16.0 Understanding Variations in Collector and Fulfillment Target Configurations

This chapter focuses on additional configuration-related information specific to templates that might need additional guidance.

Identity Governance provides out-of-the-box templates that enable you to easily integrate with LDAP systems, service desk systems, protocols, and specific applications, to collect data and fulfill change requests. Identity Governance collectors enable you to collect identities, applications, accounts, and permissions to provide a view of all your enterprise data in the Identity Governance catalog. Identity Governance collects the attributes configured in the templates and those are mapped to Identity Governance attributes. You can edit the templates and add attributes to the template while configuring the templates. Identity Governance fulfillment target templates enable you to fulfill change requests generated from reviews, requests, and catalog curation.

Many of these templates are easy to use with tooltips and preconfigured default values. However, a few templates for complex systems might need additional guidance because of the variations in required minimum rights, authentication methods, identity categorizations, parent-child relationships, and other such unique features of the connected systems.

For template layout overview, change event processing, and configuration procedures common to multiple collectors and fulfillment targets, refer to the following sections and chapters:

For additional guidance specific to collector and fulfillment target configuration, see the following sections:

IMPORTANT:Work with your integration account and network administrators to ensure that you have the minimum rights to the connected systems and that your system has the required security certificates. After initial configuration, you must always update credentials and other service parameters in each template as needed. For example, when connecting to applications that use access tokens for authentication, such as SCIM-compatible applications, you must change tokens when they expire and reconfigure the template to use the current access token.