Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

Introduction

The CoreOne Suite offers different ways to create and manage resources - see Resource Type. Approaching the CoreOne Suite’s access management features, it is important to understand which type of resource best suit your needs. This article should help you to decide between Linked Resources and Managed Resources. In this article, the target system Active Directory is used as an example, as this is one of the most commonly use case amongst the supported target systems.

Resources in the CoreOne Suite are the equivalent of groups in an Active Directory. Due to different terminologies in all the target systems supported by the CoreOne Suite, we’ve settled on the terminology “resources”.

Simply put: A resource is a permission that is assignable to an identity within a target system. In Active Directory terms, this is a group (resource) where users (identities) are added into as members.

Step 1 - Understand the differences between resource types

The following documentation is recommended for a better understanding of what resource types are and what the Cleanup Tasks can do:

Step 2 - Understand the limitations when creating new resources

  • Resources created in within the target system will not be added as resources in the CoreOne Suite automatically. New resources will require some setup before they can be assigned to any Identities, depending on their Management Mode. See: /wiki/spaces/IKB/pages/1796997245 for more information on what these steps are

  • Linked Resources are created in the target system and have to be linked in the CoreOne Suite Admin UI before any membership assignement is possible

  • Managed Resources must not be created in the target system, but rather using the CoreOne Suite Admin UI. Any resources created in the target system should be deleted and then recreated within the CoreOne Suite Admin UI, so that the CoreOne Suite may provision the resource into the target system automatically

  • Task features for resources can be enabled / disabled

    • on the Target System

    • on the Resource Type

  • The task features for Cleanup Tasks to consolidate memberships can be enabled / disabled

    • on the Target System

    • on the Resource Type

  • The Cleanup Tasks should be configured to run on a schedule in order to consolidate memberships

  • Not every System Connector provides every Management Mode

Step 3 - Identify the use case

Where is the resource lifecycle going to be managed?

  • Target System → Linked Resources

  • CoreOne Suite Meta Directory → Managed Resources

Using both Management Modes at the same time is also possible. It might be necessary to mange already existing resources as Linked Resources and new ones as Managed Resources, for example.

Frequently Asked Questions

 Can I use Linked and Managed Resources at the same time?

Yes.

 Does the CoreOne Suite also cleanup unknown objects?

No. Objects that are not present in the CoreOne Suite Meta Directory remain untouched during the Cleanup Tasks. See Reconciliation / Cleanup for more details.

 What will happen if a Linked Ressource is deleted within the Target System?

The change is not visible to the CoreOne Suite Meta Directory. This will lead to errors in the application. See: System monitoring / Health Check for more details.

 What are the necessary steps to delete a Linked Ressource?

Remove any memberships, delete the resource withing the CoreOne Suite Meta Directory, and finally delete the resource in the target system.

 What will happen if a Managed Ressource is deleted in the Target System?

The change is not visible to the CoreOne Suite Meta Directory. This will lead to errors in the application.

  • No labels

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.