6.0 Understanding Data Administration

After installing Identity Governance, the bootstrap administrator collects and publishes an initial set of identities and provides global authorization to one of these users. Alternately, the bootstrap administrator can also have the global authorization. The Customer Administrator or Global Administrator assigns users other authorizations such as the data administration authorization.

As a Data Administrator, you are responsible for the entire data administration process including the key phases of data preparation, collection, publication, and management. Data collection and publication is the first critical step in the governance process, and it is an ongoing process that is needed to ensure that the access information that is being reviewed is up to date.

Identity Governance processes require clean, up-to-date data obtained from a variety of sources such as Identity Manager, Active Directory, and other enterprise applications in the data center and the cloud. Identity Governance can obtain the data by directly connecting to the systems through protocols such as LDAP, SCIM, and JDBC, or it can simply periodically extract the data from a file such as a Comma Separated Value (CSV) formatted file. The features and processes Identity Governance uses to retrieve, validate, and format entity (Identity, Group, Application, Account, and Permission) data from desired data sources is referred to as data collection and the collection templates you use to collect data are referred to as collectors.

When Identity Governance is deployed in the cloud, you will need Cloud Bridge to collect data from on-premises data centers. You will need to configure Cloud Bridge and enable Cloud Bridge data source connection prior to data collection.

Data Publication refers to the processes used to transfer the collected data to the Identity Governance catalog which makes the data available for governance operations.

Identity Governance provides default collector templates to get you started with the configuration process for data collection. However, each environment has custom requirements that might require unique transformation and configuration options.

As a Data Administrator, you need a thorough understanding of the sources from which the data is retrieved, as well as the Identity Governance data administration concepts and tasks. The following figure provides a brief overview of the data administration process.

Figure 6-1 Data Administration Process Overview

For additional information about the data collection and publication concepts and an overview of related tasks, see the following sections: