PROBLEM: User of both DRA and IDM are required to maintain the business logic for how identity information is to be provisioned into Active Directory and sync'd back to the Identity Vault in two different systems. One for initial, Day 0 / Day 1, provisioning and Day X deprovisioning, and the other for Day 2 - Day X operational administration.

PROBLEM: Users of both DRA and IDM are required to manually assemble audit reporting from two separate systems in order to attempt to get a complete picture of what actions have been done to or through an AD account as it relates to identity

PROBLEM: Users of DRA when opening a user in the DRA console would benefit from knowing one or more pieces of identity information that is maintained in the Identity Vault

IDEA:

An integration be established between DRA and IDM that would accomplish the following

1. Enable IDM to provision into and query information out of Active Directory leveraging DRA as a full substitute for the IDM Windows or IDM Windows Fanout drivers when both products exist within an organization

2. Enable activities done to and through an account in Active Directory performed by IDM to be captured and recording in DRA's audit and reporting infrastructure

3. Enable DRA to appear as a legitimate IDM driver to IDM enabling a consistent configuration and user experience in IDM

4. Enable DRA to leverage roles created in IDM and have those roles sync'd with DRA roles

5. Enable IDM provisioning to leverage DRA triggers, and workflows that may exist for operational administration control in order to unify where identity provisioning and operational administration business logic reside

6. Enable IDM to access multiple domains and multi-forrest implementations leveraging DRA and DRA policy, triggers, and workflow capabilities

WHO Benefits:

1. Operations teams required to support and maintain both IDM and DRA. Input / Output to Activie Directory directed through unified channel

2. Operational efficiency - maintain AD provisioning and operational information in single location

3. Audit and compliance - Unified audit reporting simplifies the evidencing and reporting process

4. Security Operations - Security Monitoring (i.e. SIEM ) integration with DRA also captures IDM AD Activity.

Comments