Novell Doc: Novell Compliance Management Platform 1.0 SP1 Integration Guide - Installing the Identity De-Provisioning Control

4.4 Installing the Identity De-Provisioning Control

The Identity De-Provisioning Control contains a set of reports and rules to monitor common identity de-provisioning and access violation actions within the enterprise.

Employee TerminationViolation: A report that lists any attempts to access enterprise resources by terminated employees.
IdT - Identity Terminated Employees Rule: A rule that identifies the terminated employees within the enterprise.
IdT - Remove Reactivated Employees Rule: A rule that identifies the reactivated employees within the enterprise.
IdT - Unauthorized Access By Terminated Employees Rule: A rule that identifies unauthorized access by terminated employees within the enterprise.

This control makes a series of assumptions about how terminated employees are handled in the enterprise.

Terminated employees are simply designated as being no longer employed. The Resource Kit enforces this standard by setting the employeeStatus attribute to Inactive for all terminated employees. For more information about this process, see Termination Business Logic in the Identity Manager Resource Kit 1.2 Architecture Reference Guide.

If other methods are used to identify the terminated employees, the IdT - Identify Terminated Employees Rule needs to be modified if your method does not use the employeeStatus attribute.
Modifying the status of the employee automatically triggers disabling of all associated accounts to ensure that the user no longer has access to enterprise resources. If this is not the case in your environment, you might need to modify the IdT - Unauthorized Access By Terminated Employees rule to filter out events from those special accounts. For example, if former employees are still allowed to use an e-mail account.

To install the Identity De-Provisioning Collector:

Launch the Solution Manager by selecting Tools > Solution Pack in the toolbar in the Sentinel Control Center.
Select Identity Tracking Solution Pack, then click Open with Solution Manager.
Select Identity De-Provisioning in the left pane of the Solution Manager, then click Install.
Verify that the Identity De-Provisioning Control is listed, then click Next.
Select your correlation engine from the drop-down list as the location where the Identity De-Provisioning rules are installed.
Select the IdT-Unauthorized Access By Terminated Employees (Deployment), then click Next.
Select whether the Crystal^* server is local or remote by selecting one of the following options:
- Publish to Crystal Server
- Install to Local Directory
Specify the following Crystal server information:
- Server Name: Specify the Crystal server DNS name or IP address.
- User Name: Specify an administrative user for the Crystal server.
- Password: Specify the administrative user’s password.
Click Next after you have specified the Crystal server information.
Review the contents of the Identity De-Provisioning Control, then click Install.
Review the installation summary, then click Finish.