Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog
1 2 3 Previous Next

RSA Identity Governance & Lifecycle

107 posts

Hey all,

I hope everyone had a great break over the holiday season and is ready for an exciting 2020!

We have loads of fantastic content lined up and cant wait to share it with you all! 

 

Before that however, we wanted to reflect on 2019... and what a great year 2019 has been for RSA IGL with you, our RSA Link community - we launched a monthly newsletter, followed up by a live webinar, not to mention all the other great content and blogs that were published!

 

I wanted to share a quick summary of all this content (see details below with links) and thank all those who helped.

It takes a lot to put together the newsletters, webinars and blogs - without the whole team, it simply wouldn’t happen.

 

Specifically, a HUGE thanks to:

 

Key Stats:

  • Total newsletters published: 9
    • Newsletter views: 18,000+
  • Total webinars hosted: 5
    • Post Webinar recording views: 1000+
    • Total Webinar registrants = 750+

 

Don't forget:

 

2019 Webinar Summary - Click the link to playback the webinar

#1 - July Link

  • 1st ever webinar introduction
  • Product Demo: New review features by Mike and Andrew
  • Meet the customer: Investec
    • Discussion on their deployment, success and key processes

#2 - Aug Link

  • RSA Datareach demo with Balaji and Pradeep
  • RSA Webservices Demo with Sean Miller

#3 - Sept Link

  • RSA IGL Roadmap with Aaron Beaudoin

#4 - Oct Link

  • RSA University info and update including courses available & certification
  • Meeting the Customer: BOK Financial
    • Discussion on their deployment, success and key processes

#5 - Nov/Dec Link

  • Dashboards
  • Meet the customer: Dell Tech
    • Discussion on their deployment, successes and Service Now

 

 2019 - Newsletter Summary

#1 March Link

  • Recommended Practices: Joiners, Movers and Leavers
  • IAM Blueprint: Bulk application collection
  • Success Wire: Food manufacturing
  • RSA Integrated Solution: RSA IGL & AM RSA SecurID Access Prime

#2 April Link

  • Recommended Practices: Sizing guidelines
  • IAM Blueprint: Bulk attribute updates
  • Success Wire: Automotive Company
  • RSA Integrated Solution: RSA IGL & RSA Archer
  • RSA Deep dive: Datareach solution

#3 May Link

  • Recommended Practices: Upgrade/migration
  • Success Wire: Dell Tech
  • Product Feature: Deep dive on upgraded rule engine
  • RSA IGL Telemetry Reports

#4 June Link

  • Recommended Practices: Backups!
  • Success Story: Healthcare
  • Support quick tips 1/3
  • Product Feature: New review features
  • RSA Blueprint: RSA IGL and RSA Archer

#5 July Link

  • Recommended Practices: Non-personal Accounts (NPA)
  • Support quick tips 2/3
  • Product Feature: Deep dive on workflow system status
  • RSA Blueprint: License Insights

#6 Aug Link

  • Recommended Practices: Application Onboarding
  • RSA Polls – we need your help
  • Product Feature: Deep dive on webservices
  • Support quick tips 3/3
  • RSA IGL & Services Now summary

#7 Sept Link

  • Recommended Practices: Performance checks
  • Datasheet: v7.1x
  • Product Feature: v7.1.1 Reduce Access Risk

#8 Oct Link

  • RSA IGL AWS Deployment guide
  • ACME Performance Guide
  • Datareach video
  • RSA Charge 2019 summary

#9 Nov/Dec Link

  • Reports, charts and dashboards
  • Tips/Tricks: Friendly date formats
  • RSA University update and summary

 

Other notable items to check out

Blog: All about reports/Charts & Dashboards

A summary of what reports, charts and dashboards are with info on how to use them and some examples to get started

101: Workflow Node summary

A summary of all the RSA IGL workflow nodes at a high level, with links to more detailed blogs as we add them

101: Workflow node – milestones

More details and information on this workflow node – what its for and how to use it

Tips and Tricks: Business Friendly dates

How to use RSA IGL to add more “business friendly” date formats into your workflow's or emails

101: Reports – finding all app-roles

A handy report and guide to find all app-roles within the DB

PS Beta – Risk dashboard

A new look dashboard based around risk – showing off some of the great things you can do with RSA IGL

Advanced SOD updates

A blog from Aaron around Advanced Enterprise-wide SOD violation analysis and visibility

RSA IGL Training

A blog about all things you need to know about RSA IGL Training

New Feature: Web services

A blog and video from Sean Miller on the new webservices features

New Feature: Rule improvements

Reduce Access Risk - New Streamlined and Intuitive Violation Remediation Experience

New Feature: Log Artifact

Find out about the great changes we have made, to make supporting you easier

 New Feature: Display Views

Learn about creating display views in the latest product version

What's new in v7.1.1

Learn all about the great features added to v7.1.1

New Feature: Diagnostics

Learn all about the new diagnostic capabilities

Services 101 blogs, help to explain various areas of RSA Identity Governance and Lifecycle, to ensure you are getting the most out of the product and following recommended practices. We hope to show you lots of great features, tips and tricks that you may not have been aware of!

Please reply below with any questions or hit like if this is helpful!

We are starting by looking at workflow nodes and in this blog, specifically the "Create Admin Error" node. 

Click the images to enlarge if you need!

Product Area: Workflow's

Workflow Node: Create Admin Error

Time to apply: <10 minutes

Impact: High positive impact for administrative users and support, Low risk to workflow process and performance as this node has a very low data footprint.

 

Summary: "Create Admin Error" nodes provide a great way to help log success or failures from within workflows. These results can be captured in a clear and meaningful format and are then available within the RSA IGL UI (Admin > Admin Errors > Summary) and via reports/charts.

 

Capturing Admin Errors helps to highlight processing issues that require attention to administrative users without them having to drill down in to workflows. 

 

RSA Field Example: To put this in to a real-life scenario, it’s a common requirement that Active Directory accounts have the password reset and are moved to a different OU when the associated user is flagged as a leaver.

 

This would be achieved using Provisioning Command nodes (1) within the fulfillment workflow. These Provisioning Command nodes then call the relevant AFX capability on the Business Source to perform the action and provide a status of 0 if successful or -1 if unsuccessful (2). Further details on the values and how they can be referenced as variables can be found here - https://community.rsa.com/docs/DOC-64651

 

A Decision node (3) then separates the successful from the unsuccessful allowing the Create Admin Error nodes (4) to return different errors depending on the result.

 

The Create Admin Error is then configured to capture the relevant details in a clear format that is easily understood by administrators.

 

Below is a format we typically use when configuring Admin Errors for the following reasons:

  • Highlighting the status (WARNING) at the start of the message helps focus attention

  • Including the associated process (LEAVER) helps sorting/filtering/reporting and can form part of daily checks

  • Including dynamic variables from the workflow makes the message more meaningful and easier to track

  • Inclusion of the Change Request ID enables easily linking to other tables/views for extended reporting options

  • Pipe separator simplifies report query

 

 

The Admin Errors are then visible within the UI from the Admin > Admin Errors screen

And can be easily extracted in to a report format which can be emailed on a scheduled basis or added to a dashboard to form part of the daily checks.

As mentioned, the inclusion of the CR ID in the Admin Errors provides a logical join to the CR views which provide useful additional detail such as user details, dates, times, days late, etc.

 

Within the above report, the join was achieved using the following query:

 

FROM avuser.PV_CHANGE_REQUEST_DETAIL pCRD
LEFT JOIN  avuser.V_AVR_ADMIN_EXCEPTIONS vAAE
ON PCRD.CHANGE_REQUEST_ID = TRIM(REGEXP_SUBSTR(VAAE.Description, '[^|]+', 1, 5))

 

The REGEXP_SUBSTR function uses the pipe separator (|) as a way of determining the string to return. Once joined to the PV_CHANGE_REQUEST_DETAIL view, this can be easily extended, for example:

 

LEFT JOIN avuser.PV_CHANGE_REQUEST pCR
ON pCRD.CHANGE_REQUEST_ID = pCR.ID

 

LEFT JOIN avuser.PV_USERS pUSR
ON pCRD.Affected_User_ID = pUSR.ID

 

Usage: All workflows that contain provisioning activities and provide status response (Provisioning Command node, Web Service) should include error handling, where possible.

 

General Notes/Benefits:

  • Reduce troubleshooting effort (no need to dig around in workflow)

  • Help create audit trail

  • Quickly and clearly highlight issues that require attention

  • Easy to configure

  • Very low data footprint so won’t impact performance

  • Ability to include variables in error messages provides huge flexibility

  • Populated to V_AVR_ADMIN_EXCEPTIONS view

  • Ease of reporting/dashboards

  • Admin Errors are not included in data purging although can be manually deleted from the UI if required

     

     

 

Configuration:

  • We are using v7.1 P04 in the example below, however most versions of the older product also have milestones available. 
  • Create Admin Error nodes are found under the "Modeler Toolbox", about halfway down, as shown in the image below. Just drag and drop them into your workflow.

Create Admin Error nodes are made up of 3 sections:

Type

Available to select from a drop-down list and can be used as grouping/sorting criteria on the Admin Errors page.

 

Priority

Drop-down select of either Low, Medium or High

 

Error Description

Free text box

 

As mentioned above, within the Error Description box you can also use variables from within the workflow. The use of dynamic variables makes the message more meaningful and also provides greater flexibility when it comes to reporting.

 

RSA PS Recommendation

Unless absolutely necessary, RSA recommends to only create Admin Errors for the failed/un-successful changes. This helps keep the Admin Error page lean and focus attention on only those items that require action/remediation.

Please find attached our first newsletter of 2020!

 

DONT FORGET - please register for the January RSA IGL Webinar - Click Me

 

Our goal of this newsletter, is to help share more information about what's happening and key things for you to be aware of, specifically for RSA Identity Governance and Lifecycle.

This is a monthly release, so you can expect a new Newsletter at the start of each month.

Please feel free to leave comments/suggestions (positive or negative!) below and don't forget to hit that "like" button too 

 

Current Edition:

  • Issue #10, January 2020: See attachment below 
    • Note:you should be able to view this in a browser, or download/preview the document too. Any issues/questions, just reply to this!

Previous Newsletter Editions:

 

Previous Webinar Recordings: (Note: you must login to view these)

RSA IGL Services 101 blogs, help to explain various areas of RSA Identity Governance and Lifecycle, to ensure you are getting the most out of the product and following recommended practices. We hope to show you lots of great features, tips and tricks that you may not have been aware of!

 

This blog provides a high level index and summary of each workflow node available, taken from v7.1x of RSA IGL. As we dive into more detail of each node, we will provide a link below, to click and get more info. For example, please click "Milestone" in the table below.

If there is a specific node you would like to know more about, please let us know in the comments below

Workflow Node Summary

The workflow editor includes processing nodes common to and also specific to request, approval, fulfillment, and escalation workflows. Nodes are the building blocks you use to create and modify workflows. This following table lists nodes that you can use in request, approval, fulfillment, and escalation workflows.

 

Node

Description

Activity

Used to define a activity for a change request.

Approval

Used to define an approval for a change request.

Approvals Phase

Used to allow change request items to be approved as groups at the same level.

Cancel Change Request

Used to generate a milestone to cancel the entire change request processed by the workflow and revert all changes completed in the change request, reject the entire change request processed by the workflow, or put the change request in an error state.

Complete Assigned

Used in an escalation workflow to mark work assigned to a user (through an approval or activity) as completed.

Create Admin Error

Specifies the type of admin error to create for an administrator.

Decision

Evaluates a condition(s) based on a true or false result for outgoing transitions to an action or stop delimiter based on whether or not the condition exists.

Delay

Suspends a workflow temporarily based on date criteria. The date could be a specific date, the change request fulfillment date, a system calculated date relative to current time, the result of a java method that returns a date, or the result of a SQL query resulting in a date.

Form Approval

Used to define an approval for a change request generated from a form.

Form Fulfillment

Used to define a fulfillment for a change request generated from a form.

Fulfillment Handler

Invokes a Java class to fulfill changes in a request.

Fulfillment Phase

Used to allow change request items to be fulfilled as groups at the same level.

Get Remaining SecondsUsed to store how much time remains for a calculated due date, performs some escalation outside of the assigned user’s control, and then updates the due date for the assigned user based on the earlier recorded remaining time.

Java *

Provides an interface to a Java method passing any parameters and returning a true/false result you can incorporate into a workflow.

The Java node, can evaluate conditions and perform actions in a workflow required for an approval and to initiate completion of an activity.

Note that if you use the Java node in a workflow or use the Java tag in workflow forms, you should place custom classes or jars in one of the following directories:

  • aveksa.ear/aveksa.war/WEB-INF/plugins/JavaNode/lib
  • aveksa.ear/aveksa.war/WEB-INF/plugins/JavaNode/classes

The sample Java Node workflow is deployed and references classes in these plugin directories. The source files for the samples are also included in the plugin directory under the src directory.

Job State

Specifies a job state the pauses a workflow: Canceled, Error, or Suspension

Manual Fulfillment

Used to handle a fulfillment manually and not automatically by the system.

Mark Verified

Used to indicate that changes marked as pending verification should be marked as verified.

Milestone

Provides high-level status information about a workflow milestone you want displayed in a change request.

Next Value

Returns the next value for a given job level workflow variable. If no value is returned (the last value was previously retrieved), the node returns false, which can be tested on an outgoing transition. If a valid value is returned, a true return code is provided. This node is typically used to iterate through an array of values to get the next value in the array..

Provisioning Command

Used to complete a provisioning command in a data source for a particular business source.

Reassign

Used to assign an approval or activity to another user.

Reset Password

Used to generate an email notification prompting a user to retrieve a password that has been reset for the user.

REST Web Service *

Invokes a REST call to an endpoint. The responses and results from the calls are stored in the workflow variables based on the configuration in the node. This information can be used in a workflow’s decision logic.

The node supports:

  • GET and POST methods
  • Basic authentication
  • Header parameters.
  • XML and Properties response types
  • Parsing of the response using XPath and RegEx expressions.

Run Report

Generates a report configured for the node in the workflow.

Run Review

Used to generate a user access review associated with the node.

Send Email

Generates email you want from the workflow. It supports the use of workflow variables or runtime workflow information to specify the To/From portions of the email.

Set Value

Creates or updates a job level workflow variable(s) using the value(s) provided. The value can be a literal or use other workflow variables that are evaluated at the time the node is executed

SOAP Web Service *

Invokes a SOAP call to an endpoint. The responses and results from the calls are stored in the workflow variables based on the configuration in the node. This information can be used in a workflow’s decision logic.

The node supports:

  • POST method
  • Basic authentication
  • WS-Security
  • Generic MIME Header
  • SOAP based XML response type
  • Parsing of the response using XPath and RegEx expressions

SQL Execute *

Runs an Insert/Update/Delete SQL command or a stored procedure where no result set is needed. It runs against the system database (AVDB). This node supports variables from the workflow with the SQL.

If you want to use an output parameter from your stored procedure (say, ‘success’ or “failure’ status) as a workflow variable for subsequent processing, you must define the stored procedure as a function and use the following syntax:

select sp_update_db (‘JOE’, ‘SMITH’, status) status from dual.

SQL Select *

To be updated.

Start

Used as the start delimiter for a workflow.

Stop

Used as the stop delimiter for a workflow.

Subprocess

Calls/interjects another workflow as a subprocess of the current workflow. This node is useful in compartmentalizing work items or to improve maintenance or re-use of workflows.

Text Node

Used to enter text into a workflow.

Transition

Used to connect two workflow nodes (processes) unidirectionally with a straight line. Transitions can be conditional or unconditional. A conditional transition occurs only if a particular condition is true. An unconditional transition can occur regardless of whether a condition is true. A transition is visually represented as an arrow.

Undo Changes

Used to generates changes to reverse the requested changes that have been fulfilled.

Wait for Verification

Used to create a database watch for evidence of a change request fulfillment.

 

Note: Not all controls and types are available for every workflow type. Also, nodes with an asterisk symbol ( * ) are designed for advanced application. These nodes should be implemented carefully because poorly defined nodes can negatively impact workflow performance.

RSA IGL Services 101 blogs, help to explain various areas of RSA Identity Governance and Lifecycle, to ensure you are getting the most out of the product and following recommended practices. We hope to show you lots of great features, tips and tricks that you may not have been aware of!

 

Please reply below with any questions or hit like if this is helpful!

 

Product Area: Reports/Charts/Table's

Data: App-Roles

Summary: Application roles collected within "directories" are not located in the PV_APPLICATION_ROLE view but are instead found under PV_DIRECTORY_ROLE view. If you use directories and collect in APP-ROLES, you must take this into account for all your reports/charts that you create, so that you dont miss out any information. 

RSA Field Example: If creating a report/chart to display all app_roles within RSA IGL which have a "privileged" flag set to "yes", you will need to take into account both these tables in the SQL.

SQL Example:

select 
    application_id,
    name
from avuser.pv_application_role
where lower(privileged) = 'yes'
union all
select
    application_id,
    name
from avuser.PV_DIRECTORY_ROLE
where lower(privileged) = 'yes'

 

These images show where the data is found.

 

Within the Directory "Navision - SQL Database" we can see the "app role" called "db_access_admin"

When searching against PV_APPLICATION_ROLE table - the result is not found

When searching against PV_DIRECTORY_ROLE table - the result is found

 

Thought I'd share this to save others time if they weren't already aware.

