Support for Roles in the IDM Connector for Access Governance (ICAG)

  • 7017000
  • 17-Nov-2015
  • 17-Nov-2015


NetIQ Access Governance Suite 6.1
NetIQ Access Governance Suite 6.2
NetIQ Access Governance Suite 6.3
NetIQ Access Governance Suite 6.4


Provisioning Roles

Roles are not directly provisioned. Access Governance Suite (AGS) models roles on the IDM User Application roles but does so by decomposing the business role into managed entitlements, that must be granted on the connected system. The entitlements are determined for the role based on its profile.

From the IDM connector's (ICAG) point of view, it does not know that a role has been assigned or de-assigned, it just knows that (decomposed) entitlements (required by the role) have been added or removed from a provisioning plan.

Provisioning Entitlements

Entitlements may be granted or revoked from the Dashboard, using the "shopping cart." The AGS Managed Entitlements equate to IDM Resource object assignments in the Identity Vault.