This session will discuss the reasons and methods for integrating Novell Access Governance Suite with your existing Novell Identity Manager implementation. You will learn how to implement the integration and what benefits you will realize from doing so.

1. Integrating Novell Access Governance
®
Suite with Novell Identity Manager
Steve Lewis
Identity Compliance Specialist
Novell, Inc. /slewis1@novell.com

2. Agenda
Access Governance Suite Overview
– Certification Manager
– Role Manager
Roles Based Provisioning Manager Overview
– The 3 R's of Provisioning
Access Governance Suite/ Roles Based Provisioning
Module Integration
Demo
2 © Novell, Inc. All rights reserved.

3. Access Governance Suite
Overview

4. Novell Access Governance Suite
®
(AGS)
Business-driven
accountability, visibility and certification
Compliance
Certification
Manager
Roles Lifecycle
Manager
4 © Novell, Inc. All rights reserved.

5. Effective Governance of Access
Requires a Dynamic, Ongoing Process
Regular Review and
Analytics for Certification of User
Decision Support Access
Change Management
for User Access
Discovery and
Collection of
User Access
Information
Orchestration of
Controls to Remediate
Inappropriate Access
Role Design and
Maintenance
5 © Novell, Inc. All rights reserved.

6. Novell Access Governance Suite
®
Enabling Access Certification
• Business-oriented certification process
– Provides business context with insightful analytics
– Highly personalized business dashboards
• Continuous, business-event-driven, or cyclical
frequency
• Process to initiate remediation of inappropriate access
• Auditable evidence of access compliance
6 © Novell, Inc. All rights reserved.

7. Novell Access Governance Suite
®
Delivering Role Lifecycle Management
• Effective, flexible model for defining enterprise roles
– Role discovery, business role modeling and change
management (top-down and bottom-up)
– Mapping of business roles to IT roles
– Collaborative review, design and approval of roles
• Continuous process for role lifecycle management
– Analytics provide insightful decision support information
• Roles capability and comprehensive reporting provide
sustainable compliance
7 © Novell, Inc. All rights reserved.

8. Role Based Positioning Module (RBPM)
Overview

9. A Balanced Approach to Provisioning
Novell provides:
®
Role Based
Easiest to define and maintain
Most integrated governance Provisioning
Integrated monitoring
Least expensive Heavy implementation
Most coverage and maintenance effort
Optimum effectiveness
and efficiency
Rules-based Request-based
Provisioning Provisioning
Difficulty in Governance Operational Nightmare
An integrated provisioning approach usually provides the best all-around
results for security, efficiency and flexibility
9 © Novell, Inc. All rights reserved.

10. Roles Based Provisioning Module
(RBPM)
• Roles Module for Novell Identity Manager (IDM)
®
– An RBAC/Compliance solution, nicely integrated with Novell's
product line, and open to accommodating
specialized/custom/best-of-breed solutions
– Addresses the most common customer use cases:
> Role-based assignment of resources and permissions
> Runtime enforcement of compliance rules, including separation of duties
(SoD)
> Management of the compliance process (reporting, review of authorizations,
re certification business process, etc.)
10 © Novell, Inc. All rights reserved.

11. Integrated Roles Infrastructure
• Built into the infrastructure of the Novell Identity and ®
Security product line
– Role objects located within the Identity Vault
> available to be leveraged across the product line and beyond
– Accessible via the Identity Manager User Application portal and
iManager
> administration and end-user interfaces are already familiar
– Leverages the Identity Manager approval workflow system
> unified method of requesting and re-certifying resources
– Ties into Identity Manager event system and services
> immediate policy enforcement
11 © Novell, Inc. All rights reserved.

12. IDM/RBPM and AGS Integration

13. Integration
• Role Engineering
– Collect Roles from RBPM/IDM
– Collect Entitlements from RBPM/IDM
– Model Roles with RBPM/IDM entitlements
– Publish Roles with RBPM/IDM entitlements to AGS
– Use Roles for Provisioning and De-provisioning
• Certification Reviews
– Revocation of Role memberships in AGS will flow to RBPM
– All entitlements associated with the Roles will be
De-provisioned
13 © Novell, Inc. All rights reserved.

14. Demo

16. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.