ForgeRock® Identity Management Deep Dive

IDM-420

ForgeRock® Identity Management Deep Dive

Learn how to install and deploy ForgeRock® Identity Management (IDM) in an on-prem or self-managed cloud environment to manage the lifecycle and relationship of digital identities. Topics include how to model identity objects in IDM, create connector configurations and synchronization mappings to manage the flow identity objects and properties with various external identity resources, manage workflows, and deploy IDM within a cluster. This course explores the identity management-related features in depth, how they work, and the configuration options available during implementation.

Upon completion of this course, you should be able to:

  • Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM
  • Create and configure connections between external resources and IDM
  • Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store
  • Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process
  • Install and deploy IDM in an on-prem or cloud provider Linux environment

The target audiences for this course include:

  • System Administrators
  • System Integrators
  • System Consultants
  • System Architects
  • System Developers

The following are the prerequisites for successfully completing this course:

  • Completion of the ForgeRock® Identity Management Essentials course
  • Basic knowledge and skills using the Linux operating system will be required to complete the labs.
  • Basic knowledge of JSON, JavaScript, REST, Java, Groovy, SQL and LDAP would be helpful for understanding the examples; however, programming experience is not required.

Chapter 1: Modeling Objects and Identities

Model identity objects, their identity properties, and the relationships between objects, onto existing or new managed objects within IDM.

Lesson 1: Modeling an Identity Profile

Learn about the different object types in IDM, and how you can model a custom identity profile onto a managed object in IDM:

  • Describe an IDM deployment and the UIs
  • Access and explore the IDM deployment and UIs
  • Review the IDM documentation
  • Describe the different object types in IDM
  • Map an identity object to a managed object
  • Describe how to model a managed user object
  • Model a managed user object in IDM
  • Describe how to create a new device managed object
  • Create a new device managed object

Lesson 2: Querying IDM Objects

Use the IDM REST interface to query IDM objects:

  • Describe how to query objects using the REST interface
  • Configure Postman to query IDM
  • Query IDM objects using Postman

Lesson 3: Managing Relationships

Create and manage the relationship between managed objects:

  • Describe the purpose of relationships
  • Create and query an object relationship
  • Describe the visualization of relationships
  • Create a dashboard to visualize relationships (optional)
  • Describe the relationship properties
  • Describe how relationships are configured
  • Create a new relationship between managed user objects (optional)
  • Describe the relationship between device managed objects and user managed objects
  • Set up a relationship between device managed objects and user managed objects

Lesson 4: Managing Organizations

Set up managed organizations to delegate user administration based on the owner of hierarchical trees:

  • Describe the roles and privileges within an organization
  • Implement the organization example (optional)

Chapter 2: Managing Connectors

Create and configure connections between external resources and IDM.

Lesson 1: Configuring Connectors With the IDM Admin UI

  • Describe how to connect external resources to IDM
  • Describe the process for creating a connector configuration using the IDM Admin UI
  • Add a connector configuration for an external LDAP resource
  • Describe how to add a CSV connector configuration
  • Add a connector configuration to import device identities

Lesson 2: Configuring Connectors Over REST

  • Describe the process for creating a connector configuration over REST
  • Describe the core connector configuration settings
  • Describe the object types and property mappings
  • Generate a full connector configuration JSON object over REST (optional)

Lesson 3: Connecting to Databases

Describe the ICF connectors for connecting to databases, and how to create connector configurations to access identity data stored in SQL databases:

  • Describe how to use the Database Table Connector
  • Configure the Database Table Connector (optional)
  • Describe how to use the Scripted SQL Connector
  • Create a scripted SQL connector configuration (optional)

Lesson 4: Connecting to External Resources Using a Scripted REST Connector Configuration

  • Describe the use cases for using a scripted REST connector
  • Connect to DS using the scripted REST connector (optional)

Chapter 3: Managing Synchronization and Reconciliation

Synchronize identity data across multiple external resources, in real-time or by scheduling reconciliation events, and consolidate multiple identity data stores into one centralized identity store.

Lesson 1: Performing Basic Synchronization

Describe how to use the IDM Admin UI to create sync mappings to reconcile identities between IDM and an external resource:

  • Describe how to create mappings to synchronize identity objects and properties
  • Describe how to create a sync mapping from IDM to an external resource
  • Describe how to add source and target properties to the sync mapping
  • Describe how to add a correlation query and a situational event script
  • Describe how to set the situational behaviors and run reconciliation
  • Add a sync mapping from IDM to an LDAP server
  • Describe the sync mapping from an LDAP server to IDM
  • Add a sync mapping from an LDAP server to IDM
  • Describe how to create a sync mapping to provision devices to the IDM repository
  • Create a sync mapping to provision devices to the IDM repository (optional)

Lesson 2: Running Selective Synchronization and LiveSync

Filter objects that are synchronized and automate synchronization using LiveSync:

  • Describe the different methods that you can use to filter entries
  • Run selective synchronization using filters
  • Describe how to use LiveSync to synchronize changes
  • Trigger LiveSync on a connector
  • Describe how to schedule LiveSync
  • Schedule LiveSync with an external resource
  • Describe how to control synchronization to multiple targets

Lesson 3: Configuring Role-Based Provisioning

Automatically provision users to a set of LDAP groups based on role membership:

  • Describe how to provision attributes to a target system based on static role assignments
  • Describe the steps to enable role-based provisioning
  • Query the role assignment properties using the REST interface
  • Provision attributes to a target resource based on static role assignments
  • Describe how to provision attributes to a target system based on dynamic role assignments
  • Provision attributes to a target resource based on dynamic role assignments
  • Describe how to add temporal constraints to a role
  • Add temporal constraints to a role

Chapter 4: Getting Started With Workflow

Use the sample workflows included with IDM to learn how to introduce business logic into the provisioning process.

Lesson 1: Deploying and Starting a Workflow

Enable the workflow engine in IDM and deploy a sample workflow to learn how to manage workflow tasks and processes in the IDM Admin UI, IDM End User UI, and REST interface:

  • Describe use cases for workflows
  • Prepare IDM to run the sample workflow
  • Run the sample workflow
  • Describe how workflows are implemented
  • Describe workflow related tasks
  • Describe workflow instances
  • Enable the workflow service and examine a sample workflow

Lesson 2: Deploying and Creating a Workflow

Examine, deploy, change, and start the contractor onboarding workflow process that provisions a new user:

  • Describe the structure of workflow files
  • Describe how to model workflows
  • Examine the Flowable UI
  • Examine the contractor onboarding workflow
  • Describe how to use forms in workflows
  • Examine a manual interaction form
  • Create and deploy a simple workflow
  • Create and deploy a new workflow from scratch
  • Describe how to start an approval workflow
  • Call a workflow from a sync mapping

Chapter 5: Installing and Deploying IDM

Install and deploy IDM in an on-prem or cloud provider Linux environment.

Lesson 1: Installing IDM

Install a stand-alone IDM instance for development and testing the IDM sample configurations:

  • Describe the basic IDM installation requirements
  • Describe how to install and start IDM
  • Install and start IDM (optional)
  • Describe how to start IDM with a sample
  • Start IDM with a sample configuration (optional)
  • Describe how to configure IDM to run as a background process or service
  • Configure IDM to run as a background process (optional)

Lesson 2: Deploying IDM in a Cluster

Deploy multiple IDM instances in a cluster:

  • Describe deploying IDM in a cluster
  • Describe how to manage nodes in a cluster
  • Add an IDM instance to a cluster

Lesson 3: Monitoring and Troubleshooting

Describe how to set up monitoring and perform basic troubleshooting:

  • Describe the monitoring options available for IDM
  • Set up monitoring in IDM
  • Describe the different IDM log files
  • Examine the different log files in IDM (optional)
  • Describe the additional help troubleshooting outside of IDM
  • Get additional help troubleshooting outside of IDM (optional)

Lesson 4: Implementing Explicit Mapping

Explore the differences between generic and explicit mapping, and implement each in an external ForgeRock® Directory Service (DS) and JDBC repository:

  • Describe the differences between generic and explicit mapping
  • Describe how to implement explicit mapping with a JDBC repository
  • Implement generic mappings with a JDBC repository
  • Implement explicit mappings with a JDBC repository
  • Describe how to implement explicit mappings with a DS repository
  • Implement explicit mappings with a DS repository

Lesson 5: Managing IDM in a Cluster

Manage IDM in a cluster environment:

  • Describe how to distribute reconciliation operations across a cluster
  • Enable clustered reconciliation on a sync mapping
  • Schedule tasks across the cluster
  • Review sizing and scaling resources

Lesson 6: Delegating Administration

Delegate the administrative privileges to a group of managed users for managing end user identities in IDM:

  • Describe how to set up delegated administration
  • Describe the privilege model
  • Add a new internal role and set up privileges to delegate administration

Lesson 7: Upgrading IDM

Upgrade an IDM instance:

  • Describe how to upgrade a stand-alone IDM instance
  • Describe how to migrate an IDM configuration
  • Describe how to update the IDM repository
  • Describe how to migrate IDM data
  • Describe how to upgrade a cluster deployment
  • Upgrade a stand-alone IDM instance

Upcoming Classes

Dates Location GTR  
Feb 20-24 (10am-6pm) EST
Mar 27-31 (10am-6pm) EDT
May 1-5 (10am-6pm) EDT

Questions?

Whether you need assistance scheduling a class for yourself or for your group, GCA's Education Account Manager's will craft a customized training solution to meet the needs of your organization.