Classes Questions 8.2- 1&2 Flashcards
How to launch IdentityIQ console?
/home/spadmin/tomcat/webapps/identityiq/WEB-INF/bin
./iiq console -j
-j lets you see old commands
How to get IIQ version information?
iiq console command about
or Wrench(icon) –> About
Menus Available to System Administrators
Home, Identities, Intelligence, My Work, Application, Setup
Nine Sections Available to System Administrators
UHAAARPEE
User Rights
History
Attributes
Activity
Applicaiton Accounts
Risk
Policy
Entitlements
Events
Refresh Option:
Refresh only accounts with application Active Directory
Using String filter:
links.application.name == “Active Directory”
Where do you redirector IIQ emails?
Gear > Global Settings > IdentityIQ Configuration > Email Settings
What is a group?
Sets of identities created automatically based on the values of a single identity attribute
Where was this attribute classified as searchable?
Gear > Global Settings > Identity Mappings
Populations and groups are used to
specify sets of identities to include in various activities
Workgroups are used to
Assigning access to IdentityIQ
* Capabilities
* Scopes
Sharing IdentityIQ responsibilities
* Team-assigned work items
* Object ownership (best practice)
* Applications, Certifications, Roles, Entitlements, etc.
Group Factories
Because you defined the Identity Attribute as a group factory when you defined the identity mappings, IdentityIQ can generate groups of identities based on this field.
- Support dynamically generated groupings of identities based on the attribute Example: Region attribute — all users are grouped by their region
- Groups used to filter identities included in actions
Example: Run report for identities with region: Europe
Refresh Options
How to refresh a single user “john.doe”
name == “joe.doe”
in Optional String filter
Entitlement Functionality
Designates an attribute that represents
entitlements on the native application. Used to
promote an identity’s value(s) for this attribute to
their Entitlement tab on their Identity Cube
Multi-Valued Functionality
Designates an attribute that has multiple values
What is the connectorDebug command?
The connectorDebug command is used to test a connector or troubleshoot application aggregation issues. Its method parameters determine what is tested and how.
Syntax
connectorDebug <applicationName> <method> [methodArgs…]</method></applicationName>
Aggregation options:
Detect deleted accounts
Delete accounts in IdentityIQ that no longer exist in the native application
Aggregation options:
Disable optimization of unchanged
accounts
Force all accounts to be read, even if unchanged since the last aggregation
Aggregation options:
Promote managed attributes
This option causes IdentityIQ to examine the set of entitlements that exist on all links for an application and create ManagedAttribute (entitlement catalog) entries for each entitlement detected on accounts aggregated from the application.
Where is Pass-Though Authentication enabled?
Gear > Global Settings > Login Configuration -> Login Settings tab
Refresh Option:
Refresh identity attributes
This option causes the identity refresh task to re-evaluate all of the extended attributes of the Identity objects.
This means IdentityIQ will re-evaluate mappings and attribute mapping rules for each Identity object covered in the refresh. Identity attributes are updated by default during account aggregations so this option is not always necessary if direct mapping is used for all Identity attributes. This option can have performance impacts if slow or complex attribute promotion bean shell code is in place on the installation.
