You are on page 1of 92

CAIdentitySuite12.

6:
CAIdentityManagerFoundations200

<Brand><Product>

Clarifier(whatcomesafterthecolon)
LabGuide
LabGuide

04IMG2002S <coursecode>

04IMG2002LG1 <inventorycode>
PROPRIETARYANDCONFIDENTIALINFORMATION

2015CA.Allrightsreserved.CAconfidential&proprietaryinformation.ForCA,CAPartnerandCA
Customeruseonly.Nounauthorizeduse,copyingordistribution.Allnamesofindividualsorofcompanies
referencedhereinarefictitiousnamesusedforinstructionalpurposesonly.Anysimilaritytoanyreal
personsorbusinessesispurelycoincidental.Alltrademarks,tradenames,servicemarksandlogos
referencedhereinbelongtotheirrespectivecompanies.TheseMaterialsareforyourinformational
purposesonly,anddonotformanytypeofwarranty.Theuseofanysoftwareorproductreferencedinthe
Materialsisgovernedbytheendusersapplicablelicenseagreement.CAisthemanufacturerofthese
Materials.ProvidedwithRestrictedRights.

CAIdentitySuite12.6:C
CAIdentityMaanagerFoundaations200

TableofContentss
Lab11B
BuildaCAIdentityManaagerEnvironment1
Lab21A
AcquiretheV
VoonairADEndpoint11
Lab22EExploreandC
CorrelatetheVoonairADEndpoint16
Lab31C
CreateaProvvisioningRole23
Lab32C
CreateanAcctiveDirectoryAccountTTemplate26
Lab33B
BuildAccoun
ntTemplatess28
Lab34A
AssignAccou
untTemplate
estoProvisioningRoles 29
Lab41Im
mplementD dministration41
DelegatedAd
Lab42C
ConfigureSelfService55
PlaceaTaskUnderWorkkflowContro
Lab51P ol65
Appendixx:DynamicLLabEnvironm
mentAccesssandUserG uide79
SelfDirectedLearnin ndInstructions81
ngAccessan
Instructo
orLedClassSSetUp85
BestPracctices87
Troubleshooting88

TOC1

2015CA.Allrightsreeserved.

CAIdentitySu
uite12.6:CAId
dentityManageerFoundationss200

TOC2
T

2015CA.A
Allrightsreserveed.

Module1:ImplementanEnvironmentinCAIdentityManager

Lab11BuildaCAIdentityManagerEnvironment

Goal BuildaCAIdentityManagerenvironmentforVoonairAirlines.

Scenario AsthesystemadministratoratVoonair,youneedtobuildyourCAIdentity
Managerenvironmentsoyoucanstartmanagingusers.
Toestablishyourenvironment,youwill:
CreateaCAIdentityManagerdirectoryandaProvisioningdirectoryby
importingfullyconfigureddirectoryXMLfiles.
Createtheenvironmentusingthewizardandassociateitwiththe
directories.
Accesstheenvironmenttoverifyitisupandrunning.

Time 30minutes

Instructions:

VerifytheCAIdentityManagerServiceisRunning

1. Launchthe04IMG20029imservervirtualmachine(VM).

2. Onthedesktop,doubleclicktheServicesshortcut.

3. IntheServiceswindow,verifythattheJBossEAP6serviceisrunning.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 1
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager

4. Ifitisnotrunning,dothefollowing:
a. RightclicktheJBossEAP6serviceandclickStart.


b. WaitafewmomentsuntilthestatuschangestoRunning.
c. ClosetheServiceswindow.

VerifyCAIdentityManagerisUpandRunning

5. Fromthesystemtaskbar,launchInternetExplorer.

6. OntheFavoritesbarofInternetExplorer,clicktheManagementConsoleshortcut.
TheloginpagefortheManagementConsoleappears.

7. LogintotheManagementConsoleusingthefollowingcredentials:
Username imadmin
Password caeducation

ThehomepageoftheManagementConsoleappears.

VerifyCADirectoryisRunningProperly

8. Onthedesktop,rightclicktheStartbuttonandclickCommandPrompt(Admin).

9. Atthecommandprompt,enterthefollowing:
dxserverstatus

2 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager


ThesystemverifiesthatthefollowingCADirectoryservicesarerunning:

CreatetheVoonairDirectory
YouwillcreatetheCAIdentityManagerdirectorybyimportingafullyconfigureddirectoryXMLfile.
ThenameofthedirectoryisVoonair.

Note:Youcancopyandpastethecommandsfromthecommands.txtfilelocatedinthe
C:\ClassFilesfolder.

10. Atthecommandprompt,enterthefollowing:
cdC:\ClassFiles

11. Tocreatethenewvoonairdirectory,enterthefollowingcommand:
dxnewdsavoonair3895dc=security,dc=com


12. Toinstallthevoonairservice,enterthefollowingcommand:
dxserverinstallvoonair

13. Tostopthevoonairdirectory,enterthefollowingcommand:
dxserverstopvoonair

14. Toloaduserinformationintothevoonairdirectory,enterthefollowingcommand:
dxloaddbvoonairvoonair.ldif

15. Tostartthevoonairdirectory,enterthefollowingcommand:
dxserverstartvoonair

16. Toviewthestatusofthedirectories,enterthefollowingcommand:
dxserverstatus

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 3
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager

Thesystemverifiesthatthefollowingservicesarerunningincludingthevoonairservice:


17. IntheManagementConsole,clicktheDirectorieslink.
TheDirectoriespageappearswhichprovidesalistofallthedirectoriesthatyouwillcreatein
yourCAIdentityManagerimplementation.Sinceyouhavenotcreatedanydirectoriesyet,the
onlydirectoryhereatthispointisAuthenticationDirectory,whichisinstalledbydefaultwith
theinstaller.

18. OntheDirectoriespage,clickCreateorUpdatefromXML.

19. OntheImportDirectorypage,clickBrowse.

20. BrowsetotheC:\ClassFilesfolderanddoubleclicktheVoonairDirectory.xmlfile.

21. ClickNext.

22. Providethefollowinginformationforthedirectory:
Note:CopytheUserDNfromthecommands.txtfilelocatedintheC:\ClassFilesfolder.
Name Voonair
Description <Addanoptionaldescription>
ConnectionObjectName voonair
Host imserver
Port 3895
UserDN uid=VoonairAdministrator,ou=People,ou=Employee,ou=
Voonair,dc=security,dc=com
Password Password01
ConfirmPassword Password01

23. ClickNext.

24. ClickFinish.
Thedirectoryconfigurationstartsandshouldcompletewith0errors.Youmightgetsome
warningsbutyoucanignorethose.

25. ClickContinue.

4 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager


26. YouhavesuccessfullycreatedyournewVoonairdirectoryanditnowappearsonthe
Directoriespage.

CreatetheProvisioningDirectory
YouwillcreatetheProvisioningDirectorybyimportingafullyconfigureddirectoryXMLfile.The
nameofthedirectoryisProvisioning.

27. OntheDirectoriespage,clickCreateorUpdatefromXML.

28. OntheImportDirectorypage,clickBrowse.

29. BrowsetotheC:\ProgramFiles(x86)\CA\IdentityManager\IAMSuite\Identity
Manager\tools\directoryTemplates\ProvisioningServerfolderanddoubleclickthe
Directory.xmlfile.

30. ClickNext.

31. Providethefollowinginformationfortheprovisioningdirectory:
Name Provisioning
Description <Addanoptionaldescription>
ConnectionObjectName provisioning
Host imserver
ProvisioningDomain im
Username imadmin
Password caeducation
ConfirmPassword caeducation

32. ClickNext.

33. ClickFinish.
Thedirectoryconfigurationstartsandshouldcompletewith0errors.Youmightgetsome
warningsbutyoucanignorethose.
CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 5
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager

34. ClickContinue.
Youhavesuccessfullycreatedtheprovisioningdirectoryanditnowappearsonthe
Directoriespage.

CreatetheVoonairEnvironment
Now,youwillcreatetheenvironmentusingthewizard.Itwillpromptyouforthefollowing
information:
Environmentname,description,andURLinformation.
CAIdentityManagerdirectoryandprovisioningtoassociatewiththeenvironment
URLaliasforpublictasksandauserforanonymousauthentication
Tasksandrolestocreatefortheenvironment
RoleDefinitionfilestocreatesetsofdefaulttasksforyourenvironment
UsertoserveastheSystemManagerfortheenvironment
CAIdentityManageradministratoraccountthatcanexecuteadmintasks

35. IntheManagementConsole,clicktheHomelink.

36. IntheManagementConsole,clicktheEnvironmentslink.

37. OntheEnvironmentspage,clickNew.

38. OntheNewEnvironmentpage,providethefollowinginformationforyournewenvironment:
EnvironmentName Voonair
Description <Addanoptionaldescription>
URLAlias voonair

6 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager

39. ClickNext.

40. Youneedtoassociateadirectorywithyournewenvironment,soselecttheVoonairdirectory
thatyoucreatedearlierandclickNext.

41. Youneedtoassociateaprovisioningdirectorywithyournewenvironment,soselectthe
ProvisioningdirectorythatyoucreatedearlierandclickNext.

42. Providethefollowinginformationsoyournewenvironmentcanexposepublictasks:
URLAliasforPublicTasks voonair_pub
UserforAnonymousAuthentication selfreguser

43. ClickValidateandmakesurethesystemreturnsauniquename.

44. ClickNext.

45. SelectCreatedefaultroles(recommended)andclickNext.

46. ToimportActiveDirectoryroledefinitionsforthisenvironment,selectActiveDirectory.

47. ScrolldowntothebottomofthepageandclickNext.

48. IntheSystemManagerfield,typethefollowing:
superadmin

49. ClickAdd.

50. ClickNext.

51. IntheInboundAdministratorfield,typethefollowing:
superadmin

52. ClickValidateandmakesurethesystemreturnsauniquename.

53. ClickNext.

54. Specifycaeducationasthepasswordtoencryptsecretkeysinyourenvironmentandconfirm
thepassword.

55. ClickNext.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 7
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager

56. ReviewthesettingsforyournewenvironmentandclickFinish.
Theenvironmentconfigurationstartsandtakesafewminutestocomplete.Itshouldfinishwith
0errors,whichistheminimumrequirementtoproceed.Youmightgetsomewarningsbutyou
canignorethose.

57. ClickContinue.
YouhavesuccessfullycreatedtheVoonairenvironmentanditnowappearsonthe
Environmentspage.


58. IntheNamecolumn,clickthelinkfortheVoonairenvironment.

59. OntheEnvironmentPropertiespagefortheVoonairenvironment,intheStatusrow,clickStart.
TheenvironmentstartsandthestatuschangestoRunning.

AccesstheVoonairEnvironment
Nowyoucanaccesstheenvironmenttoverifyitisupandrunning.

60. IntheAddressbar,typethefollowingURLandpressEnter:
http://imserver.voonair.local:8080/iam/im/voonair
TheloginpagefortheCAIdentityManagerUserConsoleappears.

61. BookmarkthepreviousURLandnameitUserConsole.DragittotheFavoritesbarforeasy
accesslater.

62. LogintotheUserConsoleusingthefollowingcredentials:
Username superadmin
Password Password01

8 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager


TheVoonairenvironmentthatyoucreatedappearsintheUserConsole.


YouhavesuccessfullycreatedanenvironmentforVoonairinCAIdentityManager.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 9
2015CA.Allrightsreserved.
Module1:ImplementanEnvironmentinCAIdentityManager

10 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints

Lab21AcquiretheVoonairADEndpoint

Goal AcquiretheVoonairActiveDirectoryendpoint.

Scenario NowthatyouhaveyourCAIdentityManagerenvironmentupandrunning,you
canstartacquiringendpoints.AtVoonairAirlines,theprimaryendpointisan
ActiveDirectoryendpointthatholdstheuseridentitiesacrossvariouscontainers.
ToimporttheseusersintoCAIdentityManager,youneedtoacquiretheendpoint
first.

Time 20minutes

Instructions:

VerifytheActiveDirectoryEndpointEnvironmentisUpandRunning

1. Launchthe04IMG20029directoryservervirtualmachine(VM).

2. Onthedesktop,doubleclicktheActiveDirectoryUsersandComputersshortcut.

3. IntheActiveDirectoryUsersandComputerswindow,undervoonair.local,verifythatthe
ContractorsandEmployeescontainersexist.ThesearetheActiveDirectoryuserstoresfor
VoonairAirlinesthatyouwillusethroughoutthisclass.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 11
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints

4. ExpandtheContractorscontainerandverifythatithasthefollowingsubcontainers:


5. ExpandtheEmployeescontainerandverifythatithasthefollowingsubcontainers:


NoticetheadditionalExecutivesubcontainerintheEmployeescontainer.

6. IntheContractorsandEmployeescontainers,clickeachsubcontainertoviewtheActive
DirectoryusersinVoonairAirlinesthatyouwillbemanagingthroughoutthisclass.
Note:IntheContractorscontainer,somesubcontainersmightbeempty,thisisfine.


12 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints


Inthisclass,youwillacquirealloftheseusersandexplore/correlatethemintotheCAIdentity
Managerenvironment.Nowthatyouhaveverifiedthatallofthecontainers,subcontainers,
andusersexistinActiveDirectory,youcanstarttheprocessofacquiringtheVoonairActive
Directoryendpoint.Butbeforeyoudothat,youneedtoaddthedepartmentattributetothe
AttributeMappingsontheProvisioningServer.

AddDepartmentAttributetoAttributeMappings
YoudothistomakesurethedepartmentattributeisimportedfromActiveDirectorywhenyou
performtheExploreandCorrelateoperationaftertheendpointisacquired.You'lldoanExplore
andCorrelateinthenextlabexercise.

7. Launchthe04IMG20029imservervirtualmachine(VM).

8. OntheFavoritesbarofInternetExplorer,clicktheManagementConsoleshortcut.
Ifyouarepromptedtologinagain,usethefollowingcredentials:
Username imadmin
Password caeducation

9. IntheManagementConsole,clicktheEnvironmentslink.

10. OntheEnvironmentspage,intheNamecolumn,clickthelinkfortheVoonairenvironment.
ThepropertiesfortheVoonairenvironmentappear.

11. IntheProvisioningServerrow,totherightoftheProvisioninglink,clickthegreenarrow.
TheProvisioningpageappears.

12. ScrolldowntotheAttributeMappingssection.

13. ToaddthedepartmenttotheAttributeMappings:
a. IntheUserAttributelist,selectdepartmentNumber.
b. IntheProvisioningAttributelist,selecteTDepartment.
c. ClickAdd.
YoudothisbecauseyouwanttopullthedepartmentattributefromActiveDirectoryinto
ourglobaluserthatwillbestoredinthecorporateuserstore(CAIdentityManager
directory).

14. ClickSave.
Youwillbepromptedtorestarttheenvironment.

15. ClickRestartEnvironment.


CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 13
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints

AcquiretheVoonairActiveDirectoryEndpoint
NowgoaheadandusetheCreateEndpointtasktoacquiretheendpoint.

16. OntheFavoritesbarofInternetExplorer,clicktheUserConsoleshortcut.Ifyoursessionhas
timedout,logbackinasthesuperadminuserwithapasswordofPassword01.

17. IntheTasksmenu,expandEndpoints.

18. ExpandManageEndpointsandclickCreateEndpoint.

19. IntheCreateanewendpointofEndpointTypelist,selectActiveDirectory.

20. ClickOK.

21. OntheEndpointtab,providethefollowinginformation:
Endpoint VoonairAD
Description <Addanoptionaldescription>
HostName directoryserver.voonair.local
UserID Administrator
Password caeducation

22. ClicktheSecuritytabandmakesureUseLDAPSSLEncryption(Recommended)isselected.

Note:Ifyoudonotenablethisoption,thenresettingpasswordsandsomeoftheother
securityrelatedfeatureswillnotwork.

Note:TheSSLCertificatehasalreadybeenimportedintothislabenvironment.Inareal
deployment,youwouldneedtoexporttheSSLCertificatefromyourdomaincontrollerhost
andimportitintotheconnectorserverhost.Formoreinformation,seetheCAIdentity
ManagerWiki.

23. ClicktheEndpointSettingstab.

Bydefault,theAccountOptionsonDeletesettingisconfiguredsothatAccountswillbe
deletedfromboththeprovisioningdirectoryandthemanagedendpoint.Forthisclass,you
wanttochangethisoptionsotheaccountisleftunchangedonthemanagedendpoint.Thisis
tomakesureyoudonotaccidentallydeleteusersfromActiveDirectory.

24. ChangetheAccountOptionsonDeletesettingtoAccountswillbedeletedfromthe
provisioningdirectory,butleftunchangedonthemanagedendpoint.

14 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints


25. ClickSubmit.
Youwillreceiveaconfirmationthatthetaskforcreatingtheendpointhasbeensubmitted.


YouhavesuccessfullyacquiredtheVoonairActiveDirectoryendpoint.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 15
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints

Lab22ExploreandCorrelatetheVoonairADEndpoint

Goal ExploreandCorrelatetheVoonairActiveDirectoryendpoint.

Scenario NowthatyouhaveacquiredtheVoonairADendpoint,youcandefineanExplore
andCorrelateoperationandexecuteitagainsttheendpoint.Theoperationwill
discoverobjectsintheacquiredendpointandstoreinstancesoftheminthe
provisioningdirectory.Itwillthentrytoassociateeveryaccountdiscoveredinthe
endpointtoanexistingglobaluserintheCAIdentityManagerdirectory
(corporateuserstore).Iftheuserdoesnotyetexistinthedirectory,itwillbe
created.

Time 30minutes

Instructions:

CreateanExploreandCorrelateDefinition
ToperformanExploreandCorrelate,firstyouneedtocreateanExploreandCorrelatedefinition,
whichyoucandothroughtheUserConsole.

1. IntheCAIdentityManagerUserConsole,expandEndpoints.

2. ExpandExploreAndCorrelateDefinitions.

3. ClickCreateExploreAndCorrelateDefinition.

4. MakesuretheCreateanewobjectoftypeExploreandCorrelateoptionisselected.

5. ClickOK.
TheCreateExploreAndCorrelateDefinitionpageappears.

6. IntheExploreandCorrelateNamefield,typethefollowing:
E&CVoonairAD

7. ClickSelectContainer/Endpoint/ExploreMethod.

8. UnderSearchforendpoints,selectActiveDirectoryfromthedropdownlistandthenclick
Search.

9. UnderSearchResults,selecttheVoonairADendpointyoucreatedearlierandthenclickSelect.

10. UnderSearchforacontainer,clickSearch.

16 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints


UnderSearchResults,CAIdentityManagerreturnsalistofcontainersthatcamefromtheVoonair
ActiveDirectoryendpointthatyouacquiredearlier.Donotselectallcontainers,thiswillonly
createproblems.Youonlywanttoselectthecontainersthatholdtheusersyouneedtomanage.

11. SelectthefollowingcontainersandclickSelect:


12. Selectthecheckboxesasshownbelow:

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 17
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints

YouselecttheCreateusersasneededoptionbecauseyouonlyhaveafewusersinyour
corporateuserstoreatthispoint,fromthedirectoryimportthatyouperformedearlier.The
ExploreandCorrelateprocess,asconfiguredhere,willpopulatethecorporateuserstorewith
alltheActiveDirectoryusersfromtheVoonairendpoint.

13. ClickSubmit.
YouwillreceiveaconfirmationthatthetaskforcreatingtheExploreandCorrelatedefinition
hasbeensubmitted.

ExecutetheExploreandCorrelate
Youhavecompletedtheconfiguration,sogoaheadandexecutetheExploreandCorrelate
operationimmediately.

14. IntheTasksmenu,underEndpoints,clickExecuteExploreAndCorrelate.

15. SelectExecutenowandthenNext.

16. ClickBrowseandthenclickSearch.

17. UnderSearchResults,selectE&CVoonairADandclickSelect.

18. VerifythatthecorrectExploreandCorrelatedefinitionwasselectedandclickFinish.
YouwillreceiveaconfirmationthatthetaskforexecutingtheExploreandCorrelatehasbeen
submitted.


19. ToviewthestatusoftheExploreandCorrelateimportprocess,expandSystemandclickView
SubmittedTasks.

20. ClickSearch.

18 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints


21. ExaminethestatusoftheExploreandCorrelateimportprocessandclickRefreshtogetan
updatedstatusifneeded.

VerifytheUserImportintotheCorporateUserStore
Withtheexecutionnowcompleted,youcanverifytheimportwassuccessfulbyviewingtheusers
inthecorporateuserstore.

22. IntheTasksmenu,expandUsers.

23. ExpandManageUsersandclickModifyUser.

24. UnderSearchforauser,clickSearch.

UnderSearchResults,youcanseealloftheusersinyourcorporateuserstorethatwerepulled
infromActiveDirectoryendpointbytheExploreandCorrelateprocess.Noticetheorganization
nameisVoonairforalloftheusersthatyouacquiredfromActiveDirectory.Fortheotherusers
suchasSuperAdmin,VoonairAdministrator,andSelfRegUser(fromthedirectoryimportthat
youperformedwhenyousetupyourenvironment),theorganizationnameisEmployee.For
anyuserbasedtasksgoingforwardinthisclass,youwillbeusingtheVoonairusers.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 19
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints

AddDepartmenttotheDefaultUserSearch
Bydefault,theusersearchresultsonlyshowtheorganizationthatauserbelongsto.Youwantto
beabletoseethedepartmenttooandsearchforusersbydepartment.

25. IntheTasksmenu,expandRolesandTasks.

26. ExpandAdminTasksandclickModifyAdminTask.

27. UnderSearchforanAdmintask,setthefollowingsearchcriteriaandclickSearch.


28. UnderSearchResults,selectModifyUserandclickSelect.

29. ClicktheSearchtab.

30. ClickBrowse.

31. UnderSelectScreenDefinition,selectDefaultUserSearchandclickEdit.

32. UnderConfigureStandardSearchScreen,scrolldowntothesectioncalledSelectthefieldsthe
usercansearchon.

33. Inthedropdownlist,selectDepartment.
ThescreenrefreshesandDepartmentisaddedtothelistoffieldsthatausercansearchon.You
willneedtoscrolldownagaintoseethis.

34. ScrolldowntothesectioncalledSelectthefieldsthatappearinthesearchresults.

35. Inthedropdownlist,selectDepartment.
ThescreenrefreshesandDepartmentisaddedtothelistoffieldsthatappearinsearchresults.
Youwillneedtoscrolldownagaintoseethis.

36. TomaketheDepartmentfieldsortable,selectthecheckboxforitintheSortablecolumn.


Again,thescreenwillrefreshandyouwillneedtoscrolldowntoseethecheckboxselected.

20 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints


37. ScrolltothebottomofthepageandclickOK.

NowyoucangobackandrunausersearchtoverifythatDepartmentappearsinsearchcriteria
andresults.

38. IntheTasksmenu,expandUsers.

39. ExpandManageUsersandclickModifyUser.
Ifyougetamessageaboutlosingyourchangesifyoucontinue,clickYes.

40. UnderSearchforauser,noticethatyoucannowselectDepartmentasasearchparameterin
thedropdownlist.


41. UnderSearchforauser,clickSearch.

UnderSearchResults,youcanseethenewDepartmentcolumnthatyouaddedtothesearch
resultsforthedefaultusersearchandthedifferentdepartmentsthattheVoonairusersbelong
to(BackOffice,IT,FlightOperations,CustomerService,andsoon).Youwillusethese
departmentsinlaterlabs.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 21
2015CA.Allrightsreserved.
Module2:ManageCAIdentityManagerEndpoints

22 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning

Lab31CreateaProvisioningRole

Goal CreateaprovisioningrolefortheFlightOperationsdepartmentatVoonair.

