ForgeRock Identity Governance Workshop (IDM-520)
This expert-led workshop leads students through how to configure and use Access Request to enable end users to request access to various entitlements, configure and use Access Review to create certification campaigns that certify user and role access, and configure and use Identity Reporting to create reports for auditing purposes.
The final chapter covers installing the new ForgeRock Identity Governance software available for existing ForgeRock® Identity Management (IDM) deployments. Students install the software within a given IDM deployment, and then learn how to seed governance data for development purposes.
Note: Revision A of this course is built on version 1.0 of Access Request, 2.6 of Access Review, and 1.1 of Identity Reporting.
This workshop is aimed at technical audiences who are responsible for deploying and utilizing the ForgeRock Identity Governance software within a IDM deployment.
Upon completion of this course, you should be able to:
- Provide an overview of ForgeRock Identity Governance and related software in context with the ForgeRock Identity Platform™.
- Perform the administrative and end user tasks necessary to create and use the request access features of Access Request.
- Perform the Access Review administrative governance tasks necessary to create and run user and role certification campaigns.
- Use the Identity Reporting feature to upload the necessary SQL queries to generate reports, configure the connections to the target database sources, and create report schedules.
- Install the Access Review, Access Request, and Identity Reporting software modules on top of an existing IDM deployment to enable the services of ForgeRock Identity Governance.
Note that a handout is included with the workshop to help you stay on track and provide topics for discussion. The handout is not a workbook with detailed, step-by-step instructions.
The following are the prerequisites for successfully completing this course:
- Completion of the ForgeRock® Identity Management (IDM) Core Concepts course.
- Basic knowledge of IDM managed objects, the related schemas, connectors to external resources, and synchronization mappings help in understanding the identity governance-related administrator tasks.
- Knowledge of LDAP and LDAP groups would also be helpful.
Chapter 1: ForgeRock Identity Governance Overview
Lesson 1: Getting Started with Identity Governance
- Describe the role of ForgeRock Identity Governance in the ForgeRock Identity Platform
- Describe the features and benefits provided by Access Request
- Describe the features and benefits provided by Access Review
- Describe the features and benefits provided by Identity Reporting
- List the resources available for implementing ForgeRock Identity Governance
Lesson 2: Assessing the Identity Governance Environment
- Describe the identity management and identity governance roles
- View the seeding data and IDM deployment configuration
- Identify identity governance data
Chapter 2: Access Request
Lesson 1: Getting Started With Access Request
- Describe the main use cases for Access Request
- Describe the roles and responsibilities in managing and using Access Request
- Describe a typical access request process flow
Lesson 2: Configuring Access Request
- Configure the default approvers, display, and search properties
- Update the email notification templates
Lesson 3: Managing Access Requests
- Request access with auto-approval
- Create a requestable bundle
- Create additional access requests (optional challenge)
Lesson 4: Managing the Glossary
- Define the purpose of the Glossary
- Describe how to define a glossary item
- Update the glossary for a new role
Chapter 3: Access Review
Lesson 1: Getting Started With Access Review
- Describe the main use cases for Access Review
- Describe the roles and responsibilities for managing and using Access Request
- Describe a typical access review process flow
Lesson 2: Configuring Access Review
- Describe the global system settings
- Configure the glossary for Access Review
- Modify the notification templates
Lesson 3: Managing User Certifications
- Validate that an end user should have access to an entitlement
- Verify a user certification campaign
- Use the scheduler to launch a user certification process on a periodic basis
- Trigger a user certification based on a user property change
- Define a multi-stage user certification
- Test workflow remediation to revoke a role
Lesson 4: Managing Policy Violations
- Describe the policy violation features
- Describe a typical policy violation process flow
- Create a policy violation rule that detects a toxic combination and remediate as the policy owner
Lesson 5: Managing Role Certifications
- Describe a typical role management process flow
- Create a role certification
Chapter 4: Identity Reporting
Lesson 1: Getting Started With Identity Reporting
- Describe the role and main use case for using Identity Reporting
- Upload the SQL queries for Identity Reporting
- Configure the data sources for accessing report data
- Generate an on-demand report
Chapter 5: Installing ForgeRock Identity Governance
Note that the installation of the ForgeRock Identity Governance software requires more knowledge of IDM than the previous chapters. This chapter can be optional for those not responsible for the installation.
Lesson 1: Installing Access Request
- List the prerequisites for adding Access Request
- Install Access Request
- Perform post-installation tasks
Lesson 2: Installing Access Review
- List the prerequisites for adding Access Review
- Install Access Review
- Perform post-installation tasks
- Explore the changes made to IDM after installing Access Review
Lesson 3: Installing Identity Reporting
- List the prerequisites for using and installing Identity Reporting
- Install Identity Reporting
- Verify Identity Reporting is installed and operational
Lesson 4: Seeding IDM with Identity Governance Data
This lesson is optional, as the method for seeding IDM with identity governance data will vary from developer to developer. Also important is that this seeding script and data might not be available to those outside of ForgeRock.
- Describe the given seeding script package
- Prepare the IDM deployment
- Seed the IDM deployment with identity governance data
- Validate the seeding data and configuration