Users Request and Provisioning Flashcards by James Huggard

What is #1 defining?

Quicklinks

Who can request for this Quicklink.

Creating a group of users for this quicklink.

How well did you know this?

Not at all

Perfectly

What is #2 defining?

Quicklinks

Which users can be targeted/request access for.

Creating a group of users for this quicklink.

How well did you know this?

Not at all

Perfectly

What is #3 defining?

Quicklinks

What can be requested (access).

Creating a group of users for this quicklink.

How well did you know this?

Not at all

Perfectly

What can you request with #1.

Add or remove roles/entitlements

How well did you know this?

Not at all

Perfectly

What can you request with #2.

Request, delete, modify accounts.

How well did you know this?

Not at all

Perfectly

What can you request with #3.

Changed passwords on managed systems or IdentityIQ

How well did you know this?

Not at all

Perfectly

Important note to know about access given in Quicklinks.

Access is cumulative

How well did you know this?

Not at all

Perfectly

List possible Provisioning Policies.

CUUPEDD
- Create
- Update
- Unlock
- Password
- Enable
- Delete
- Disable

How well did you know this?

Not at all

Perfectly

Where do you go to Configure Account Dependency

Navigate to Applications > Application Definition in the IdentityIQ UI.
Select the application for which you want to define dependencies.
Go to the Provisioning Policies tab.
Under Application Dependencies, specify the dependent applications and their required fields.

How well did you know this?

Not at all

Perfectly

Lifecycle Event possible Event Types

CRAMRAN
- Create
- Rule
- Attribute Change
- Manager
- Rapid Setup
- Alert
- Native Change

How well did you know this?

Not at all

Perfectly

List the IdentityIQ actions that can trigger provisioning

User Initiated Actions
System Initiated Actions
Lifecycle Event-Driven Provisioning

How well did you know this?

Not at all

Perfectly

List possible User Initiated Provisioning

CLAP
Certifications
Lifecycle Manager
Access Requests
Policy Violations

How well did you know this?

Not at all

Perfectly

List possible System Initiated Provisioning

BAIR
Background Reconciliation
Aggregation
Identity Refresh-Driven Assignments
Role Assignments

How well did you know this?

Not at all

Perfectly

List possible Lifecycle event initiated Provisioning

Joiner
Leaver
Manager Transfer
Reinstate

How well did you know this?

Not at all

Perfectly

What are Lifecycle Events?

Activities that happen in the normal course of a person’s employment
* Joining the company (joiners)
* Changing departments/managers (movers)
* Leaving the company (leavers)

How well did you know this?

Not at all

Perfectly

Describe the process of Attribute Synchroniztion

Attribute synchronization is an automated process of synchronizing changes to Identity Cube identity attributes (such as name, email, or department) from an authoritative source to target systems.

How well did you know this?

Not at all

Perfectly

Yes or No

Attribute Synchronization is Triggered by Aggregation

YES

How well did you know this?

Not at all

Perfectly

Yes or No

Attribute Synchronization is Triggered by editing identity in UI.

Yes

Direct Edit to an Identity or Aggregation (Synchronize Attributes refresh option)

How well did you know this?

Not at all

Perfectly

What can you create provisioning requests for in IdentityIQ?

Certifications,
Policy Violations,
Identity Refresh-Driven Assignments,
Lifecycle Manager Requests,
Lifecycle Event-Driven Provisioning

These actions represent different scenarios under which provisioning requests can be initiated.

How well did you know this?

Not at all

Perfectly

Fill in the blank: You can create provisioning requests in IdentityIQ using _______.

CLLIP
Certifications,
Lifecycle Manager Requests,
Lifecycle Event-Driven Provisioning,
Identity Refresh-Driven Assignments,
Policy Violations

How well did you know this?

Not at all

Perfectly

Yes or No

Identity Refresh-Driven Assignments can be used to create provisioning requests in IdentityIQ.

Yes

How well did you know this?

Not at all

Perfectly

Yes or No

Identity Refresh-Driven Assignments can be used to create provisioning requests in IdentityIQ.

Yes

How well did you know this?

Not at all

Perfectly

Yes or No

Manage Access can be used to create provisioning requests in IdentityIQ.

How well did you know this?

Not at all

Perfectly

Yes or No

Policy Violations can be used to create provisioning requests in IdentityIQ.

Yes

How well did you know this?

Not at all

Perfectly

# Yes or No Entitlements can be used to create provisioning requests in IdentityIQ.

# Yes or No Provisioning request created by a Identity refresh creates a workflow case.

Yes

# Yes or No Provisioning request created by a certification creates a workflow case.

# Yes or No Provisioning request created by a Lifecycle Manager Request creates a workflow case.

Yes

# Yes or No The owner on an Role is ususally the violation owner.

No | Manager is the correct answer

# Yes or No Only the remediations of roles or entitlement Non-SOD Policy Violations generate a provisioning request to revoke invalid access.

No | Only SOD policy Violations

# Yes or No You can create policy violation remediation requests from Lifecycle Manager

# Yes or No You can create policy violation remediation requests from Policy owner's Policy Violation page

Yes

# Yes or No You can create policy violation remediation requests from a certification

Yes

# Yes or No You have to enable the following options in an Identity Refresh to generate a provisioning request for identities. External applicatons: Provision assignments

Yes

# Yes or No You have to enable the following options in an Identity Refresh to generate a provisioning request for identities. Roles: Refresh assigned, detected roles and promote additional entitlements

Yes

# Yes or No You have to enable the following options in an Identity Refresh to generate a provisioning request for identities. External applicatons: Refresh assigned, detected roles and promote additional entitlements

No | Not for External applications

# Yes or No You have to enable the following options in an Identity Refresh to generate a provisioning request for identities. Roles: Provision assignments

No | Not for Roles

# Yes or No You have to enable the following options in an Identity Refresh to generate a provisioning request for identities. Roles: Refresh identity entitlements for all links

No | This does not generate requests

# Refresh assigned, detected roles and promote additional entitlements Generates provisioning requests to add entitlements required by the currently assigned roles.

Yes

# Lifecycle Manager Requests In a typical configuration: Managers can make requests for their direct reports.

Yes

# Lifecycle Manager Requests In a typical configuration: Managers can make requests for their direct reports.

Yes

# Lifecycle Manager Requests In a typical configuration: Managers can make requests for their direct reports.

Yes

# Yes or No Lifecycle Manager is a separately licensed portion of the IdentityIQ product.

Yes

# Yes or No Manage Accounts is designed to manage entitlements using provisioning requests

No | Lifecycle Manager

# Yes or No Use the Manage Accounts feature to: Unlock locked accounts

Yes

# Yes or No Use the Manage Accounts feature to: Add the entitlement to the specified identity

# Yes or No Use the Manage Accounts feature to: Enable disabled accounts

Yes

# Yes or No Use the Manage Accounts feature to: Add the entitlement to the specified identity

# Yes or No Use the Manage Accounts feature to: Request accounts on additional applications

Yes

# Yes or No Use the Manage Accounts feature to: Revoke an identity's current entitlements.

No | Request Entitlements

# Yes or No Use the Lifecycle Manager Request Access to: Revoke or disable existing accounts

# Yes or No Use the Lifecycle Manager Request Access to: Request accounts on additional applications

# Yes or No Use the Lifecycle Manager Request Access to: Provision the entitlements the role requires

Yes

# Yes or No Use the Lifecycle Manager Request Entitlements to: Add the entitlement to the specified identity

Yes

# Yes or No Use the Lifecycle Manager Request Entitlements to: Revoke an identity's current entitlements

Yes

# Yes or No Use the Lifecycle Manager Request Entitlements to: Provision the entitlements the role requires.

No | Request Access

# Yes or No Use the Lifecycle Manager Request Entitlements to: Deprovision by removing roles from an identity

No | Request Access

# Yes or No Use the Lifecycle Manager: Create Identity

Yes

# Yes or No Use the Lifecycle Manager: Manage Passwords

Yes | resets passwords on target systems which involves a provisioning plan an

# Yes or No With Lifecycle Manager enabled, Lifecycle Events can be configured in IdentityIQ to represent activities that occur during the normal course of a person's employment at a company.

Yes

# Yes or No One of the four predefined Lifecycle Events: Joiner

Yes

# Yes or No One of the four predefined Lifecycle Events: Mover

No | They call it Manager Transfer

# Yes or No One of the four predefined Lifecycle Events: Reinstate

Yes

# Yes or No One of the four predefined Lifecycle Events: Manager Transfer

Yes

# Yes or No Specific changes to an identity that will trigger Lifecycle Event: Attribute change

Yes

# Yes or No Specific changes to an identity that will trigger Lifecycle Event: Identity Trigger rule

Yes

# Yes or No The four predefined Lifecycle Events are enabled by default.

# Yes or No Default action of of Lifecycle event - Joiner is to create account

No | Prints to sysout, no actions are taken

# Yes or No Default action of of Lifecycle event - Reinstate is to create account

No | Reinstate is a rehire. ## Footnote Enables all previously disabled accounts of returning identity

# Yes or No Default action of of Lifecycle event - Leaver creates and runs provisioning plan to disable all accounts.

Yes

# Yes or No Only mangers and administrators can edit the Identity cube information

No | Only Administrators

# Yes or No Identities Warehouse: A provisioning plan is generated that updates an identity when you: **Change capabilities or assigned scopes on the User Rights tab**

Yes

# Yes or No Identities Warehouse: A provisioning plan is generated that updates an identity when you: **Delete or Move account links from the Application Accounts tab.**

Yes

# Yes or No Identities Warehouse: A provisioning plan is generated that updates an identity when you: **Add identity to workgroup**

No | Not an option in Identities Warehouse

# Yes or No If the triggering attributes for the identity have not changed, deleted roles that were assigned by rules are automatically reassigned to the identity during the next identity refresh.

Yes

# Yes or No By default, cache updates are performed every 5 minutes

# Yes or No By default, cache updates are performed every 10 minutes

Yes

# Yes or No When an identity’s access to a system is determined to be inappropriate for their job function, the certifier can revoke the entitlement through the Certification Access Review. This process is called Certificate Remediation.

Yes

# Yes or No You have to edit the xml for any policy to include remediated as one of its certificationActions values.

Yes

# Yes or No You have select remedication in the cerification settings GUI for any policy to include remediated as one of its Certification Actions values.

No | XML must be edit. No GUI interface

Users Request and Provisioning Flashcards

(81 cards)