Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog > 2020 > January
2020

Hey all,

I hope everyone had a great break over the holiday season and is ready for an exciting 2020!

We have loads of fantastic content lined up and cant wait to share it with you all! 

 

Before that however, we wanted to reflect on 2019... and what a great year 2019 has been for RSA IGL with you, our RSA Link community - we launched a monthly newsletter, followed up by a live webinar, not to mention all the other great content and blogs that were published!

 

I wanted to share a quick summary of all this content (see details below with links) and thank all those who helped.

It takes a lot to put together the newsletters, webinars and blogs - without the whole team, it simply wouldn’t happen.

 

Specifically, a HUGE thanks to:

 

Key Stats:

  • Total newsletters published: 9
    • Newsletter views: 18,000+
  • Total webinars hosted: 5
    • Post Webinar recording views: 1000+
    • Total Webinar registrants = 750+

 

Don't forget:

 

2019 Webinar Summary - Click the link to playback the webinar

#1 - July Link

  • 1st ever webinar introduction
  • Product Demo: New review features by Mike and Andrew
  • Meet the customer: Investec
    • Discussion on their deployment, success and key processes

#2 - Aug Link

  • RSA Datareach demo with Balaji and Pradeep
  • RSA Webservices Demo with Sean Miller

#3 - Sept Link

  • RSA IGL Roadmap with Aaron Beaudoin

#4 - Oct Link

  • RSA University info and update including courses available & certification
  • Meeting the Customer: BOK Financial
    • Discussion on their deployment, success and key processes

#5 - Nov/Dec Link

  • Dashboards
  • Meet the customer: Dell Tech
    • Discussion on their deployment, successes and Service Now

 

 2019 - Newsletter Summary

#1 March Link

  • Recommended Practices: Joiners, Movers and Leavers
  • IAM Blueprint: Bulk application collection
  • Success Wire: Food manufacturing
  • RSA Integrated Solution: RSA IGL & AM RSA SecurID Access Prime

#2 April Link

  • Recommended Practices: Sizing guidelines
  • IAM Blueprint: Bulk attribute updates
  • Success Wire: Automotive Company
  • RSA Integrated Solution: RSA IGL & RSA Archer
  • RSA Deep dive: Datareach solution

#3 May Link

  • Recommended Practices: Upgrade/migration
  • Success Wire: Dell Tech
  • Product Feature: Deep dive on upgraded rule engine
  • RSA IGL Telemetry Reports

#4 June Link

  • Recommended Practices: Backups!
  • Success Story: Healthcare
  • Support quick tips 1/3
  • Product Feature: New review features
  • RSA Blueprint: RSA IGL and RSA Archer

#5 July Link

  • Recommended Practices: Non-personal Accounts (NPA)
  • Support quick tips 2/3
  • Product Feature: Deep dive on workflow system status
  • RSA Blueprint: License Insights

#6 Aug Link

  • Recommended Practices: Application Onboarding
  • RSA Polls – we need your help
  • Product Feature: Deep dive on webservices
  • Support quick tips 3/3
  • RSA IGL & Services Now summary

#7 Sept Link

  • Recommended Practices: Performance checks
  • Datasheet: v7.1x
  • Product Feature: v7.1.1 Reduce Access Risk

#8 Oct Link

  • RSA IGL AWS Deployment guide
  • ACME Performance Guide
  • Datareach video
  • RSA Charge 2019 summary

#9 Nov/Dec Link

  • Reports, charts and dashboards
  • Tips/Tricks: Friendly date formats
  • RSA University update and summary

 

Other notable items to check out

Blog: All about reports/Charts & Dashboards

A summary of what reports, charts and dashboards are with info on how to use them and some examples to get started

101: Workflow Node summary

A summary of all the RSA IGL workflow nodes at a high level, with links to more detailed blogs as we add them

101: Workflow node – milestones

More details and information on this workflow node – what its for and how to use it

Tips and Tricks: Business Friendly dates

How to use RSA IGL to add more “business friendly” date formats into your workflow's or emails

101: Reports – finding all app-roles

A handy report and guide to find all app-roles within the DB

PS Beta – Risk dashboard

A new look dashboard based around risk – showing off some of the great things you can do with RSA IGL

Advanced SOD updates

A blog from Aaron around Advanced Enterprise-wide SOD violation analysis and visibility

RSA IGL Training

A blog about all things you need to know about RSA IGL Training

New Feature: Web services

A blog and video from Sean Miller on the new webservices features

New Feature: Rule improvements

Reduce Access Risk - New Streamlined and Intuitive Violation Remediation Experience

New Feature: Log Artifact

Find out about the great changes we have made, to make supporting you easier

 New Feature: Display Views

Learn about creating display views in the latest product version

What's new in v7.1.1

Learn all about the great features added to v7.1.1

New Feature: Diagnostics

Learn all about the new diagnostic capabilities

Services 101 blogs, help to explain various areas of RSA Identity Governance and Lifecycle, to ensure you are getting the most out of the product and following recommended practices. We hope to show you lots of great features, tips and tricks that you may not have been aware of!

Please reply below with any questions or hit like if this is helpful!

We are starting by looking at workflow nodes and in this blog, specifically the "Create Admin Error" node. 

Click the images to enlarge if you need!

Product Area: Workflow's

Note: A summary of all workflows is found here: RSA IGL Services 101: Explaining Workflow Nodes - Summary

Workflow Node: Create Admin Error

Time to apply: <10 minutes

Impact: High positive impact for administrative users and support, Low risk to workflow process and performance as this node has a very low data footprint.

 

Summary: "Create Admin Error" nodes provide a great way to help log success or failures from within workflows. These results can be captured in a clear and meaningful format and are then available within the RSA IGL UI (Admin > Admin Errors > Summary) and via reports/charts.

 

Capturing Admin Errors helps to highlight processing issues that require attention to administrative users without them having to drill down in to workflows. 

 

RSA Field Example: To put this in to a real-life scenario, it’s a common requirement that Active Directory accounts have the password reset and are moved to a different OU when the associated user is flagged as a leaver.

 

This would be achieved using Provisioning Command nodes (1) within the fulfillment workflow. These Provisioning Command nodes then call the relevant AFX capability on the Business Source to perform the action and provide a status of 0 if successful or -1 if unsuccessful (2). Further details on the values and how they can be referenced as variables can be found here - https://community.rsa.com/docs/DOC-64651

 

A Decision node (3) then separates the successful from the unsuccessful allowing the Create Admin Error nodes (4) to return different errors depending on the result.

 

The Create Admin Error is then configured to capture the relevant details in a clear format that is easily understood by administrators.

 

Below is a format we typically use when configuring Admin Errors for the following reasons:

  • Highlighting the status (WARNING) at the start of the message helps focus attention

  • Including the associated process (LEAVER) helps sorting/filtering/reporting and can form part of daily checks

  • Including dynamic variables from the workflow makes the message more meaningful and easier to track

  • Inclusion of the Change Request ID enables easily linking to other tables/views for extended reporting options

  • Pipe separator simplifies report query

 

 

The Admin Errors are then visible within the UI from the Admin > Admin Errors screen

And can be easily extracted in to a report format which can be emailed on a scheduled basis or added to a dashboard to form part of the daily checks.

As mentioned, the inclusion of the CR ID in the Admin Errors provides a logical join to the CR views which provide useful additional detail such as user details, dates, times, days late, etc.

 

Within the above report, the join was achieved using the following query:

 

FROM avuser.PV_CHANGE_REQUEST_DETAIL pCRD
LEFT JOIN  avuser.V_AVR_ADMIN_EXCEPTIONS vAAE
ON PCRD.CHANGE_REQUEST_ID = TRIM(REGEXP_SUBSTR(VAAE.Description, '[^|]+', 1, 5))

 

The REGEXP_SUBSTR function uses the pipe separator (|) as a way of determining the string to return. Once joined to the PV_CHANGE_REQUEST_DETAIL view, this can be easily extended, for example:

 

LEFT JOIN avuser.PV_CHANGE_REQUEST pCR
ON pCRD.CHANGE_REQUEST_ID = pCR.ID

 

LEFT JOIN avuser.PV_USERS pUSR
ON pCRD.Affected_User_ID = pUSR.ID

 

Usage: All workflows that contain provisioning activities and provide status response (Provisioning Command node, Web Service) should include error handling, where possible.

 

General Notes/Benefits:

  • Reduce troubleshooting effort (no need to dig around in workflow)

  • Help create audit trail

  • Quickly and clearly highlight issues that require attention

  • Easy to configure

  • Very low data footprint so won’t impact performance

  • Ability to include variables in error messages provides huge flexibility

  • Populated to V_AVR_ADMIN_EXCEPTIONS view

  • Ease of reporting/dashboards

  • Admin Errors are not included in data purging although can be manually deleted from the UI if required

     

     

 

Configuration:

  • We are using v7.1 P04 in the example below, however most versions of the older product also have milestones available. 
  • Create Admin Error nodes are found under the "Modeler Toolbox", about halfway down, as shown in the image below. To add a new node to your workflow, just single left-click the required node icon from the left-side panel then double left-click anywhere in the middle area to add that node.

Create Admin Error nodes are made up of 3 sections:

Type

Available to select from a drop-down list and can be used as grouping/sorting criteria on the Admin Errors page.

 

Priority

Drop-down select of either Low, Medium or High

 

Error Description

Free text box

 

As mentioned above, within the Error Description box you can also use variables from within the workflow. The use of dynamic variables makes the message more meaningful and also provides greater flexibility when it comes to reporting.

 

RSA PS Recommendation

Unless absolutely necessary, RSA recommends to only create Admin Errors for the failed/un-successful changes. This helps keep the Admin Error page lean and focus attention on only those items that require action/remediation.

Please find attached our first newsletter of 2020!

 

DONT FORGET - please register for the January RSA IGL Webinar - Click Me

 

Our goal of this newsletter, is to help share more information about what's happening and key things for you to be aware of, specifically for RSA Identity Governance and Lifecycle.

This is a monthly release, so you can expect a new Newsletter at the start of each month.

Please feel free to leave comments/suggestions (positive or negative!) below and don't forget to hit that "like" button too 

 

Current Edition:

  • Issue #10, January 2020: See attachment below 
    • Note:you should be able to view this in a browser, or download/preview the document too. Any issues/questions, just reply to this!

Previous Newsletter Editions:

 

Previous Webinar Recordings: (Note: you must login to view these)