Common Preparation Tasks

In this chapter are described preparation tasks, which needs to be implemented before actual configuration can start.

1. Connection

Make sure that needed VPN-tunnels, certificates, secret keys, firewall openings, credentials etc. are implemented and delivered according to definitions.

2. New Cloud component migration

Customers cloud environment need to use Efecte Secure Access and Efecte Provisioning Engine components. If Efecte Identity Management (EIM) component is used, new cloud components needs to be migrated before configuration can be implemented. 

3. Licenses 

Make sure the environment includes product license for IGA solution. System status and runtime information - Enabled modules should include Efecte IGA. 

In case this is not present, contact Efecte Service Desk for creation and implementation of new product license, which includes this. After product license is included, a root user should see the IGA module in ESM administration, under Templates.

1. General Settings

Please validate following settings:

1. Email server settings

2. Efecte Self-Service Portal settings

3. Approval settings

2. Configure Authentication

Authentication is configured in Efecte Service Management -platform and in Efecte Secure Access component.

1. Scheduled task for authentication Efecte Service Management -platform

2. Efecte Secure Access configuration is made according to defined authentication method

• User Federation
  
  
• Azure SSO
  
  
• ADFS

3. Configure Provisioning

Provisioning need to be configured correctly, since in IGA starter package Efecte IGA solution is reading but also writing data towards the directory. 

1. Scheduled-based provisioning task needs to be configured first

• For AD or Azure AD data read (users & groups)
  
  
• You need to configure following scheduled-based provisioning tasks:

2. Event-based provisioning tasks are configured next

• For writing group membership information to AD or Azure AD
  
  
• You need to configure following event-based tasks: 

3. Provisioning has now been configured and workflows can define which directory Customer is using based on provisioning task configuration

1. Setting Up IGA Templates and Folders

Follow instructions step-by-step!

1. Import templates

• IGA Access Right Record
  
  
• IGA Account
  
  
• IGA Account Action
  
  
• IGA Administration Task
  
  
• IGA Automated Rule
  
  
• IGA Business Role
  
  
• IGA Entitlement
  
  
• IGA Request Catalog
  
  
• IGA Identity Storage
  
  
• IGA Import Template
  
  
• IGA Project Management
  
  
• IGA Re-certification request
  
  
• IGA Service Request
  
  
• IGA Service Request Bundle
  
  
• IGA Set Account information
  
  
• ÏGA Toxic Combinations
  
  
• IGA Work period

2. Create permission roles for IGA

• IGA StarterAdmin
  
  
  • Access to IGA administration tasks
    
    
  • No access to configuration
    
    
• IGA StarterModule Admin
  
  
  • Same access what IGA Starter Admin has, but also access to configuration
    
    
• IGA ESS Admin
  
  
  • This role has access to ESS Admin
    
    
• WebapiEPE
  
  
  • Remember create also WebapiEPE user
    
    

3. Create folders into IGA module, with selected templates allowed and access rights configured.

• Access right records [code: access_right]
  
  
  • IGA Access Right Record
    
    
• Account Management Actions [code: account_management_actions]
  
  
  • IGA Account Action
    
    
• Business roles [code: business_roles]
  
  
  • IGA Automated Rule
    
    
  • IGA Business Role
    
    
  • ÏGA Toxic Combinations
    
    
• Identity Storage [code: initial_persons]
  
  
  • IGA Identity Storage
    
    
  • IGA Work period
    
    
• IGA service requests [code: IGARequests]
  
  
  • IGA Service Request
    
    
  • IGA Service Request Bundle
    
    
• IGA Set Format [code: iga_set_format]
  
  
  • IGA Set Format
    
    
• IGA tasks [code: iga_tasks]
  
  
  • IGA Administration Task
    
    
• Re-certificate [code: re_certificate]
   
  • IGA Re-certification request

3. Create folders into Organization module, with selected templates allowed and access rights configured.

• Accounts [code: accounts]
  • IGA Account
    
    
• Entitlements [code: entitlements]
  
  
  • IGA Entitlement
    
    
  • IGA Request catalogue
    
    
• IGA project management [code:iga_project_mgm]
  
  
  • IGA project management

2. EPE & ESA Preparations

Notice, that Efecte Secure Access (ESA) and Efecte Provisioning Engine (EPE) components needs to be migrated to the Customers Efecte Cloud environment. If installations are missing, please contact your project coordinator for creating installation request to Efecte Cloud Ops team.

You also need password for ESA main.admin account. 

3. Setting Up Provisioning

• Reading Data from AD
  
  
• EFECTE_IAM 
  
  
• Efecte IAM AD group add 
  
  
• Efecte  IAM Access right

2. Import IGA Starter + add-on package

• All provisioning tasks from IGA Starter package and
  
  
• Efecte_IAM update user
  
  
• Efecte_IAM_External
  
  
• Efecte_IAM_Internal
  
  
• IGA User verification

3. Fill in connection settings for each imported provisioning task

Each provisioning task needs information to be able read or write data towards Customers directory. Please notice that information needed for connection settings varies between directories.

4. Setting Up Efecte Self-Service Portal

1. Set up ESM organization data connector

Connector between Efecte Self-Service Portal and Efecte Service Management -platform need to be configured according to instructions.

• IGA Access Right
  
  
• IGA Access right category 1ext
  
  
• IGA Access Right for Manual Provisioning
  
  
• IGA Access rights category 1
  
  
• IGA Access rights category 2
  
  
• IGA Access rights category 2 ext
  
  
• IGA Active access right
  
  
• IGA Applications
  
  
• IGA Employees
  
  
• IGA Entitlements

• Request Access Right for Subordinate
  
  
• Request Access Rights for External Users
  
  
• Remove Access Right Subordinate
  
  
• Request Access Rights
  
  
• Remove Access Rights

4. Import IGA Starter + Add-on package, it includes 

• All services from IGA Starter package
  
  
• Onboard for Internal Users
  
  
• Onboard for External Users

5. Import Default Datacards

Choose correct package for data card import.

1. Import data cards for IGA Starter package into environment. IGA data cards package includes:

• ESM IGA Starter Self-Service item datacards.xml
• ESM IGA Starter Support group datacard.xml
  
  

2. Import data cards for IGA Starter + add-on package, it includes

• All default data cards from IGA Starter package
  
  
• IGA Set Account information default data cards

6. Setting Up Workflows

Choose correct package for workflow import:

1. Import workflow package to environment. It includes:

IGA Service Request

• 2.0 Manager Adds Rights to Others 
• 2.1 Manager Remove Rights from Other
• 2.3 Users Adds Rights for Themselves
• 2.4 Users Remove Rights from Themselves

IGA Access Right Record

• Add User to AD-group
  
  
• IGA Access Right Record from

IGA Account Action

• Account Management Action Workflow

2. Import IGA Starter + add-on package, it includes

• All workflows from IGA Starter package
  
  
• 1.0 Create or Update User in AD
  
  
• 1. Create or Update user to AD

7. Import Default Views

1. Import views package into the Customers environment, it includes: