ForgeRock Identity Governance Workshop

Chapter 1: ForgeRock Identity Governance Overview

Lesson 1: Getting Started with Identity Governance

• Describe the role of ForgeRock Identity Governance in the ForgeRock Identity Platform
• Describe the features and benefits provided by Access Request
• Describe the features and benefits provided by Access Review
• Describe the features and benefits provided by Identity Reporting
• List the resources available for implementing ForgeRock Identity Governance

Lesson 2: Assessing the Identity Governance Environment

• Describe the identity management and identity governance roles
• View the seeding data and IDM deployment configuration
• Identify identity governance data

Chapter 2: Access Request

Lesson 1: Getting Started With Access Request

• Describe the main use cases for Access Request
• Describe the roles and responsibilities in managing and using Access Request
• Describe a typical access request process flow

Lesson 2: Configuring Access Request

• Configure the default approvers, display, and search properties
• Update the email notification templates

Lesson 3: Managing Access Requests

• Request access with auto-approval
• Create a requestable bundle
• Create additional access requests (optional challenge)

Lesson 4: Managing the Glossary

• Define the purpose of the Glossary
• Describe how to define a glossary item
• Update the glossary for a new role

Chapter 3: Access Review

Lesson 1: Getting Started With Access Review

• Describe the main use cases for Access Review
• Describe the roles and responsibilities for managing and using Access Request
• Describe a typical access review process flow

Lesson 2: Configuring Access Review

• Describe the global system settings
• Configure the glossary for Access Review
• Modify the notification templates

Lesson 3: Managing User Certifications

• Validate that an end user should have access to an entitlement
• Verify a user certification campaign
• Use the scheduler to launch a user certification process on a periodic basis
• Trigger a user certification based on a user property change
• Define a multi-stage user certification
• Test workflow remediation to revoke a role

Lesson 4: Managing Policy Violations

• Describe the policy violation features
• Describe a typical policy violation process flow
• Create a policy violation rule that detects a toxic combination and remediate as the policy owner

Lesson 5: Managing Role Certifications

• Describe a typical role management process flow
• Create a role certification

Chapter 4: Identity Reporting

Lesson 1: Getting Started With Identity Reporting

• Describe the role and main use case for using Identity Reporting
• Upload the SQL queries for Identity Reporting
• Configure the data sources for accessing report data
• Generate an on-demand report

Chapter 5: Installing ForgeRock Identity Governance

Note that the installation of the ForgeRock Identity Governance software requires more knowledge of IDM than the previous chapters. This chapter can be optional for those not responsible for the installation.

Lesson 1: Installing Access Request

• List the prerequisites for adding Access Request
• Install Access Request
• Perform post-installation tasks

Lesson 2: Installing Access Review

• List the prerequisites for adding Access Review
• Install Access Review
• Perform post-installation tasks
• Explore the changes made to IDM after installing Access Review

Lesson 3: Installing Identity Reporting

• List the prerequisites for using and installing Identity Reporting
• Install Identity Reporting
• Verify Identity Reporting is installed and operational

Lesson 4: Seeding IDM with Identity Governance Data

This lesson is optional, as the method for seeding IDM with identity governance data will vary from developer to developer. Also important is that this seeding script and data might not be available to those outside of ForgeRock.

• Describe the given seeding script package
• Prepare the IDM deployment
• Seed the IDM deployment with identity governance data
• Validate the seeding data and configuration