inside the approval

processes stage• Extended and customized IDM reports