Scenario NowthatyouhaveExploredandCorrelatedtheVoonairActiveDirectory
endpoint,youcanstarttocreateprovisioningrolessoyoucanassignActive
Directoryaccountstoanynewusersthatyoucreategoingforward.Tobegin,you
willcreateaprovisioningrolethatcanbeassignedtoanynewuserswhojointhe
FlightOperationsdepartmentatVoonair.

Time 15minutes

Instructions:

SettheProvisioningRoleProfile
BasethenameoftheprovisioningroleontheFlightOperationsdepartmentatVoonair.

1. IntheUserConsole,expandRolesandTasks.

2. ExpandProvisioningRolesandclickCreateProvisioningRole.

3. SelectCreateanewprovisioningroleandthenclickOK.

4. OntheProfiletab,intheNamefield,typethefollowing:
FlightOperations

ConfiguretheAdminPolicyfortheProvisioningRole
DefinetheadminpolicysothatonlyuserswhoaremembersoftheSystemManageradminrole
canbeadministratorsofthisprovisioningrole.Includeascoperulethatletsadministratorsofthis
provisioningrolemanageallusers.

5. ClicktheAdministratorstab.

6. ClickAdd.

7. UnderAdminRule,intheUsersdropdownlist,selectWhoaremembersof<rolerule>.

8. Inthedropdownlistthatsubsequentlyappears,selectadminrole<adminrole>.

9. ClickBrowse.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 23
2015CA.Allrightsreserved.
Module3:DeployProvisioning

10. UnderSearchforanadminrole,clickSearch.

11. ScrolldowntheSearchResults,selecttheSystemManagerrole,andclickSelect.

12. UnderScopeRule,intheUsersdropdownlist,select(all).

13. MakesurethatCanmanagemembersofthisProvisioningRoleandCanmanage
administratorsofthisProvisioningRoleareselected.

Yourcompletedadminpolicyshouldlooklikethis:


14. ClickOK.
Yournewadminpolicyappearsinatableformat.

ConfiguretheOwnerPolicyfortheProvisioningRole
DefinetheownerpolicysothatonlyuserswhoaremembersoftheSystemManageradminrole
canbeownersofthisprovisioningrole.

15. ClicktheOwnerstab.

16. ClickAdd.

17. UnderOwnerRule,intheUsersdropdownlist,selectWhoaremembersof<rolerule>.

18. Inthedropdownlistthatsubsequentlyappears,selectadminrole<adminrole>.

19. ClickBrowse.

24 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning


20. UnderSearchforanadminrole,clickSearch.

21. ScrolldowntheSearchResults,selecttheSystemManagerrole,andclickSelect.

Note:TheSystemManageristhesuperadmin.Inrealusecases,youmaywanttohavedifferent
managersadministeringandowningdifferentroles.Inthislab,thesuperadmindoesitall.

Yourcompletedownerpolicyshouldlooklikethis:


22. ClickOK.
Yournewownerpolicyappearsinatableformat.


23. ClickSubmit.

VerifytheProvisioningRoleExists
UsetheViewProvisioningRoletasktoverifythenewprovisioningrolewascreatedsuccessfully.

24. IntheTasksmenu,underProvisioningRoles,clickViewProvisioningRole.

UnderSearchResults,youwillseethenewFlightOperationsprovisioningrolethatyoucreated.


YouhavesuccessfullycreatedtheFlightOperationsprovisioningrole.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 25
2015CA.Allrightsreserved.
Module3:DeployProvisioning

Lab32CreateanActiveDirectoryAccountTemplate

Goal CreateanActiveDirectoryaccounttemplate.

Scenario Nowthatyouhavedefinedyourfirstprovisioningrole,youneedtocreatean
accounttemplatethatyoucanassigntoit.Theaccounttemplatewilldefinethe
ActiveDirectoryaccountcharacteristicsfortheFlightOperationscontaineronthe
VoonairADendpoint.

Time 10minutes

Instructions:

CreatetheAccountTemplate
CreatetheActiveDirectoryaccounttemplatebycreatingacopyofanexistingtemplateofthe
sametypeandtailoringthatcopytomeetyourneeds.

1. IntheUserConsole,expandEndpoints.

2. ExpandManageAccountTemplatesandclickCreateAccountTemplate.

3. SelectCreateacopyofanaccounttemplate.

4. UnderSearchforaccounttemplates,intheSearchforanaccounttemplateofEndpointType
list,selectActiveDirectory.

5. ClickSearch.

6. UnderSearchResults,selecttheADSAccountPolicytemplateandclickOK.

7. OntheAccountTemplatetab,changetheAccountTemplateNametoADSFlightOperations.

8. ClicktheEndpointstabandclickAddActiveDirectoryEndpoint.

9. ClickSearch.

10. UnderSearchResults,selecttheVoonairADendpointthatyoucreatedinanearlierlaband
clickSelect.

11. ClicktheAccountContainertabandclickBrowse.

26 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning


12. SelectFlightOperationswheretheADSOrgUnit=EmployeesandclickSelect.

13. ClickSubmit.

VerifytheAccountTemplateExists
UsetheViewAccountTemplatetasktoverifythenewaccounttemplatewascreatedsuccessfully.

14. IntheTasksmenu,underManageAccountTemplates,clickViewAccountTemplate.

15. UnderSearchforaccounttemplates,intheSearchforanaccounttemplateofEndpointType
list,selectActiveDirectory.

16. ClickSearch.

UnderSearchResults,youwillseethenewADSFlightOperationsaccounttemplatethatyou
created.


YouhavesuccessfullycreatedanActiveDirectoryaccounttemplate.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 27
2015CA.Allrightsreserved.
Module3:DeployProvisioning

Lab33BuildAccountTemplates

Goal BuildaccounttemplatesforotherActiveDirectorycontainers.

Scenario Usingthesameprocessfromthepreviouslab,buildtheremainingaccount
templatesfortheothercontainersfromtheVoonairActiveDirectoryendpoint.

Time 20minutes

Instructions:

BuildAccountTemplatesforOtherActiveDirectoryContainers

1. IntheUserConsole,expandEndpoints.

2. ExpandManageAccountTemplatesandclickCreateAccountTemplate.

3. SelectCreateacopyofanaccounttemplate.

4. UnderSearchforaccounttemplates,intheSearchforanaccounttemplateofEndpointType
list,selectActiveDirectory.

5. ClickSearch.

6. UnderSearchResults,selecttheADSFlightOperationstemplateandclickOK.

7. ChangetheAccountTemplateNametoADSMaintenanceandSupport.

8. ClicktheAccountContainertabandclickBrowse.

9. UnderSearchResults,selectMaintenanceandSupportwheretheADSOrgUnit=Employeesand
clickSelect.

10. ClickSubmit.

11. Repeatsteps3to10tocreateaccounttemplatesforthefollowingcontainers:
Executive
CustomerService
BusinessOperations
InformationTechnology
Note:MakesureyouselecttheAccountContainerswheretheADSOrgUnit=Employees.

12. UsingtheViewAccountTemplatetask,verifythenewaccounttemplateswerecreated.
28 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning

Lab34AssignAccountTemplatestoProvisioningRoles

Goal Assignaccounttemplatestoprovisioningroles.
Youarenowreadytobeginusingtheprovisioningpartoftheproductandyou
Scenario
feelyouhaveeverythingsetupthewayitmustbe.However,theauditorshave
doneareviewofthecapabilitiesgrantedusingthedefault,builtinadminroles
andhavecometotheconclusionthattheydonot,inallcases,grantthe
appropriatelevelofaccess.Therefore,theyarerequestingthatyoucreate
additionaladminrolesthathaveasubsetorsupersetoftheaccessesgrantedby
thebuiltinadminroles.
Oneoftheissuesuncoveredintheauditwasthatthereweretoomanypeople
whowereadministeringuserIDwithoutfollowingthecorporatepoliciesfor
standardsanddocumentation.Toresolvethisproblem,Managementdecided
thatanyonewhohaduseradministrationresponsibilitiesneededtoreporttothe
manageroftheSupportdepartmentsothattherecouldbesomekindofcontrol
overtheadministrationoftheuserIDandtomakesurethattheproper
documentationwasinplace.However,therewasconcernaboutmakinga
wholesalechangeoftransferringeveryonewithuseradministrationcapabilityto
theSupportdepartment.Therefore,itwasdecidedtorunatestcasebysettingup
thenewfunctionwithascopeoftheSupportdepartmentandtheInformation
Technologydepartment.Then,ifthingswentasplanned,theycouldexpandthe
functionalitytoincludethewholecompany.Todothis,youneedtocreateanew
AdminRole.
However,beforeanythingisdonewithanewrole,youneedtocreatethe
requiredProvisioningRolessotheycanbeusedaspartofthefunctionalityofthe
newAdminRole.

Time 60minutes

Instructions:

AssignanAccountTemplatetotheFlightOperationsProvisioningRole
UsetheModifyProvisioningRoletasktoassigntheActiveDirectoryaccounttemplateyoucreated
inapreviouslab(ADSFlightOperations)totheFlightOperationsprovisioningrole.

1. IntheUserConsole,expandRolesandTasks.

2. ExpandProvisioningRolesandclickModifyProvisioningRole.

3. UnderSearchResults,selecttheFlightOperationsprovisioningroleandclickSelect.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 29
2015CA.Allrightsreserved.
Module3:DeployProvisioning

4. ClicktheAccountTemplatestabandclickAddAccountTemplate.

5. Undersearchforaccounttemplates,selectActiveDirectoryfromthedropdownlistandclick
Search.

6. UnderSearchResults,selecttheADSFlightOperationsaccounttemplateandclickSelect.
Goingforward,wheneverauserisassignedtheFlightOperationsprovisioningrole,theywill
getanActiveDirectoryaccountbasedontheADSFlightOperationsaccounttemplate.

7. ClickSubmit.
Youwillreceiveaconfirmationthatthetaskhasbeencompleted.

CreateaProvisioningRoleforMaintenanceandSupport
CreateaprovisioningrolethatcanbeassignedtoanynewuserswhojointheMaintenanceand
SupportdepartmentatVoonair.AssigntheActiveDirectoryaccounttemplateyoucreatedina
previouslab(ADSMaintenanceandSupport)totheprovisioningrole.

1. IntheUserConsole,expandRolesandTasks.

2. ExpandProvisioningRolesandclickCreateProvisioningRole.

3. SelectCreateacopyofaprovisioningroleandclickOK.

4. UnderSearchforaprovisioningrole,clickSearch.

5. UnderSearchResults,selecttheFlightOperationsprovisioningroleandclickOK.

6. OntheProfiletab,changethenameoftheprovisioningroletoMaintenanceandSupport.

7. ClicktheAccountTemplatestabandclickAddAccountTemplate.

8. Undersearchforaccounttemplates,selectActiveDirectoryfromthedropdownlistandclick
Search.

9. UnderSearchResults,selecttheADSMaintenanceandSupportaccounttemplateandclick
Select.

10. OntheAccountTemplatestab,removetheADSFlightOperationsaccounttemplateby
clickingtheredminusiconattheendoftherowintheaccounttemplatestable.



Goingforward,wheneverauserisassignedtheMaintenanceandSupportprovisioningrole,
theywillgetanActiveDirectoryaccountbasedontheADSMaintenanceandSupportaccount

30 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning


template.TheAdministratorsandOwnersofthisprovisioningrolewillbescopedlater.Fornow
theyaresettotheSystemManageradminrole.