 

Cheers,

Clive

Services 101 blogs, help to explain various areas of RSA Identity Governance and Lifecycle, to ensure you are getting the most out of the product and following recommended practices. We hope to show you lots of great features, tips and tricks that you may not have been aware of!

Please reply below with any questions or hit like if this is helpful!

We are starting by looking at workflow nodes and in this blog, specifically the "milestone" node. 

The RSA Services team love to use Milestone Nodes whenever possible and find they are a great addition to any workflow. However they are surprised to find they are not being used enough by our customers to help make things easier and clearer!

 

Thanks to the PS rockstars: Clive Morrish, Ahmed Nofal and Mostafa Helmy for their help on this blog.

Click the images to enlarge if you need!

Product Area: Workflow's

Workflow Node: Milestones

Time to apply: <10 minutes

Impact: High positive impact for end users, Low risk to workflow process as nothing is being changed to effect the flow.

Summary: Using "Milestone" nodes, provide a great way to help track the route a workflow has taken and give some business friendly information about what's happening, without having to drill into the processing itself. This helps business end users and admin's alike, as the Milestones are captured on the Request Tab to provide an easy to use reference point. 

RSA Field Example: To put it in generic terms, what we really use them for, is to help determine why the CR has ended up where it has, without having to look at the processing workflow. We typically use them after decision nodes or to provide success/failure response. 

As shown in this status image below, to meet a customer requirement we needed to identify requests created as a result of an account being Revoked within an account review and handle them differently. This is the first decision within the workflow and we use the Milestone to confirm this, without this Milestone you'd need to view the processing workflow to confirm the route the request has taken.

 

Then, because it’s a revoke from a review, there's a requirement to create a new CR from the workflow. This milestone not only confirms the new CR has been created but also provides the new CR id. This provides an audit-able trail and helps users with locating the new CR.

 

In its simplest form, the Supervisor Approval workflow could be updated to include Milestone to advise if a supervisor couldn’t be found! Without the milestone, you'd need to dig a little deeper to extract this useful information.

 

 

Usage: All workflows should include milestones where possible, especially ones which are seen by business users, to make their understanding clearer and the process more simple.

General Notes/Benefits

  • Positive business impact to provide added information and details
  • Reduced help desk calls, where business users don't understand whats happened and why
  • Aid with troubleshooting
  • Can be used to provide error handling
  • Can be used to assist with tracking/auditing
  • Can provide dynamic variables from the request
    • As an example, you could have a workflow create an additional CR, a milestone can be used to confirm the new CR has been created successfully and also provide the CR ID, as shown below:

 

Configuration:  

  • We are using v7.1x in the example below, however most versions of the older product also have milestones available. 
  • Milestone nodes are found under the "Modeler Toolbox", about halfway down, as shown in the image below. Just drag and drop them into your workflow.

  • Milestone nodes have a couple of basic properties:
    • General: Name
      • Keep the node name generic and configure the milestone message under the Status options, for the following reasons
      • Variables cannot be used within the Node Name but they can be when using the Status options
      • The status options can be used to control when the milestone is displayed
    • General: Description
      • A simple description of what the milestone is doing, for future reference.

 

  • Status options:
    • Planned (Possible)
    • Completed
      • Planned (Definite) - we recommend not to use this one and to stick with the Possible/Completed

 

To help try and explain these, we have created the following workflow that contains a Milestone for each option.

 

 

The Planned (Possible) message will be displayed even though at this point the workflow has not yet transitioned through the node. This is a way to provide some information about a potential next step in the process, which is upcoming. 

 

 

 

Completed will populate the message only after the workflow has successfully transitioned through/past the node:

  

 

RSA PS Recommendation

Leave both ‘Planned’ options empty and only populate the Completed option to show the business which items have actually happen in the process flow, so as to not cause any confusion.

Final note.

Milestone nodes, also make use of the helpful information "i" button, found at the end of the status details. The "i" button displays details directly from the request. The below image is the first decision in the License Review workflow which checks if the requested entitlement is licensed or not. By clicking on the "i" button it confirms which entitlement it’s referring to, this is really relevant if you have CR containing multiple items (which is a common use case)

One of our RSA PS rockstars (Ahmed Nofal)  has been working on a fantastic new dashboard, as shown below in the image and quick demo video. This dashboard shows various risk items found within RSA IGL and displays in it a simple to understand format using a traffic light system.

 

All the data is dynamic and has the "drill-down" functionality, so you can click into the area to find out more!

We are looking for a beta tester client, who would like to work with us on this.

If you are interestred, please email me: jamie.pryer@rsa.com

 

Please note that this will require some time from your side, maybe 30min - 1hour on a Zoom sesssion to review the results and discuss the dashboard overall.

 

For this to work, you must be on version:

  • 7.1.0 P04 or higher
  • 7.1.1 (any version)

 

For a quick demo, please see this video:

 

An example screen shot of the dynamic risk based dashboard

Please find attached our November 2019 Edition of the newsletter.

 

DONT FORGET - please register for the December RSA IGL Webinar, with our customer "Dell Technologies" joining me to discuiss their success journey so far - Click Me

 

Our goal of this newsletter, is to help share more information about what's happening and key things for you to be aware of, specifically for RSA Identity Governance and Lifecycle.

This is a monthly release, so you can expect a new Newsletter at the start of each month.

Please feel free to leave comments/suggestions (positive or negative!) below and don't forget to hit that "like" button too 

 

Current Edition:

  • Issue #9, November 2019: See attachment below 
    • Note:you should be able to view this in a browser, or download/preview the document too. Any issues/questions, just reply to this!

 

Previous Newsletter Editions:

Hello RSA IGL Community!


I'm Megan, the RSA University Practice Lead for RSA Identity Governance and Lifecycle. Following October's amazing webinar (found here), I wanted to create a follow-up blog to highlight all the great things we have going on for RSA IGL to help you learn more and get more value from the product.  

  • A full revamp of our curriculum is underway! We're looking to offer high-level courses for those who are just getting started or just need to know the basics, as well as hands-on/working with an instructor, deeper looks into the admin side of things. If you have a need for training on a specific area or for a specific audience, please let me know!
  • Main link to RSA University - IGL Training Page with links to all available training: Click Here
  • The attached PDF includes the slides presented in October, with a summary of what's available now and what's coming soon!
  • Coming soon: A quarterly On-Demand live session with one of talented IGL Instructors. This is a great opportunity to dial in and ask questions that arose following any training you've taken through us.
  • And finally, here are some recent Q&As about RSA University:

    Question:Answer:
    The same training course is available in a number of different formats. Are the different formats priced differently?You may be seeing courses like the Admin series available in live (in person), live (virtual), and On-Demand Classroom formats. As each of these formats still gives you the full content and lab experiences, they are all priced the same.
    Pro tip: See our subscription option for one low price for all courses available in an On-Demand format, plus one certification exam voucher!
    I've been working with IGL for many years. Am I allowed to take the certification exams without first attending training?Absolutely! Training is not a prerequisite to taking the certification exams. We offer practice tests on RSA Link for you to gauge your level of readiness for each exam.
    Are the certification exams lab-based?Not at this time. Currently, all certification exams are multiple-choice only.
    How do keep the certification? Is there a CPE requirement?Exams currently expire after 2 years. To renew your certification, you simply take the most current exams. No tracking of CPEs is required!
    Are there any IGL live (in person) courses scheduled near me?Our schedules are posted online and are updated regularly. If you have a specific city or region where you would like us to offer a public course, please let us know!

 

Any questions, queries or ideas, please let me know. My proverbial door is always open, and I'm highly interested in making great training available that meets your needs!

 

All the best,
Megan

Date formats in workflows, typically come in a very long and "un-useful" format, which is: "YYYY-MM-DD HH:MM:SS" eg: 2019-11-05 10:46:54.0

This format is not very useful for business users and so changing it to be something more "readable" is a good idea in general. 

 

Thanks to the help from our resident rock star...Mostafa Helmy, we have the following example that you can use today for your review esclation emails. The below could be applied to any dates in other areas of the product too, however review esclations is a widely used area and a good place to start.

 

The process is as follows, where we want to update the review "end date" value.You could apply this to the "start date" too, if you wanted.

 

  1. First, establish the format of how you want the date to look. e.g.. "29-01-2019" or "Feb-22-19" etc..
  2. To do this, open a query analyser (e.g. SQL Developer) and test with the following SQL to find the date you want to display.
    Note, this example has 2 different options to get you started. Also, see the table below to get more ideas of the date formats that you could use.

    select to_char(sysdate,'MM/DD/YYYY') as new_date from dual;

    select to_char(sysdate,'DAY DD-MON-YY') as new_date from dual;


    Image of the above SQL example

  3. Once you have the correct format that you want to use
    Always start in DEV, NOT prod
  4. Log into RSA IGL as a user who can edit/create workflows
  5. Find the workflow/escalation you want to edit and open it
  6. Add a new "SQL Select" object to the workflow, at the start
    It must be before the "email" or what ever you want this better date format to be
  7. Edit the "SQL Select" object to be the following SQL.
    Note: This SQL will create a new value called "new_end_date" which can then be added into your email.
    Format SQL
    MM-DD-YYYY
    (08/21/2019)

    select to_char(end_date,'MM/DD/YYYY') as new_end_date from pv_review where id='${jobUserData_acm.ReviewId}'

    DD-MM-YYYY
    (21/08/2019)

    select to_char(end_date,'DD/MM/YYYY') as new_end_date from pv_review where id='${jobUserData_acm.ReviewId}'

  8. Set the Variable Type to Job. This must be set so that it can be referenced as a variable within the workflow
  9. Make sure you now hit "SAVE"
    The new value wont show until you have done this!!
  10. Select your email node and "right-click" where you want to add the new value (new_end_date) to add it in. (See image below)
  11. Test this has worked by generating a new email and confirming the date format is correct and as expected.
  12. Migrate to production

 

 

 

 

Other formatting suggestions:

Note:

  • The format, MUST be in the correct CASE
  • See this link for Oracle datetime format models: Format Models 
YEARYear, spelled out
YYYY4-digit year
YYY
YY
Y
Last 3, 2, or 1 digit(s) of year.
IYY
IY
I
Last 3, 2, or 1 digit(s) of ISO year.
IYYY4-digit year based on the ISO standard
QQuarter of year (1, 2, 3, 4; JAN-MAR = 1).
MMMonth (01-12; JAN = 01).
MONAbbreviated name of month.
MONTHName of month, padded with blanks to length of 9 characters.
RMRoman numeral month (I-XII; JAN = I).
WWWeek of year (1-53) where week 1 starts on the first day of the year and continues to the seventh day of the year.
WWeek of month (1-5) where week 1 starts on the first day of the month and ends on the seventh.
IWWeek of year (1-52 or 1-53) based on the ISO standard.
DDay of week (1-7).
DAYName of day.
DDDay of month (1-31).
DDDDay of year (1-366).
DYAbbreviated name of day.
JJulian day; the number of days since January 1, 4712 BC.
HHHour of day (1-12).
HH12Hour of day (1-12).
HH24Hour of day (0-23).
MIMinute (0-59).
SSSecond (0-59).
SSSSSSeconds past midnight (0-86399).
FFFractional seconds.

Reports, Charts and Dashboards are a useful and powerful feature of RSA Identity Governance and Lifecycle.

However, it would seem that many are not using this to its full potential...so we are here to help change that!

 

I've created this video and presentation, to help you understand the fundamentals of how this feature of the product works, along with a real example you can apply yourself, in your environment. 

 

 Please watch the video to learn more and leave you thoughts/comments below! 

Hit "like" above if you found this useful!

Zoom Video Link --> RSA Reports, Charts and Dashboards - Overview and Live Demo - Zoom 

 

Other Useful Links:

 

Example of what is created in the video

 

Useful SQL for finding tables you might need

Replace "xxx" with a lower case search, like "user" or "app" or "role"

select * from user_views
where lower(view_name) like '%xxx%'
order by view_name asc

 

SQL used in the video and presentation.

Please note that this SQL might not be relevant for your environment, so always test this in Dev before testing in Production. Some of this SQL might produce too much data and so adding a date filter (e.g.. in the last year) might be useful. The below is shared to give you examples of the SQL which was used in the demo and presentation/video. 


Active Review Details (Report)

(SELECT 
pR.NAME,
pR.END_DATE,
pRS.REVIEWED_ENTS_COUNT,
pRS.TOTAL_ENTS_TO_REVIEW,
pRS.REVIEWED_USERS_COUNT,
pRS.TOTAL_USER_COUNT,
concat(CAST(((pRS.REVIEWED_ENTS_COUNT/pRS.TOTAL_ENTS_TO_REVIEW) *100) AS NUMERIC(10,0)),'%') AS Percent_Complete
FROM AVUSER.PV_REVIEW pR
LEFT JOIN AVUSER.PV_REVIEW_STATUS pRS
ON pR.ID = pRS.REVIEW_ID
WHERE pR.STATE = 'InProcess')

 

Outstanding Review Items (Report)

