ForgeRock® Identity Management Deep Dive (IDM-420)

Training Credits accepted

Learn how to install and deploy ForgeRock® Identity Management (IDM) in an on-prem or selfmanaged cloud environment to manage the lifecycle and relationship of digital identities.

Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings (sync mappings) to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in depth, how they work, and the configuration options available during implementation.


Objectives

Upon completion of this course, you should be able to:

  • Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM
  • Create and configure connections between external resources and IDM
  • Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
  • Use the sample workflows included with IDM to learn how to introduce business processes into the provisioning process
  • Install and deploy IDM in an on-prem or cloud provider Linux environment


Target Audiences

The target audiences for this course include:

  • System Administrators
  • System Integrators
  • System Consultants
  • System Architects
  • System Developers


Prerequisites

The following are the prerequisites for successfully completing this course:

  • Completion of the ForgeRock® Identity Management Essentials course available at: https://www.forgerock.com/support/university/forgerock-university/forgerockidentity-management-essentials
  • Basic knowledge and skills using the Linux operating system will be required to complete the labs.
  • Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP would be helpful for understanding the examples; however, programming experience is not required.
Details anzeigen


Course Contents

Chapter 1: Modeling Objects and Identities

Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in IDM, and how you can model a custom identity profile onto a managed object in IDM:

  • Describe an IDM deployment and the UIs
  • Access and explore the IDM deployment and UIs
  • Review the IDM documentation
  • Describe the different object types in IDM
  • Map an identity object to a managed object
  • Describe how to model a managed user object
  • Model a managed user object in IDM
  • Describe how to create a new device managed object
  • Create a new device managed object

Lesson 2: Querying IDM Objects

Use the IDM REST interface to query IDM objects:

  • Describe how to query objects using the REST interface
  • Configure Postman to query IDM
  • Query IDM objects using Postman

Lesson 3: Managing Relationships

Create and manage the relationship between managed objects:

  • Describe the purpose of relationships
  • Create and query an object relationship
  • Describe the visualization of relationships
  • Create a dashboard to visualize relationships
  • Describe the relationship properties
  • Describe how relationships are configured
  • Create a new relationship between managed user objects
  • Describe the relationship between device managed objects and user managed objects
  • Set up a relationship between device managed objects and user managed objects

Lesson 4: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

  • Describe the roles and privileges within an organization
  • Implement the organization example


Chapter 2: Managing Connectors

Create and configure connections between external resources and IDM.

Lesson 1: Connecting to External Resources Using Connectors

Describe the connectors supported in IDM, and how to create connector configurations to communicate with external resources:

  • Describe how to connect external resources to IDM
  • Describe how to connect to external resources using ICF connectors

Lesson 2: Configuring Connectors With the Admin UI

  • Describe the process for creating a connector configuration using the IDM Admin UI
  • Add a connector configuration for an external LDAP resource
  • Describe how to add a CSV connector configuration
  • Add a connector configuration to import device identities

Lesson 3: Configuring Connectors Over REST

  • Describe the process for creating a connector configuration over REST
  • Describe the core connector configuration settings
  • Describe the object types and property mappings
  • Generate a full connector configuration JSON object over REST

Lesson 4: Connecting to Databases

Describe the ICF connectors for connecting to databases, and how to create connector configurations to access identity data stored in SQL databases:

  • Describe how to use the Database Table Connector
  • Configure the Database Table Connector
  • Describe how to use the Scripted SQL Connector
  • Create a scripted SQL connector configuration

Lesson 5: Connecting to External Resources Using a Scripted REST Connector Configuration

  • Describe the use cases for using a scripted REST connector
  • Connect to DS using the scripted REST connector (optional)


Chapter 3: Managing Synchronization and Reconciliation

Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.

Lesson 1: Performing Basic Synchronization

Describe how to use the IDM Admin UI to create sync mappings to reconcile identities between IDM and an external resource:

  • Describe how to create mappings to synchronize identity objects and properties
  • Describe how to create a sync mapping from IDM to an external resource
  • Describe how to add source and target properties to the sync mapping
  • Describe how to add a correlation query and a situational event script
  • Describe how to set the situational behaviors and run reconciliation
  • Add a sync mapping from IDM to an LDAP server
  • Describe the sync mapping from an LDAP server to IDM
  • Add a sync mapping from an LDAP server to IDM
  • Describe how to create a sync mapping to provision devices to the IDM repository
  • Create a sync mapping to provision devices to the IDM repository

Lesson 2: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

  • Describe the different methods that you can use to filter entries
  • Run selective synchronization using filters
  • Describe how to use LiveSync to synchronize changes
  • Trigger LiveSync on a connector
  • Describe how to schedule LiveSync
  • Schedule LiveSync with an external resource
  • Describe how to control synchronization to multiple targets

Lesson 3: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

  • Describe how to provision attributes to a target system based on static role assignments
  • Describe the steps to enable role-based provisioning
  • Query the role assignment properties using the REST interface
  • Provision attributes to a target resource based on static role assignments
  • Describe how to provision attributes to a target system based on dynamic role assignments
  • Provision attributes to a target resource based on dynamic role assignments
  • Describe how to add temporal constraints to a role
  • Add temporal constraints to a role


Chapter 4: Getting Started With Workflow

Use the sample workflows included with IDM to learn how to introduce business processes into the provisioning process.

Lesson 1: Deploying and Starting a Workflow

Enable the Activiti workflow engine in IDM and deploy a sample workflow to learn how to manage workflow tasks and processes in the IDM Admin UI, and by using the REST API workflow interfaces:

  • Describe use cases for workflows
  • Configure a sample: Contractor Onboarding
  • Run the sample
  • Describe how workflows are implemented in IDM
  • Describe workflow related tasks
  • Describe Workflow Instances
  • Enable the workflow service in IDM and examine a sample workflow

Lesson 2: Deploying and Creating a Workflow

Examine, deploy, change, and start the Contractor Onboarding process that creates a new user:

  • Describe the structure of workflow files
  • Describe how to model workflows
  • Examine the Flowable UI
  • Examine Contractor Onboarding workflow
  • Describe how to use forms in workflows
  • Examine a Manual Interaction Form
  • Create and Deploy a Simple Workflow Using Flowable UI
  • Create and deploy a new workflow from scratch
  • Learn How to Start an Approval Workflow as part of Synchronising Identites
  • Test How to Call a Workflow from a Sync Mapping


Chapter 5: Installing and Deploying IDM

Install and deploy IDM in an on-prem or cloud provider Linux environment.

Lesson 1: Installing IDM

Install a stand-alone IDM instance for development and testing the IDM sample configurations:

  • Describe the basic IDM installation requirements for deploying IDM
  • Describe how to install and start IDM
  • Install and start IDM
  • Describe how to start IDM with a sample
  • Start IDM with a sample configuration
  • Describe how to configure IDM to run as a background process or service
  • Configure IDM to run as a background process

Lesson 2: Deploying IDM in a Cluster

Deploy multiple IDM instances in a cluster:

  • Describe deploying IDM in a cluster
  • Describe how to manage nodes in a cluster
  • Add an IDM instance to a cluster

Lesson 3: Monitoring and Troubleshooting

Describe how to set up monitoring and perform basic troubleshooting:

  • Describe the monitoring options available for IDM
  • Set up monitoring in IDM
  • Describe the different IDM log files
  • Examine the different log files in IDM
  • Describe the additional help troubleshooting outside of IDM
  • Get additional help troubleshooting outside of IDM (Optional)

Lesson 4: Implementing Explicit Mapping

Explore the differences between generic and explicit mapping, and implement each in an external DS and JDBC repository:

  • Describe the differences between generic and explicit mapping
  • Describe how to implement explicit mapping with a JDBC repository
  • Implement generic mappings with a JDBC repository
  • Implement explicit mappings with a JDBC repository
  • Describe how to implement explicit mappings with a DS repository
  • Implement explicit mappings with a DS repository

Lesson 5: Managing IDM in a Cluster

Manage IDM in a cluster environment:

  • Describe how to distribute reconciliation operations across a cluster
  • Enable clustered reconciliation on a sync mapping
  • Schedule tasks across the cluster
  • Scalability and High Availability

Lesson 6: Delegating Administration

Delegate the administrative privileges to a group of managed users for managing end user identities in IDM:

  • Describe how to set up delegated administration
  • Describe the privilege model
  • Add a new internal role and set up privileges to delegate administration

Lesson 7: Upgrading IDM

Upgrade an IDM instance:

  • Describe how to upgrade a stand-alone IDM instance
  • Describe how to migrate an IDM configuration
  • Describe how to update the IDM repository
  • Describe how to migrate IDM data
  • Describe how to upgrade a cluster deployment
  • Upgrade a stand-alone IDM instance