11. ClickSubmit.
Youwillreceiveaconfirmationthatthetaskhasbeencompleted.

12. ToverifythenewMaintenanceandSupportprovisioningrolewascreatedsuccessfully,under
ProvisioningRoles,clickViewProvisioningRole.

13. UnderSearchResults,youwillseethenewMaintenanceandSupportprovisioningrolelisted
withtheFlightOperationsprovisioningrolethatyoucreatedearlier.


Note:Atthispoint,youwouldtypicallycreateprovisioningrolesfortheremainingdepartments
andassociatethemtotheircorrespondingaccounttemplatesthatyoucreatedearlier.
However,sincetheroleswillnotbeusedinfuturelabs,thereisnorequirementforyoutodo
this.

CreateaCustomAdminRole
CreateacustomadminrolecalledVoonairHelpdeskbycreatingacopyoftheoutofthebox
UserManageradminroleandaddingtheadmintaskforresettinguserpasswordstothecustom
role.

1. IntheUserConsole,expandRolesandTasks.

2. ExpandAdminRolesandclickCreateAdminRole.

3. SelectCreateacopyofanadminroleandclickOK.

4. UnderSearchforanadminrole,clickSearch.

5. UnderSearchResults,selecttheUserManageradminroleandclickOK.

6. OntheProfiletab,changethenameoftheadminroletoVoonairHelpdesk.

7. ClicktheTaskstab.
Mostofthetasksfortherolearepredefinedbecauseyouarecopyingoneoftheoutofthebox
adminroles.YoujustneedtoaddoneadditionaltaskcalledResetUserPassword.

8. IntheAddTasklist,selecttheResetUserPasswordtask.
TheResetUserPasswordtasknowappearsinthelistoftasksfortherole.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 31
2015CA.Allrightsreserved.
Module3:DeployProvisioning

9. ClicktheMemberstab.
YouneedtodefinethememberpolicysothatonlyuserswhobelongtotheMaintenance
departmentcanbemembersofthisadminrole.Includeascoperulethatletsmembersofthis
adminrolemanageonlyusersintheMaintenancedepartment.

10. ClickAdd.
YouaregoingtodefinethememberpolicyusingtheDepartmentuserattribute.

11. IntheUsersdropdownlist,selectwhere<userfilter>.

12. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueof
Maintenance.


13. UnderAddnewscopingrule,selectUserfromthedropdownlist.

14. IntheUserdropdownlist,selectwhere<userfilter>.

15. Inthedropdownlist,select<userattribute><comparator><value>.

16. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueof
Maintenance.


17. ClickOK.
YourcompletedmemberpolicyfortheVoonairHelpdeskadminroleappears.

32 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning


Forthisadminrole,youwillacceptthedefaultsettingthatenablesadministratorstoaddand
removerolemembers.Forthissetting,youneedtospecifyanAddactiontodefinewhat
happenswhenauserisaddedasamemberofthisadminrole.TheAddactionmustmakethe
usermeetthememberrule.Optionally,youcanspecifyaRemoveactiontodefinewhat
happenswhenauserisremovedasamemberofthisadminrole.TheRemoveactionmust
preventtheuserfrommeetingthememberrule.YouwillonlysetanAddactionhere.


18. UnderAddAction,selectSetDepartmentto"Maintenance"fromthedropdownlist.

19. ClicktheAdministratorstab.
DefinetheadminpolicysothatonlyuserswhoaremembersoftheSystemManageradminrole
canbeadministratorsofyourVoonairHelpdeskadminrole.Includeascoperulethatlets
administratorsofyourVoonairHelpdeskadminrolemanageallusers.

20. ClickAdd.

21. UnderAdminRule,intheUsersdropdownlist,selectWhoaremembersof<rolerule>.

22. Inthedropdownlistthatsubsequentlyappears,selectadminrole<adminrole>.

23. ClickBrowse.

24. UnderSearchforanadminrole,clickSearch.

25. ScrolldowntheSearchResults,selecttheSystemManagerrole,andclickSelect.

26. UnderScopeRule,intheUsersdropdownlist,select(all).

27. MakesurethatCanmanagemembersofthisAdminRoleandCanmanageadministratorsof
thisAdminRoleareselected.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 33
2015CA.Allrightsreserved.
Module3:DeployProvisioning

Yourcompletedadminpolicyshouldlooklikethis:


28. ClickOK.
Yournewadminpolicyappearsinatableformat.


29. ClicktheOwnerstab.
Becauseyoucreatedacopyofanexistingadminrole,theownerofyourVoonairHelpdesk
roleisalreadypredefinedforyou.Inthiscase,theownerpolicyisconfiguredsothatonlyusers
whoaremembersoftheSystemManageradminrolecanbeownersofyourVoonair
Helpdeskadminrole.


30. ClickSubmit.
Youwillreceiveaconfirmationthatthetaskhasbeencompleted.

31. ToverifythenewVoonairHelpdeskadminrolewascreatedsuccessfully,underAdminRoles,
clickViewAdminRole.

32. UnderSearchResults,scrolldowntothebottomandyouwillseethenewVoonairHelpdesk
adminrole.

34 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning

ModifytheMaintenanceandSupportProvisioningRole
AddanAdminPolicytoallowadminrolemembersofVoonairHelpdesktoaddandremove
members(notadministrators)totheMaintenanceandSupportprovisioningrole.Includea
scopingruletoallowtheVoonairHelpdeskmemberstoonlymanageusersintheMaintenance
department.

1. IntheUserConsole,expandRolesandTasks.

2. ExpandProvisioningRolesandclickModifyProvisioningRole.

3. UnderSearchResults,selecttheMaintenanceandSupportandclickSelect.

4. ClicktheAdministratorstab.

5. UnderAdminPolicies,clickAdd.

6. UnderAdminRule,intheUsersdropdownlist,selectWhoaremembersof<rolerule>.

7. Inthedropdownlistthatsubsequentlyappears,selectadminrole<adminrole>.

8. ClickBrowse.

9. UnderSearchforanadminrole,clickSearch.

10. ScrolldowntheSearchResults,selecttheVoonairHelpdeskrole,andclickSelect.

11. UnderScopeRule,intheUsersdropdownlist,selectwhere<userfilter>.

12. Inthedropdownlist,select<userattribute><comparator><value>.

13. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueof
Maintenance.

14. UnderAdministrator'sPrivileges,cleartheCanmanageadministratorsofthisProvisioning
Roleoption.

15. ClickOK.
YournewadminpolicyappearsintheAdminPoliciestable.


16. ClicktheOwnerstab.
Theownerpolicyremainsunchanged.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 35
2015CA.Allrightsreserved.
Module3:DeployProvisioning

17. ClickSubmit.
Youwillreceiveaconfirmationthatthetaskhasbeencompleted.

AssigntheVoonairHelpdeskAdminRoletoaUserinInformationTechnology
AssignthisadminroletoauserintheInformationTechnologydepartment,DylanDavies.

1. IntheUserConsole,expandRolesandTasks.

2. ExpandAdminRolesandclickModifyAdminRoleMembers/Administrators.

3. UnderSearchResults,selecttheVoonairHelpdeskadminroleandclickSelect.

4. ClickAddauser.

5. SearchbyLastNameusing*davies*asthesearchstring.


6. UnderSearchResults,selectddaviesandclickSelect.
DylanDaviesappearsinthelistofmembersontheMembershiptab.

7. ClickSubmit.
Youwillreceiveaconfirmationthatthetaskhasbeencompleted.

Rememberfromearlier,youspecifiedanAddactiontodefinewhathappenswhenauseris
addedasamemberofthisadminrole.ThatAddactionwastochangethedepartmentofthe
usertoMaintenance.NowyoucancheckthatDylanDavies'departmenthaschangedfromITto
Maintenance.

8. ExpandUsersandManageUsers.

9. ClickViewUser.

10. UnderSearchforauser,clickSearch.

36 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning


11. UnderSearchResults,scrolldownandfindDylanDavies.Noticethathisdepartmenthas
changedtoMaintenance.

CreateaPasswordforDylanDavies
SincetheuserDylanDavieswasimportedfromActiveDirectory,hedoesnothaveapasswordyet.
UsetheResetUserPasswordadmintasktosethisuserpassword.

1. ExpandUsersandManageUsers.

2. ClickResetUserPassword.

3. UnderSearchforauser,clickSearch.

4. UnderSearchResults,selectDylanDaviesandclickSelect.

5. InthePasswordandConfirmPasswordfields,typethefollowing:
Password01

6. ClickSubmit.

7. ClickSignout.

8. LogintotheUserConsoleusingthefollowingcredentials:
Username ddavies
Password Password01

9. ExpandUsersandManageUsers.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 37
2015CA.Allrightsreserved.
Module3:DeployProvisioning

10. IntheTasksmenu,noticethatDylanDaviesnowhastheabilitytocreate,modify,delete,view,
andmanageusers.


11. ClickViewUser.

12. NoticethatonlyusersintheMaintenancedepartmentarelisted.

CreateaNewUser
YouareloggedinasDylanDavieswhoisamemberoftheVoonairHelpdeskadminrolebecause
hebelongstotheMaintenancedepartment.ThescopeoftheadminrolegivesDylantheabilityto
createandmanageusersintheMaintenancedepartment.Now,goaheadandcreateanewuser
calledTimSmithintheMaintenancedepartment.

1. UnderManageUsers,clickCreateUser.

2. SelectCreateaNewUserandclickOK.

3. OntheCreateUserpage,besidetheOrganizationfield,clickBrowse.

4. UnderSearchforanorganization,clickSearch.

5. UnderSearchResults,selecttheVoonairorganizationandclickSelect.

38 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module3:DeployProvisioning


6. OntheProfiletab,enterthefollowinginformationforthenewuser:
UserID tsmith
Password Password01
Enabled Checked
FirstName Tim
LastName Smith
FullName TimSmith
Department Maintenance

7. ClickSubmit.
Youwillreceiveaconfirmationthatthetaskhasbeencompleted.

8. UnderManageUsers,usetheViewUseradmintasktoverifythenewuserexists.

9. LogoutandthenlogbackinasTimSmith:
Username tsmith
Password Password01

10. IntheTasksmenu,noticethatTimSmithalsohastheabilitytocreate,modify,delete,view,and
manageusers.TheseadmintasksareavailabletoTimthroughhismembershipoftheVoonair
HelpdeskadminrolebecausehebelongstotheMaintenancedepartment.

DeleteaUser
LogbackinasDylanDaviesanddeletetheTimSmithuserthatyoujustcreated.

1. LogoutandthenlogbackinasDylanDavies:
Username ddavies
Password Password01

2. ExpandUsersandManageUsers.
CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 39
2015CA.Allrightsreserved.
Module3:DeployProvisioning

3. ClickDeleteUser.

4. UnderSearchforusers,clickSearch.

5. UnderSearchResults,selectthetsmithuserandclickSelect.

6. Toconfirmthedeletion,clickYes.
Youwillreceiveaconfirmationthatthetaskhasbeencompleted.

7. UnderManageUsers,usetheViewUseradmintasktoverifythedeletionofTimSmith.He
shouldnolongerbelistedasauser.

40 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

Lab41ImplementDelegatedAdministration

Goal Delegateadministrativedutiestosharetheworkofmanagingusersandgranting
applicationaccess.

Scenario ManagementatVoonairwantsyoutotakethenextstepanddelegate
administrativedutiesandresponsibilitiestothevariousdepartments.Theywant
themanagementofeachdepartmenttobeabletoadministertheiremployees
withouttheinvolvementoftheCAIdentityManageradministrativestaff.Atthe
sametime,managementwantstoretainoverallcontroloftheprocesssotheycan
becertainthatcorporatepoliciesarebeingenforced.

Time 60minutes

Instructions:

ModifyUsers
Toperformthislab,youfirstneedtosetthejobtitlesfortwousersintheFlightOperations
department,MaryNewburgandEllisHoward.ThesejobtitlesdidnotexistinActiveDirectorywhen
weimportedtheusersfromtheVoonairADendpoint.YouwillsetthejobtitleforMaryNewburg
toVicePresident,FlightOperationsandthejobtitleforEllisHowardtoFlightOperations
Supervisor.Youwillusethejobtitles(Titleattribute)withtheDepartmentattributetoconfigure
andscopeadminrolemembershipandadministrationsothatadministrativedutiesand
responsibilitiescanbedelegatedaccordingtoyourspecificbusinessneeds.

1. LogintotheUserConsoleusingthefollowingcredentials:
Username superadmin
Password Password01

2. IntheTasksmenu,expandUsers.

3. ExpandManageUsersandclickModifyUser.

4. UnderSearchforauser,clickSearch.

Note:TosortbyUserID,clickUserIDinthecolumnheader.

5. UnderSearchResults,selectthemnewburguserandclickSelect.
TheuserprofileforMaryNewburgappears.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 41
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

6. ScrolldowntotheTitlefieldandtypethefollowing:
VicePresident,FlightOperations

Note:Makesureyouenterthetitleexactlyasshownhere.

7. ClickSubmit.

8. RepeattheprocesstoassigntheFlightOperationsSupervisorjobtitletotheuserEllisHoward.
Hisusernameisehoward.

ResetthePasswordsforMaryNewburgandEllisHoward
SinceMaryNewburgandEllisHowardwereimportedfromActiveDirectory,theydonothave
passwordsyet.NowyouwillusetheResetUserPasswordadmintasktosettheiruserpasswords.

1. UnderManagerUsers,clickResetUserPassword.

2. UnderSearchforauser,clickSearch.

Note:TosortbyUserID,clickUserIDinthecolumnheader.

3. UnderSearchResults,selectthemnewburguserandclickSelect.
TheResetUserPasswordpageforMaryNewburgappears.

4. InthePasswordfield,typethefollowing:
Password01

5. IntheConfirmPasswordfield,typethesamepassword.

6. ClickSubmit.

7. RepeattheprocesstosettheuserpasswordforEllisHowardtoPassword01.
Hisusernameisehoward.

DelegateUserManagerCapabilitiestoMaryNewburg
ModifytheUserManageradminroletoenableMaryNewburgtomanageonlyusersintheFlight
Operationsdepartment.

1. IntheTasksmenu,expandRolesandTasks.

2. ExpandAdminRolesandclickModifyAdminRole.

3. UnderSearchResults,selecttheUserManageradminroleandclickSelect.

4. ClicktheMemberstab.
DefinethememberpolicysothatonlyuserswhohaveajobtitleofVicePresident,Flight
Operationscanbemembersofthisadminrole.Includeascoperulethatletsmembersofthis
adminrolemanageonlyusersintheFlightOperationsdepartment.
42 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


5. ClickAdd.
YouaregoingtodefinethememberpolicyusingtheTitleuserattribute.

6. IntheUsersdropdownlist,selectwhere<userfilter>.

7. Inthedropdownlist,changetheattributetoTitleandtypeanattributevalueofVice
President,FlightOperations.


8. UnderAddnewscopingrule,selectUserfromthedropdownlist.

9. IntheUserdropdownlist,selectwhere<userfilter>.

10. Inthedropdownlist,select<userattribute><comparator><value>.

11. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueofFlight
Operations.


12. ClickOK.
YourcompletedmemberpolicyfortheUserManageradminroleappears.


13. ClickSubmit.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 43
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

VerifyMaryNewburgsNewAdministrativeCapabilities
LoginasMaryNewburgtoverifythatshenowhasthecapabilitytomodifyonlyusersintheFlight
Operationsdepartment.

1. LogoutandthenlogbackinagainasMaryNewburg:
Username mnewburg
Password Password01

2. IntheTasksmenu,expandUsers.

3. ExpandManageUsersandclickModifyUser.

4. UnderSearchforauser,clickSearch.

5. IntheSearchResults,noticethatitonlydisplaysuserswhobelongtotheFlightOperations
department.ThesearetheonlyusersthatMaryNewburgcanmanage.

EnableMaryNewburgtoDelegatetheUserManagerRole
ModifytheUserManageradminrolesoMaryNewburgcanmakeusersintheFlightOperations
departmentmembersoradministratorsoftheadminrole.

1. LogoutandlogbackinastheSuperAdminuser:
Username superadmin
Password Password01

2. IntheTasksmenu,expandRolesandTasks.

3. ExpandAdminRolesandclickModifyAdminRole.

4. UnderSearchResults,selecttheUserManageradminroleandclickSelect.

44 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


5. ClicktheAdministratorstab.
DefinetheadminpolicysothatonlyuserswhohaveajobtitleofVicePresident,Flight
OperationscanbeadministratorsoftheUserManagerrole.Includeascoperulethatlets
administratorsoftheUserManageradminrolemanageonlyusersintheFlightOperations
department.

6. ClickAdd.
YouaregoingtodefinetheadminpolicyusingtheTitleuserattribute.

7. IntheUsersdropdownlist,selectwhere<userfilter>.

8. Inthedropdownlist,changetheattributetoTitleandtypeanattributevalueofVice
President,FlightOperations.


9. UnderAddnewscopingrule,selectUserfromthedropdownlist.

10. IntheUserdropdownlist,selectwhere<userfilter>.

11. Inthedropdownlist,select<userattribute><comparator><value>.

12. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueofFlight
Operations.


13. MakesurethatCanmanagemembersofthisAdminRoleandCanmanageadministratorsof
thisAdminRoleareselected.

14. ClickOK.
Yourcompletedadminpolicyshouldlooklikethis:


15. ClickSubmit.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 45
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

AddAnotherAdminRuletotheUserManagerRole
ModifytheUserManagerroletoenableadministratorrightstobeassignedtouserswhoare
membersoftheUserManageradminrolebutwhodonothaveatitleofVicePresident,Flight
Operations.

1. ClickReturntoSearch.

2. UnderSearchResults,selecttheUserManageradminroleandclickSelect.

3. ClicktheAdministratorstab.
DefinetheadminpolicysothatuserswhoaremembersoftheUserManageradminrolecanbe
administratorsoftheUserManagerrole.Includeascoperulethatletsadministratorsofthe
UserManageradminrolemanageonlyusersintheFlightOperationsdepartment.

4. ClickAdd.
YouaregoingtodefinetheadminpolicyusingtheAdminRolesattribute.

5. IntheUsersdropdownlist,selectwhere<userfilter>.

6. Inthedropdownlist,changetheattributetoAdminRolesandtypeanattributevalueofUser
Manager.


7. UnderAddnewscopingrule,selectUserfromthedropdownlist.

8. IntheUserdropdownlist,selectwhere<userfilter>.

9. Inthedropdownlist,select<userattribute><comparator><value>.

10. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueofFlight
Operations.


11. MakesurethatCanmanagemembersofthisAdminRoleandCanmanageadministratorsof
thisAdminRoleareselected.

46 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


12. ClickOK.

YourupdatedAdminPoliciestableshouldlooklikethis:


13. ClickOK.

14. VerifytheAdministratorscanaddandremoveadministratorsofthisroleoptionisselected.

15. UnderAddAction,selectAdd"UserManager"toAdminRolesfromthedropdownlist.

16. UnderRemoveAction,selectRemove"UserManager"fromAdminRolesfromthedropdown
list.


17. ClickSubmit.

DelegateUserManagerCapabilitiestoEllisHoward
Now,youwillverifythatMarycanassigntheUserManagerroletousersintheFlightOperations
department.

1. LogoutandthenlogbackinagainasMaryNewburg:
Username mnewburg
Password Password01
CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 47
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

2. IntheTasksmenu,expandUsers.

3. ExpandManageUsersandclickModifyUser.

4. UnderSearchforauser,clickSearch.

5. UnderSearchResults,selectehowardandclickSelect.
TheuserprofileforEllisHowardsappears.

6. ClicktheAdminRolestab.

7. ClickAddanadminrole.

8. UnderSearchforanadminrole,clickSearch.

9. UnderSearchResults,selectUserManagerandclickSelect.
TheUserManageradminroleappearsinthelistofadminrolesassignedtoEllisHoward.
NoticethatEllisisnotonlyamemberoftheUserManagerrole,butanadministratoroftherole
too.Asamember,hecanperformtheadmintasksdefinedfortherole.Asanadministratorof
therole,hecanassigntheroletootheruserswithinthescopeoftheadminpolicy.


10. ClickSubmit.

ModifytheMemberPolicyofUserManager
ModifythememberpolicyoftheUserManageradminroletoenableEllisHowardtomanageonly
usersintheFlightOperationsdepartment.SinceyoudefinedamemberpolicytoonlyallowtheVP
ofFlightOperationstobeamember,thatpolicypreventsEllisfromseeingtheUserManagertasks.
So,eventhoughMaryhasdelegatedtoEllis,hewillnotbeabletoperformtheUserManager
capabilitiesunlessweaddhisjobtitletothememberpolicy.

1. LogoutandlogbackinastheSuperAdminuser:
Username superadmin
Password Password01

2. IntheTasksmenu,expandRolesandTasks.

3. ExpandAdminRolesandclickModifyAdminRole.

48 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


4. UnderSearchResults,selecttheUserManageradminroleandclickSelect.

5. ClicktheMemberstab.
DefinethememberpolicysothatonlyuserswhohaveajobtitleofFlightOperations
Supervisorcanbemembersofthisadminrole.Includeascoperulethatletsmembersofthis
adminrolemanageonlyusersintheFlightOperationsdepartment.

6. ClickAdd.
YouaregoingtodefinethememberpolicyusingtheTitleuserattribute.

7. IntheUsersdropdownlist,selectwhere<userfilter>.

8. Inthedropdownlist,changetheattributetoTitleandtypeanattributevalueofFlight
OperationsSupervisor.


9. UnderAddnewscopingrule,selectUserfromthedropdownlist.

10. IntheUserdropdownlist,selectwhere<userfilter>.

11. Inthedropdownlist,select<userattribute><comparator><value>.

12. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueofFlight
Operations.


13. ClickOK.
YourupdatedMemberPoliciestablefortheUserManageradminroleshouldlooklikethis:


CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 49
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

14. ClickSubmit.

MaryNewburgasksEllisHowardtocreateanewIDforhernewassistant,BettyFarthington.Make
sureBettyisintheFlightOperationsdepartment,hasatitleofExecutiveAssistant,andhas
identicalaccessrightsasMarysoBettycandoherdailyadministrativetasks.

CreateaNewUser
VerifythatEllisisabletocreateanewIDforBettyFarthington.MakesureBettyisintheFlight
Operationsdepartment,hasatitleofExecutiveAssistant,andhasidenticalaccessrightsasMaryso
Bettycandoherdailyadministrativetasks.

1. LogoutandthenlogbackinagainasEllisHoward:
Username ehoward
Password Password01

2. IntheTasksmenu,expandUsers.

3. ExpandManageUsersandclickCreateUser.

4. SelectCreateanewuserandclickOK.

5. BesidetheOrganizationfield,clickBrowse.

6. UnderSearchforanorganization,clickSearch.

7. UnderSearchResults,selectVoonairandclickSelect.

8. OntheProfiletab,enterthefollowinginformationforthenewuser:
UserID bfarthington
Password Password01
Enabled Checked
FirstName Betty
LastName Farthington
FullName BettyFarthington
Department FlightOperations
Title ExecutiveAssistant

9. ClicktheAdminRolestab.

10. ClickAddanadminrole.

11. UnderSearchforanadminrole,clickSearch.

50 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


12. UnderSearchResults,selectUserManagerandclickSelect.
UserManageristheonlyadminrolethatappearsintheSearchResultsbecauseitistheonly
adminrolethatEllisHowardisallowedtoassign.

13. ClickSubmit.

MaryNewburghashiredanewaccountantnamedJasonHarveyfortheFlightOperations
department.JasonwillalsoneedtohavetheappropriateaccessontheActiveDirectoryendpoint
system.MaryasksBettytocreateanIDforJasonandtogivehimtherequiredaccess.Bettyfinds
thatwhileshedoeshavesomecapabilitiestocreatethenewuserID,shedoesnothaveallthe
requiredaccesssosheasksEllisHowardtocreatetheID.
BecauseEllisHowardhasresponsibilityforcreatingusersintheFlightOperationsdepartment,itis
assumedthathewillcreatetheIDforJasonHarvey.However,forJasontohaveaccesstotheFlight
OperationssystemsontheActiveDirectoryendpoint,Ellismusthavetheabilitytogivehimthe
FlightOperationsprovisioningrole.Therefore,youmustgrantEllisadministratorcapabilitytothe
role.

ModifytheFlightOperationsProvisioningRole
ModifytheFlightOperationsprovisioningrolesoElliscanmakeusersintheFlightOperations
departmentmembersoradministratorsoftheprovisioningrole.

1. LogoutandlogbackinastheSuperAdminuser:
Username superadmin
Password Password01

2. IntheTasksmenu,expandRolesandTasks.

3. ExpandProvisioningRolesandclickModifyProvisioningRole.

4. UnderSearchResults,selecttheFlightOperationsprovisioningroleandclickSelect.

5. ClicktheAdministratorstab.
DefinetheadminrulesothatonlyuserswhohaveajobtitleofFlightOperationsSupervisor
canbeadministratorsoftheFlightOperationsprovisioningrole.Includeascoperulethatlets
administratorsoftheFlightOperationsprovisioningrolemanageonlyusersintheFlight
Operationsdepartment.

6. ClickAdd.
YouaregoingtodefinetheadminpolicyusingtheTitleuserattribute.

7. IntheUsersdropdownlist,selectwhere<userfilter>.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 51
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

8. Inthedropdownlist,changetheattributetoTitleandtypeanattributevalueofFlight
OperationsSupervisor.


9. UnderScopeRule,intheUsersdropdownlist,selectwhere<userfilter>.

10. Inthedropdownlist,select<userattribute><comparator><value>.

11. Inthedropdownlist,changetheattributetoDepartmentandtypeanattributevalueofFlight
Operations.


12. MakesurethatCanmanagemembersofthisAdminRoleandCanmanageadministratorsof
thisAdminRoleareselected.

13. ClickOK.
YourupdatedAdminPoliciestableshouldlooklikethis:


14. ClickSubmit.

CreatetheNewUser
CreatetheJasonHarveyuser,anaccountantintheFlightOperationsdepartmentoftheVoonair
organization.JasonwillneedtohavetheappropriateaccessontheActiveDirectoryendpointso
youwillassignhimtheFlightOperationsprovisioningrole.

1. LogoutandthenlogbackinagainasEllisHoward:
Username ehoward
Password Password01

2. IntheTasksmenu,expandUsers.
52 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


3. ExpandManageUsersandclickCreateUser.

4. SelectCreateanewuserandclickOK.

5. BesidetheOrganizationfield,clickBrowse.

6. UnderSearchforanorganization,clickSearch.

7. UnderSearchResults,selectVoonairandclickSelect.

8. OntheProfiletab,enterthefollowinginformationforthenewuser:
UserID jharvey
Password Password01
Enabled Checked
FirstName Jason
LastName Harvey
FullName JasonHarvey
Department FlightOperations
Title Accountant

9. ClicktheProvisioningRolestab.
JasonwillalsoneedtohavetheappropriateaccessontheActiveDirectorysoyouneedtogive
himtheFlightOperationsprovisioningrole.

10. ClickAddaprovisioningrole.

11. UnderSearchforaprovisioningrole,clickSearch.

12. UnderSearchResults,selectFlightOperationsandclickSelect.

13. ClickSubmit.

VerifytheNewUser
ToverifythatJasonHarveyuserwascreatedandhasanActiveDirectoryaccount,youneedtolog
backinasSuperAdminandusetheViewUsersEndpointAccounttasktosearchforJasonandview
hisassignedaccounts.

1. LogoutandlogbackinastheSuperAdminuser:
Username superadmin
Password Password01

2. IntheTasksmenu,expandUsers.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 53
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

3. ExpandManageUsersandclickViewUsersEndpointAccounts.

4. UnderSearchforauser,clickSearch.

5. UnderSearchResults,selectjharveyandclickSelect.

6. UnderSearchforanobjectoftypeAccount,clickSearch.

UnderSearchResults,youwillseethatJasonHarveynowhasanActiveDirectoryaccounton
theVoonairADendpoint.

YouhavesuccessfullyimplementeddelegatedadministrationintheVoonairenvironment.

54 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

Lab42ConfigureSelfService

Goal Configureselfservicetoenableuserstoselfregisterandmanagetheirown
profile,password,andentitlements.

Scenario VoonairmanagementhasexaminedthecoststheyincurbycreatingIDsfor
externalcustomersandforadministeringpasswordresetsforemployees.
KnowingthatCAIdentityManagerhascapabilitiestoenablecustomerstoself
registerandgaintherequiredaccess,theyhaveaskedyoutoimplementthat
feature.Theyhavealsoaskedyoutoimplementthecapabilityforendusersto
resettheirownpasswordstosavethecostsassociatedwithhavingtheHelpdesk
performthechanges.Thiswillhelpspeeduptheprocess,savemoney,andfree
uptheHelpdeskpersonneltodootherdutiestheyhavenothadthestaffortime
toperform.

Time 30minutes

Instructions:

VerifySelfServiceisPreconfigured
InCAIdentityManager,selfserviceispreconfiguredoutoftheboxthroughtheSelfManager
adminrole.Youcanverifythisbylookingatthememberpolicyfortherole,whichallowsallusers
tobetheirownSelfManager.

1. MakesureyouareloggedinastheSuperAdminuser:
Username superadmin
Password Password01

2. IntheTasksmenu,expandRolesandTasks.

3. ExpandAdminRolesandclickModifyAdminRole.

4. UnderSearchResults,selecttheSelfManageradminroleandclickSelect.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 55
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

5. ClicktheMemberstab.
Bydefault,amemberpolicyalreadyexiststhatallowsalluserstobetheirownSelfManager.


6. ClicktheTaskstab.
TheselfservicetasksthatalluserscanperformasmembersoftheSelfManagerrolearelisted
here:

56 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


Now,youaregoingtoverifythatselfserviceisworkingbylogginginastheuserEllisHoward
andupdatinghisuserprofile.

7. LogoutandlogbackinagainasEllisHoward:
Username ehoward
Password Password01

8. IntheTasksmenu,expandHome,andclickModifyMyProfile.

9. OntheProfiletab,scrolldowntotheOfficefield.

10. IntheOfficefield,typethefollowing:
NYOffice

11. ClickSubmit.

Now,youwillverifythechangehasbeenapplied.

12. IntheTasksmenu,underHome,clickModifyMyProfile.

13. OntheProfiletab,scrolldowntotheOfficefield.
NoticethattheOfficeattributeissettoNYOffice.

SetUpSelfRegistration
ArequirementforsettingupSelfRegistrationisthedisplayofalicenseagreementorsomeother
typeofvaliduseagreement.IfthepersoncontinueswiththeSelfRegistration,theyhaveagreedto
thetermsofuseoftheenterprisesystem.Inaddition,itisnecessarytosetadefaultorganization
wherethenewuserIDistobelocatedbecausethecorporateuserstoreallowsuserIDstobe
storedinseverallocations,dependingontheuserandtheiraffiliationwiththecompany.

InstalltheLicenseAgreementandSettheOrganization

14. Launchthe04IMG20029directoryserverVM.

15. Onthe04IMG20029directoryserverVM,openWindowsExplorerandnavigatetothe
C:\ClassFilesfolder.
Noticetheeula.htmfileforthelicenseagreement.

16. Copytheeula.htmfiletotheC:\Inetpub\wwwrootfolder.

17. Gobacktothe04IMG20029imserverVM.

18. Toverifytheeula.htmfiledisplaysinabrowser:
a. OpenanewtabinInternetExplorer.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 57
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

b. IntheAddressbar,typethefollowing:
http://directoryserver.voonair.local/eula.htm

Thelicenseagreementshouldappear,asshownhere:


19. CopytheURLfromtheAddressbar.

20. GobacktotheUserConsoletabinInternetExplorer.

21. LogoutandlogbackinastheSuperAdminuser:
Username superadmin
Password Password01

22. IntheTasksmenu,expandRolesandTasks.

23. ExpandAdminTasksandclickModifyAdminTask.

24. UnderSearchforanadmintask,type*self*andclickSearch.

25. UnderSearchResults,selecttheSelfRegistrationadmintaskandclickSelect.

26. ClicktheSearchtab.

27. BesidetheSearchScreenfield,clickBrowse.

28. UnderSelectScreenDefinition,selectEndUserLicenseAgreementSearchandclickEdit.

29. ChangetheMessageURLfieldtothefollowingbypastingtheURLthatyoucopiedinstep19:
http://directoryserver.voonair.local/eula.htm

58 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


30. ClickPreview.
TheEndUserLicenseAgreementshouldappearinthePreviewarea.


Note:Itisimportantthatyouperformthenextthreestepsasdirected.

31. ClickOK.

32. ClickSelect.

33. ClickSubmit.

Now,youaregoingtosetthedefaultorganization.

34. ClickReturntoSearch.

35. UnderSearchResults,selecttheSelfRegistrationadmintaskandclickSelect.

36. ClicktheTabstab.

37. TomodifytheProfiletab,clickthepencilicon.


38. BesidetheDefaultOrganizationfield,clickBrowse.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 59
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

39. ClickSearch.

40. SelecttheVoonairorganizationandclickSelect.

41. ClickOK.

42. ClickSubmit.

TesttheSelfRegistrationProcess
Nowyouarereadytoverifythattheselfregistrationprocessisworkingasconfigured.

43. Logoutandthengobacktotheloginpage.

44. UnderDonthaveanaccount,clickRegisterNow.

60 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


TheEndUserLicenseAgreementforSelfRegistrationappears.


45. ClickAccept.

46. OntheSelfRegistrationform,enterthefollowinginformation:
FirstName Pat
LastName Penguin
FullName PatPenguin
RequestedLoginName ppenguin
Chooseapassword Password01
Reenterpassword Password01

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 61
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

47. OntheSelfRegistrationform,enterthefollowingsecurityquestionsandanswers:
SecurityQuestion1 Whatisyourmothersmaidenname
Answer1 Parrot
SecurityQuestion2 Whatisyourfathersmiddlename
Answer2 Peter
SecurityQuestion3 Whatisyourfavoritefood
Answer3 Pizza
SecurityQuestion4 Whatwasthenameofyourfirstpet
Answer4 Woody
SecurityQuestion5 Inwhichcitydidyougetmarried
Answer5 Austin

48. ClickSubmit.

49. ClickOK.

NowyouaregoingtologinasPatPenguinandverifythathecanaccessandperformself
servicetasks.

50. LoginasPatPenguin:
Username ppenguin
Password Password01

SinceallusersaremembersoftheSelfRegistrationadminrole,PatPenguinhasaccesstoallof
theselfservicetasks.

ExecutetheForgottenPasswordProcessforSelfRegisteredUsers
NowyouaregoingtoverifythattheForgottenPasswordprocessisworkingasconfigured.

51. Logoutandthengobacktotheloginpage.

62 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService


52. UnderthePasswordfield,clicktheForgotPassword?link.


53. IntheUserIDfield,typethefollowingandclickOK:
ppenguin

54. Providetheanswertotherandomsecurityquestionthatappears.Referbacktotheanswer
thatyousetforthisquestionearlier.Youwillbeaskedtwofurthersecurityquestions.


55. Providetheanswertothenextrandomsecurityquestionthatappears.Referbacktothe
answerthatyousetforthisquestionearlier.

56. Providetheanswertothenextrandomsecurityquestionthatappears.Referbacktothe
answerthatyousetforthisquestionearlier.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 63
2015CA.Allrightsreserved.
Module4:ImplementDelegatedAdministrationandSelfService

Aconfirmationmessageappearsandthesystemassignsyouatemporarypassword.

57. CopythetemporarypasswordanduseittologinasPatPenguin(usernameisppenguin).

58. YouwillbepromptedtochangethepasswordforPatPenguin.


59. InthePasswordfield,replacetheexistingpasswordwiththefollowing:
Password02

60. ConfirmthepasswordinthefieldprovidedandclickSubmit.

61. ClickOK.

62. Toverifythenewpasswordtookeffect,logoutandlogbackinasthePatPenguinwiththe
changedpassword:
Username ppenguin
Password Password02

Theloginwiththenewpasswordshouldbesuccessfulandyoushouldbeabletoperformself
servicetasksasPatPenguin.

64 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

Lab51PlaceaTaskUnderWorkflowControl

Goal PlaceataskunderworkflowcontrolusingtheTwoStageApprovalProcessworkflow
template.

Scenario Voonairrequiresatwostageapprovalprocessforusersthatarecreatedmanually
withinthecorporateuserstore.YouneedtomodifytheCreateUsertasktouse
theTwoStageApprovalProcessworkflowtemplateandconfigureittosettwo
individualuserIDsastheapproverstosimulatethebusinessrequirements.

Time 45minutes

Instructions:

ResetUserPasswords
Beforeyoubegin,youneedtosetthepasswordsfortheusersthatyouwillusethroughoutthislab
exercise:
PaulMartin(pmartin)
DavidAbraham(dabraham)
HeatherMarley(hmarley)
BecausetheseuserswereimportedfromtheVoonairADendpoint,theydonothaveany
passwords.YouwillsettheirpasswordsusingtheResetUserPasswordtask.

1. LogintotheUserConsoleastheSuperAdminuser:
Username superadmin
Password Password01

2. IntheTasksmenu,expandUsers.

3. ExpandManageUsersandclickResetUserPassword.

4. UnderSearchforauser,type*pm*andclickSearch.

5. UnderSearchResults,selectthepmartinuserandclickSelect.

6. InthePasswordandConfirmPasswordfields,typethefollowing:
Password01

7. ClickSubmit.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 65
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

8. RepeattheprocesstoresetthepasswordsforDavidAbraham(dabraham)andHeatherMarley
(hmarley)toPassword01.

EnableWorkflowintheManagementConsole
Tostart,youwillenableworkflowfunctionalityfortheVoonairenvironmentthroughthe
ManagementConsole.

1. OntheFavoritesbarofInternetExplorer,clicktheManagementConsoleshortcut.

2. LogintotheManagementConsoleusingthefollowingcredentials:
Username imadmin
Password caeducation

3. OntheManagementConsolehomepage,clicktheEnvironmentslink.

4. OntheEnvironmentspage,clicktheVoonairenvironment.
ThepropertiesfortheVoonairenvironmentappear.

5. ScrolldowntothebottomofthepageandclickAdvancedSettings.

6. UnderAdvancedSettings,clickWorkflow.

7. SelectthefollowingworkflowpropertiesandclickSave:
Enabled
WorklistitemsautomaticallydisplayedonWelcomePage

8. ClickRestartEnvironment.

CreateanAdminRole
NowyouwillcreateanewadminrolecalledSysAdmin.Configuretheownerpolicysothatonly
userswhohavetheSystemManageradminrolecanbeownersofyournewadminrole.Configure
thememberpolicysothatonlyDavidAbrahamcanbeamember.

1. GobacktotheUserConsoleandmakesureyouareloggedinastheSuperAdminuser:
Username superadmin
Password Password01

2. IntheTasksmenu,expandRolesandTasks.

3. ExpandAdminRolesandclickCreateAdminRole.

4. SelectCreateanewadminroleandclickOK.

5. OntheProfiletab,namethenewadminroleSysAdmin.

66 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses


6. SelecttheEnabledcheckbox.

7. ClicktheOwnerstab.

8. ClickAdd.

9. UnderOwnerRule,intheUsersdropdownlist,selectWhoaremembersof<rolerule>.

10. Inthedropdownlistthatsubsequentlyappears,selectadminrole<adminrole>.

11. ClickBrowse.

12. UnderSearchforanadminrole,clickSearch.

13. ScrolldowntheSearchResults,selecttheSystemManagerrole,andclickSelect.

Yourcompletedownerruleshouldlooklikethis:


14. ClickOK.
Yournewownerruleappearsinatableformat.


15. ClicktheMemberstab.
YouwilldefinethememberpolicysothatDavidAbraham(dabraham)canbecomeamemberof
thisadminrole.

16. ClickAdd.
YouaregoingtodefinethememberpolicyusingtheUserIDuserattribute.

17. IntheUsersdropdownlist,selectwhere<userfilter>.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 67
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

18. Inthedropdownlist,changetheattributetoUserIDandtypeanattributevalueofdabraham.


Youarenotgoingtoaddascopingruleforthememberpolicy.

19. ClickOK.
YourcompletedmemberpolicyfortheSysAdminadminroleappears.


20. ClickSubmit.

CreateaNewGroup
CreateagroupcalledHelpdeskintheVoonairorganization.AddSuperAdminasanadministrator
andHeatherMarley(hmarley)asamember.

1. IntheTasksmenu,expandGroupsandclickCreateGroup.

2. SelectCreateanewgroupandclickOK.

3. FortheOrgName,searchforandselectVoonair.

4. IntheGroupNamefield,typethefollowing:
Helpdesk

5. ClicktheAdministratorstab.

6. ClickAddauser.

7. SearchforandselectSuperAdmin.

8. ClicktheMembershiptab.

9. ClickAddauser.

10. SearchandselectHeatherMarley(hmarley).

68 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses


11. ClickSubmit.

CreateaNewAdminTaskandAssignApprovers
CreateacopyoftheCreateUsertask,addaTwoStageApprovalProcessworkflowtemplatetoit,
andconfiguretwoindividualuserIDsastheapprovers.

1. IntheTasksmenu,expandRolesandTasks.

2. ExpandAdminTasksandclickCreateAdminTask.

3. SelectCreateacopyofanadmintaskandclickOK.

4. SearchforandselecttheCreateUsertask.

5. ChangetheNamefieldtothefollowing:
CreateUserTwoStageApproval

6. ChangetheTagfieldtothefollowing:
CreateUserTwoStageApproval

Note:Makesurethetaghasnospaces.

7. ScrolldownandclickthepenciliconnexttoWorkflowProcess.

8. IntheNonPolicyBaseddropdownlist,selectTwoStageApprovalProcess.

9. ScrolldowntotheDefaultApproversectionandselectthefollowing:
ApprovalTask ApproveAdminTask
ParticipantResolver GroupMembers

10. ClickAddGroups.
a. ClickSearch.
b. SelecttheHelpdeskgroup.
c. Atthebottomofthepage,clickSelect.

11. IntheBusinessApproversection,selectthefollowing:
ApprovalTask ApproveAdminTask
ParticipantResolver ListofUsers

12. ClickAddUsers.
a. ClickSearch.
b. SelectthepmartinuserID.
c. Atthebottomofthepage,clickSelect.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 69
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

13. ScrolldowntotheTechnicalApproversectionandselectthefollowing:
ApprovalTask ApproveAdminTask
ParticipantResolver AdminRoleMembers

14. ClickAddAdminRoles.
a. ClickSearch.
b. SelecttheSysAdminRole.
c. Atthebottomofthepage,clickSelect.

Yourcompletedselectionsshouldlooklikethis:


70 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses


15. ClickOK.

16. ClickSubmit.

AddtheNewTasktotheSystemManagerAdminRole
Addthenewadmintask(CreateUserTwoStageApproval)totheSystemManageradminrole,so
thatthisnewtaskisvisibleintheManageUserstaskscategory.

1. IntheTasksmenu,expandRolesandTasks.

2. ExpandAdminRolesandclickModifyAdminRole.

3. SearchforandselecttheSystemManagerrole.

4. ClickOK.

5. ClicktheTaskstab.

6. Scrolldowntothebottomofthepage.

7. IntheFilterbycategorylist,selectUsers.

8. Scrolldowntothebottomofthepageagain.

9. IntheAddTasklist,selectCreateUserTwoStageApproval.

10. ClickSubmit.

SubmittheNewTaskforWorkflowApproval
NowyouwillsubmittheCreateUserTwoStageApprovaltask,starttheworkflow,andfollowthe
approvalchain.

1. IntheTasksmenu,expandUsers.

2. ExpandManageUsersandclickCreateUserTwoStageApproval.

3. SelectCreateanewuserandclickOK.

4. FortheOrganization,searchforandselectVoonair.

5. IntheUserIDfield,typethefollowing:
lab5user

6. InthePasswordandConfirmPasswordfields,typethefollowing:
Password01

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 71
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

7. Competethefollowingfields:
FirstName Lab5
LastName User
FullName Lab5User

8. ClickSubmit.
CAIdentityManagerwillreturna"taskpending"alertinsteadof"Taskcompleted"becauseitis
waitingontheBusinessApprovertoapprovetheworkflowprocess.


NowyouneedtologinasPaulMartin,theBusinessApproverthatyouconfiguredforthis
workflowenabledtask.

9. LogoutandthenlogbackinasPaulMartin:
Username pmartin
Password Password01

YoushouldseeaBusinessApprovalworkiteminPaulsWorkList.Thisappearsbecauseyou
selectedtheWorklistitemsautomaticallydisplayedonWelcomePageoptionwhenyou
enabledworkflowfortheVoonairenvironmentintheManagementConsole.


10. ClickthehyperlinkfortheBusinessApprovalworkitem.

72 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses


TheApprovalTaskscreenappearswherePaulcanreviewthedetailsoftheapprovaltask.


11. ClicktheViewJobtab.
Fromthisperspective,PaulcanseethecurrentstageoftheworkflowisBusinessApproval.
Onceheapprovestheworkflowapprovaltask,thestageoftheworkflowmovestoTechnical
Approval.


12. AtthebottomoftheViewJobtab,clickApprove.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 73
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

CAIdentityManagerwillreturna"taskpending"alertinsteadof"Taskcompleted"becauseitis
nowwaitingontheTechnicalApprovertoapprovetheworkflowprocess.


NowyouneedtologinasDavidAbrahambecausehecanserveastheTechnicalApproverfor
thisworkflowenabledtaskthroughhismembershipoftheSysAdminadminrole.

13. LogoutandthenlogbackinasDavidAbraham:
Username dabraham
Password Password01

14. YoushouldseeaTechnicalApprovalworkiteminDavidsWorkList.


15. ClickthehyperlinkfortheTechnicalApprovalworkitem.

74 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses


TheApprovalTaskscreenappearswhereDavidcanreviewthedetailsoftheapprovaltask.


16. ClicktheViewJobtab.
Fromthisperspective,DavidcanseethecurrentstageoftheworkflowisTechnicalApproval.
Onceheapprovestheworkflowapprovaltask,thestageoftheworkflowmovestoIMApprove.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 75
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

17. AtthebottomoftheViewJobtab,clickApprove.
CAIdentityManagerwillreturna"taskpending"alert.


18. ClickOK.
Thetaskhasnowcompleteditstwostageapprovalprocessandtheuserwillbecreatedinthe
userstore.Now,youaregoingtologbackinastheSuperAdminusertoverifythatthetask
completedsuccessfully.

19. LogoutandthenlogbackinastheSuperAdminuser:
Username superadmin
Password Password01

20. IntheTasksmenu,expandSystemandclickViewSubmittedTasks.

21. ClickSearch.

IntheSearchResults,youshouldseethatthetaskhasastatusofInprogress.Afteraminute,
clicktheRefreshbuttontoseethatithaschangedtoCompleted.


22. Toviewthetaskdetails,clickthepenciliconnexttothetaskdescription.

23. UnderTaskWorkflowJobView,clickthepenciliconbesideTwoStageApprovalProcesstoview
thediagramofthecompletedworkflowjob.

76 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses


NoticetheapprovalpathoftheworkflowtaskfromBusinessApprovaltoTechnicalApproval
toApproved.


24. ClickClose.

VerifytheNewUser
Afteryouhaveconfirmedthetaskcompleted,usetheViewUseradmintasktoverifythenewuser
wascreatedsuccessfully.

1. IntheTasksmenu,expandUsers.

2. ExpandManageUsersandclickViewUser.

3. Searchforlab5userandverifythatitappearsintheSearchResults.

CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 77
2015CA.Allrightsreserved.
Module5:ConfigureWorkflowProcesses

78 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Appendix:CATechnologiesDynamicLabEnvironment


Appendix:DynamicLabEnvironmentAccessandUserGuide

GettingStarted
DynamicLabEnvironmentisthenameoftheCAEducationvirtualenvironmentforlabsand
practiceactivities.ThetechnologybehindtheDynamicLabEnvironmentisprovidedbySkytapand
someoftheinstructionsinthisdocumentreferenceSkytap.
Thisappendixprovidesthefollowinginformation:
Systemandnetworkrequirements
SelfDirectedLearningloginandusageinformation
Settingupanenvironment(otherthanSelfDirectedLearning)
InstructorLedclassroomsetup
Bestpractices
Troubleshooting
Escalatingunresolvedissues

SystemRequirements
TheminimumsystemrequirementsforanindividualclientmachineaccessingtheDynamicLab
Environmentarelistedbelow.Pleasecheckthatyoumeettheminimumrequirementsandthat
youhavetheequipmentyouneedbeforeattemptingtousetheenvironment.

WindowsXP/2003/Vista/2008/Windows7/2008R2/Windows8/2012
Operating
MacOSX10.7orhigher(LionorMountainLion)
Systems
LinuxvariantswithsupportedbrowserandJavaversions
InternetExplorer8,9,or10
Browsers
MozillaFirefox
GoogleChrome
MacOSXSafari

JavaVersion
TheacceptableJavaversionsareJava1.6,1.7,ornewer.
IfyouareunsurewhichversionofJavayouarerunning,simplyclickthefollowinglinkandit
willautodetect:http://java.com/en/download/installed.jsportypejavaversioninthe
terminalforLinux.
IfyouarerunningOSX,pleaseseeRunningJavaonMacOSX.
ForinformationoninstallingJavaonyourlocalLinuxmachine,seeHowtoinstallJavaonmy
localLinuxmachine.


CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 79
2015CA.Allrightsreserved
Appendix:CATechnologiesDynamicLabEnvironment

NetworkRequirements
Werecommendaminimumdownloadspeedof1.16Mb/sec(150KB/sec)perclientconnection
(i.e.,eachindividualuser).Inaddition,werecommendlatencyof250msorless.

80 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Appendix:CATechnolo
ogiesDynamicLabEnvironment

SelfD
DirectedLearningAccesssandInsstruction
ns

Afteryou
uregisterforrthecourse,youwillrecceiveasysteemgenerateedemailthatincludestw
wo
importanntpiecesofiinformation:
ApublishedU
A URLtoaccesssyourassignedlabenviironment
Thedateandtimeonwh hichyouracccesstothateenvironmentexpires
pthisemaila
Keep needtousettheURLwheeneveryouaccessyourrlabenviron
asyouwilln nment.
Hereisasampleemaailwiththettwopieceso
ofinformatioonhighlighteed:

AccessY
YourAssiggnedLabEnvironment
Clickontthepublishe
edURLfromtheemailorpastethel inkinyourw
webbrowsertoaccessyyour
assignedlabenvironment.Usethissamelinkeachtimeyouaccessyyourdynamiclabenviro onment.
Asample
eenvironmentwithmulttipleVirtualMachines(V
VMs)isshow
wnbelow:


CATechnolog
gies CAIIdentitySuite12.6
6:CAIdentityManaagerFoundations 200 81
15CA.Allrightsre served
201
Appendix:CA
ATechnologiesDyn
namicLabEnviron
nment

Theabovvesampleen nvironmentincludesthrreeVMs.Youurparticularrenvironmentwillbe
appropriatefortheccourseactivitiesforwhicchyouhaveregistered.
NOTE:When
N youinitiallyyaccessyourrenvironmeent,youmayyseeaJavap prompt,askingif
yo
ouwanttorrunthisappllication.ClickRunifyouseethispro
ompt.Itwillenableyouto
properlyconnnectintothe eenvironme entandenabblethekeyboardtoworrkcorrectly.

Manage
eYourAsssignedLabEnvironm
ment
Youareaallocatedaccertainamou
untoflabsessiontimet ocompletealloftheactivitiesassocciated
withagivvencourse.Thattimesttartsonceyo
ouaccessyoourenvironm
mentandcon ntinuestoruununtil
theendddateandtim
mespecifiedintheemail.Theclockcontinuesto
oruneveniffyouarenotactively
workingintheenviro onmentunleessyoumanageyouren vironment.
UsetheSSuspendand
dRunbutton
nstomanageyourlabe nvironment.Thesebutttonsaresho
own
below:

UsingSu
uspendtop
preserveyou
urlabtime
ClicktheSuspendbu uttontostop
ptheRunTim
meclock.Doothisanytim
meyouaren notworkingon
courseacctivitiestop
preserveyourremainingtime.Youccansuspend danyoralloftheVMsin
nyour
environmmentbyclickkinginthech
heckboxine
eachVMwinndowandth henclickingttheSuspend
dbutton.
TheSusp
pendbuttoniscalledouttinthefollowingsampleewherealltthreeVMshavebeench
hecked:

82 CAIdentitySuite12
C 2.6:CAIdentityM
ManagerFoundatioons200 CATechnologies
2015
5CA.Allrightsresserved.
Appendix:CATechnolo
ogiesDynamicLabEnvironment


Whenyo ouclickSuspend,yourallocatedlabttimeispreseervedandth
hetimeclockremainspaaused
untilyouchangethestatustoRu
un.TheVMssinasuspenndedenvironmentdisplaythatstatu usas
showninnthefollowingimage:


Onceyouuhavesuspe
endedyoure
environment,youcanmminimizeorcclosethebroowserwindo owin
whichtheenvironmeenthasbeen
nrunning.UsethesameeURLyouweeresentineemailtoreo
open
yourenvvironmentwhenyouarereadytoresume.

UsingRu
untoresum
merunningyyourlabtim
me
ClicktheRunbuttontostartupssuspendedV
VMsandresstarttheRun
nTimeclock.TheRunbu
uttonis
calledou
utinthefollo
owingsamplle:


Thismayytakeseveraalminutes.TTheenvironm mentisread ythewhenVMsarehigghlightedinggreen
anddispllayaRunnin ngstatus.Clicckonthemaachine(s)yoouwanttodirectlyaccessstostartorrresume
yourlabactivities.

Tracking
glabtimeu
usingtheRu
unTimeclocck
TheRunTimeclockintheupper rightcornerrofyoursettofVMstracckshowmucchdynamiclab
environm
menttimeyoouhaveleft.


CATechnolog
gies CAIIdentitySuite12.6
6:CAIdentityManaagerFoundations 200 83
15CA.Allrightsre served
201
Appendix:CATechnologiesDynamicLabEnvironment

NetworkRequirements
Werecommendaminimumdownloadspeedof1.16Mb/sec(150KB/sec)perclientconnection
(i.e.,eachindividualuser).Inaddition,werecommendlatencyof250msorless.
Ifyouhaveagroupof15users,eachconnectingtotheirownclientsessionfromthesamephysical
locationconcurrently,therecommendedamountofbandwidthrequiredis
1.16Mb/secperuserx15or17.5Mb/sec.

ConnectionTest
Ifyouareconnectingforthefirsttime,orconnectingfromacomputeryouhaveneverusedbefore,
runtheconnectionandspeedteststomakesurethatyourbrowsersupportsaconnectiontothe
DynamicLabEnvironment.ThesetestsarehostedbySkytapdirectly.
UsethefollowingURLtousetheSkytapConnectivityCheckertorunconnectionandspeedtests:
https://cloud.skytap.com/tools/connectivity

84 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Appendix:CATechnolo
ogiesDynamicLabEnvironment

Instru
uctorLed
dClassSSetUp

TheDynaamicLabEnvvironmentissaccesseddirectlythrouughaURLlin
nkthatispro
ovidedtothe
instructo
orbyasystem
mgenerateddemail.The URLaswellasinstructorand
eemailincluudesaclassU
studentp
positionURLLs.Asampleemailissho
ownbelow:


1. ClicktheURLlinkkorcopyand
dpastethellinktoyourw
webbrowseer.IftheUR
RLlinkisvalid
d,your
webbrowserwilllloadtheen nvironmentw withtheapppropriateVM
MorVMsetforhandso on
activiities.
2. Exam
mineallVMsandensuretheyarerun
nningbyseleectingthemandclickinggtheRunbu
uttonto
powe
erthemon.


CATechnolog
gies CAIIdentitySuite12.6
6:CAIdentityManaagerFoundations 200 85
15CA.Allrightsre served
201
Appendix:CATechnologiesDynamicLabEnvironment

Oncetheyarepoweredon,allVMswillshowthattheyareinarunningstatusandyoumay
logintotheVMsbyclickingthedesiredVMmachine.
3. ClickthedesiredVMmachinetoconnectdirectlytoit.


Note:MostVMswilltakeyoudirectlytothedesktop,butifyouarepromptedtoenterlogininfo,
usethefollowingcredentials:
Username:administrator
Password:caeducation
Studentsshouldhavebeensentanemailmessagetellingthemtorunthetestsbeforeclassstarts.
Bestpracticeisfortheinstructortosendanemailmessagetoyourstudentstointroduceyourself
astheinstructorandremindthemtoruntheconnectivitytestbeforetheclassstarts.

86 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.
Appendix:CATechnologiesDynamicLabEnvironment


BestPractices

UsethefollowinglistofbestpracticestohelpyouavoidpotentialissueswiththeDynamicLab
Environment:
Ensurethatyouareconnectedtoadedicatedhardwirednetworkconnectionona
broadbandinternetconnection.
DonotuseWiFiconnectionbecauseitismoresusceptibletohigherlatencyissues
impactingperformance.
Closeallapplicationsanddocumentsyouarenotusingforyourvirtualtraining;applications
runninginthebackgroundmayuseupyourcomputer'sbandwidthandaffectsystem
performance.
YoushouldnotbeconnectedtoacorporateVPNwhileconnectingtothevirtualtraining
class.


CATechnologies CAIdentitySuite12.6:CAIdentityManagerFoundations200 87
2015CA.Allrightsreserved
Appendix:CATechnologiesDynamicLabEnvironment

Troubleshooting

RunbothConnectivityCheckerandSpeedTestfromappropriateapplicationregionsandsubmit
resultstoeducationlabs@ca.com.Beforethestartofclass,makesureyourbrowsersupportsa
connectiontotheremotelabs.

88 CAIdentitySuite12.6:CAIdentityManagerFoundations200 CATechnologies
2015CA.Allrightsreserved.