(SELECT * FROM 
(SELECT R.NAME AS Review_Name,
U.FIRST_NAME,
U.LAST_NAME,
U.DEPARTMENT,
TOTAL_ENTS_TO_REVIEW AS Total_Review_Items,
REVIEWED_ENTS_COUNT,
CAST((REVIEWED_ENTS_COUNT /TOTAL_ENTS_TO_REVIEW) AS NUMERIC(10,2)) AS Input_Pct,
concat(CAST(((REVIEWED_ENTS_COUNT/TOTAL_ENTS_TO_REVIEW) *100) AS NUMERIC(10,0)),'%') AS Percent_Complete
FROM avuser.PV_REVIEW R
JOIN avuser.PV_REVIEW_REVIEWER_SUMMARY REVIEWER_STAT_BY_COMP
ON R.ID = REVIEWER_STAT_BY_COMP.REVIEW_ID
JOIN avuser.PV_USERS U
ON REVIEWER_STAT_BY_COMP.REVIEWER_ID = U.ID
WHERE R.STATE= 'InProcess')
WHERE PERCENT_COMPLETE <> '100%'
ORDER BY TOTAL_REVIEW_ITEMS DESC)

 

Active Reviews (Chart)

(SELECT 
pR.NAME,
pR.END_DATE,
CAST(((pRS.REVIEWED_ENTS_COUNT/pRS.TOTAL_ENTS_TO_REVIEW) *100) AS NUMERIC(10,0)) AS Percent_Complete
FROM AVUSER.PV_REVIEW pR
LEFT JOIN AVUSER.PV_REVIEW_STATUS pRS
ON pR.ID = pRS.REVIEW_ID
WHERE pR.STATE = 'InProcess')

 

Overall Review Summary (Chart)

(select 
state as review_state,
count(*) as total_items
from AVUSER.PV_REVIEW
group by state)

 

 

Thanks!

please comment below and hit like if this is helpful!

Please find attached our October 2019 Edition of the newsletter, presented in a slightly new and updated format. 

 

 

DONT FORGET - please register for the October IGL Huddle - Click Me

 

Our goal of this newsletter, is to help share more information about what's happening and key things for you to be aware of, specifically for RSA Identity Governance and Lifecycle.

This is a monthly release, so you can expect a new Newsletter at the start of each month.

Please feel free to leave comments/suggestions (positive or negative!) below and don't forget to hit that "like" button too 

 

Current Edition:

  • Issue #8, October 2019: See attachment below 
    • Note:you should be able to view this in a browser, or download/preview the document too. Any issues/questions, just reply to this!

 

Previous Newsletter Editions:

In the recent  RSA Identity Governance and Lifecycle 7.1 release, you can now require a user to specify if a mitigating control is in place for when granting an exception to a Segregation of Duty (SOD) or User Access (UA) policy violation.

During a policy violation review, and when granting an exception, the remediator can specify if there is a mitigating control in place. They can choose if control is:

  • In-Place – there is a control that has been implemented
  • Pending – there is a control defined and is in the process of being implemented
  • None – there are no controls in place or defined at this time

This feature compliments New Feature: Customer Specific Business Justifications that can also be selected when granting a policy exception.   

The configuration for adding mitigating controls for granting exceptional access to policy violations can be found within the rule definition. 

For more information on this feature – please check out this additional content. 

Mitigating Controls for Violation Remediation 

In the recent RSA Identity Governance and Lifecycle 7.1 release, the user interface can customized to better brand the product for the customer's environment.  One new key customization available is the background image displayed when user's are on the login screen.  The file must be a JPEG file that is called login-background.jpg.  The file should be uploaded to the Admin→User Interface→Files page under the images section.  When new users login, they will be shown a customized login screen like the following:

Things to consider when customizing this:

  • The image should be a decent resolution so it renders on various client screen resolutions
  • The file size should not exceed 10MB so it doesnt impact the speed to load the screen the first time too much
  • The uploaded image is audited as part of the events found under Admin->System→Audit

 

Included in this blog is a set of background images (see attachments) to try out.  Rename the image to login-background.jpg and upload.  The image will be shown the next time you login to the product.

We are excited to introduce a new virtual deployment option in the recent RSA Identity Governance and Lifecycle 7.1  release which makes it easier to deploy our solution in a VMWare virtualization environment!

Provided as an OVA file, all the neccessary componets are supplied to connect your RSA Identity Governance and Lifecycle application to an existing database instance.  Using the supplied configuration wizard, which prompts and ensures that all the necessary configurations are set, customers can quickly stand up the RSA Identity Governance and Lifecycle application. 

For more information and to view an example installation and setup, please refer to the following video tutorial:

Virtual Application Installation and Setup