Certification of CA Identity Manager Groups with CA Governance Minder

18 Oct

CA Governance Minder and Identity Minder integration supports certification of provisioning roles of Identity Minder.  This article will provide a method of using CA Governance Minder’s Pentaho Data Integration (PDI) utility to import CA Identity Minder groups for certification in CA Governance Minder.

Conversion Process:

On IdM import, users and provisioning roles are returned from IdM to GM

The PDI utility is executed post import and accomplishes the following:

  • Removes the user to provisioning role relationship by deleting all provisioning roles in the GM universe.
  • Connects to the IdM LDAP user store, retrieves IdM groups and creates the IdM groups as roles in the GM universe.
  • Assigns the GM users to the groups based upon a custom multi-valued LDAP user attribute that exists on each user that represents the membership of user to group.
  • After the above is finished, accomplishes the same on the GM model universe.

Pentaho Script

The PDI attached to this article demonstrates the user of integration between CA GM and IdM using Pentaho using the following Pentaho techniques:

  • Uses GM PDI processes to access GM resources.
  • Uses PDI LDAP processes to retrieve IdM users and groups from the user store
  • Performs transformations and validations on IdM information retrieved including parsing of LDAP DN’s, data validation, filtering, and merging.

The following link contains the Pentaho script that accomplishes the above tasks:





Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: