SecurID Governance & Lifecycle Getting Started Guide 7.5.2
This document provides an overview of the tasks you perform to set up and manage SecurID Governance & Lifecycle. It also explains where to find the information about performing each task from the Online Help available in the product. Use it as a set of basic guidelines for deploying SecurID Governance & Lifecycle in a development environment.
Properly planning your SecurID Governance & Lifecycle deployment is critical. This topic assumes you have identified the following:
Read the SecurID Governance & Lifecycle Cloud Release Notes for information on new and improved product features and known issues.
Configure security settings before you proceed with other tasks.
Task |
Help Source |
Log into SecurID Governance & Lifecycle Cloud and change the initial password for AveksaAdmin. The AveksaAdmin account is the default system administrator account for the application. It is the only account authenticated by the application. After you onboard users into the application, you can provide qualified users with various levels of administrator privileges. See the "Managing RSA Identity Governance and Lifecycle Application Privileges" Help topic for more information |
Logging On and Logging Off |
Configure system security settings to help protect against brute-force login attempts and cross-site scripting attacks. |
Managing System Security |
Before you can manage identity and access compliance with SecurID Governance & Lifecycle Cloud, you must onboard the users who can access resources in your organization.
Task |
Help Source |
Create a directory for each identity data source, such as Active Directory, from which you plan to collector identities. |
Creating and Managing Directories |
Create an identity collector for each identity data source directory and collect identities (users). |
About Data Collection Create an Identity Collector Collect Identity Data |
To collect identities from more than one data source, you must unify identity data to create unique records of users in the application. |
Managing Identity Data Unification |
Onboard the applications and directories that your users access.
Task |
Help Source |
Onboard applications and directories. |
Creating and Managing Applications Creating and Managing Directories |
Create collectors and collect application metadata |
About Data Collection Create an Application Metadata Collector Collect Application Metadata |
Collect the accounts and entitlements that define what your users can access.
Task |
Help Source |
Create account collectors and collect the accounts that provide users with the entitlements to applications and directories in your organization. |
About Data Collection Create an Account Collector Collect Account Data |
Create entitlement collectors and collect entitlements to applications and directories in your organization. |
About Data Collection Create an Entitlement Collector Collect Entitlement Data |
Create multi-app collectors and collect accounts and entitlements from data sources that include account and entitlement data for multiple applications. |
About Data Collection Create a Multi-App Account Collector Create a Multi-App Entitlement Collector Collect Multi-App Data |
Create role and data resource collectors if you have purchased the Business Role Manager and Data Access Governance modules and you plan to collect and manage role and data access data.
Task |
Help Source |
Create role collectors and collect roles from data sources for your organization's roles- based access control system. |
About Data Collection Create a Role Collector Collect Role Data |
Note: SecurID Identity Governance & Lifecycle enables you to only collect roles if you do not implement Business Role Manager. |
|
Create data access collectors and collect data resources (e.g., file shares, Sharepoint). |
About Data Collection Create a Data Access Collector Collect Data Access Data |
With the exception of the AveksaAdmin login users, all users who log into SecurID Identity Governance & Lifecycle must be authenticated from an identity or account collector data source.
Task |
Help Source |
Create authentication sources for user logins. |
Managing Log On Authentication Sources |
This section lists the administrative tasks you would typically perform to start administering SecurID Governance & Lifecycle Cloud.
Task |
Help Source |
Assign SecurID Governance & Lifecycle administrator privileges to users as required. |
Managing RSA Identity Governance & Lifecycle Application Privileges How Users Get Aveksa Security Entitlements |
Create attributes you want to collect in addition to the default attributes provided by SecurID Governance & Lifecycle. For example, create a "Cost Center" attribute for users if you want to collect that information. |
Creating and Managing Attributes for RSA Identity Governance and Lifecycle Objects |
Enable product modules you have purchased. For example, enable Business Role Manager if you have purchased the module. |
Specifying System Settings |
Configure application and user interface settings. For example, change the AveksaAdmin password, provide a deployment environment name, and specify user session timeout values. |
Specifying System Settings Specify User Interface Settings |
Schedule database management tasks: database backups and data purging. |
Schedule Database Backups Managing Data Purging |
Schedule data collection. |
Scheduling Data Collection |
Manage all aspects about how users can request password resets for their SecurID Governance & Lifecycle login accounts. |
Managing Account Password Reset Implementation |
Import business descriptions for objects in SecurID Governance & Lifecycle that provide important information about the objects. |
Importing and Exporting Business Descriptions Creating and Managing Business Descriptions |
Configure and use product features.
Task |
Help Source |
Create access certification reviews. For example, create a user access review that enables a department manager to review entitlements for members of a particular department. |
Create a User Access Review |
Create rules that detect inappropriate access users have. For example, create a segregation of duties rule to detect whether users have entitlements that violate your organization's task segregation policies. |
Rules |
Manage how access changes are requested and fulfilled. |
Introduction to Access Request Manager Access Request Forms Creating and Managing Workflows Access Fulfillment Express (AFX) |
Manage roles if your organization manages access to resources using role-based access controls. |
Business Role Manager |