END USER TRAINING SESSION

Date: July/1/2022

All rights
All reserved. All information
rights reserved. contained
‘CrimsonLogic’ in Shell
and the this presentation is disclosed
Device are trade marks of to you on the basis
CrimsonLogic of aAllprospective
Pte Ltd. informationbusiness
containedrelationship and is proprietary
in this presentation is disclosedto
toTokio
you onMarine andofmay
the basis not be used,
a prospective disclosed
business or reproduced
relationship without the
and is proprietary to prior
written CrimsonLogic
consent of TokioMarine.
Pte Ltd and may not be used, disclosed or reproduced without the prior written consent of CrimsonLogic.

1
1
OVERVIEW OF IAMS

Objectives:
• Implement an Identity and Access Management System (IAMS) to better manage,
streamline and automate the process of roles and access rights management
• Support periodic role and access rights review
• Provide greater oversight over the roles and access rights assignment.
a) User and Organization Profile
b) Access Review
c) Reports
d) Administrative Functions
SCOPE - APPLICATIONS

TMA APPLICATIONS
1. Active
Directory(HRMS)
2. Office 365
3. UCF Flat file (Phase 2)
OVERVIEW OF IAMS

Access Review

• Scheduled & triggered automatically

• Allow oversight & tracking

OVERVIEW OF ACCESS REVIEW

Access Access
Job Active Campaign Access Review
Access Certification
Certification Certification Report
IAMS FUNCTIONAL SCOPE

IAMS

Administration Access
Certification

Active
Organization User Roles Approver Workflow Report
Campaigns

Account & Access

Org Role
Review

System Role

IAMS Roles
TODAY’S SESSION: USE CASES TO BE COVERED
Admin User
• Trusted Source Configurations • Profile
• Reconciliation Job • Access Review
• Role-Based Access Control
• Configure Workflow
• Add Approver and Approver Detail
• Configure Workflow Policy
• Access Certification Jobs and Active Campaign
• My Task for Access review
• Reports
AUDIENCE

• Administrators
HRMS CONFIGURATION

• Trusted source will be enabled for HRMS target system configuration.

• Active Directory will be used as a trusted source.

• The list of users will be created accordingly, and Administrators can view the list of all
users and access in the IAMS UI.
Add AD- TRUSTED SOURCE
• Add HRMS Target system by enabling trusted source field with AD
credentials and check the connection.
• Click Submit to add AD-HRMS to IAMS UI.
Add Active Directory
• Add an Active directory with credentials and check the connection.
• Click Submit to add AD on UI.
ADD O365 TARGET SYSTEM
• Add O365 with credentials and check the connection.
• Click Submit to add AD on UI.
Add UCF Target System (Phase 2)

Step 1: Step 2:
Select Target System as Step 3: Step 4:
Select Endpoint Enter Basic Details Select Dependency
Universal Connector Variance as UCF Flat File
Framework
System
Administrator

Step 6:
Step 7:
Add Attribute Mapping
Review & Submit
Details
Add Target System: Upload discovery file (Phase 2)

• Below are the three-csv files, Admin needs to set in the target system.

• Account.csv : This file contains IAMS user accounts to be uploaded.

• Permission.csv : This file contains access/entitlements pertaining to the target
system.
• Account_Permissions.csv : This file defines mapping between user accounts and
entitlements.
TADRGET SYSTEM FILE Path (Phase 2)

• Select Universal Connector target system and UCF Flat file as variance
• Enter the file path for the discovery files
Reconciliation Jobs
• Select the reconciliation job and Click “Run Now” to do
discovery on a need basis
• Scheduled jobs will run as per scheduler
Role-Based Access Control
• Create a role and add owner and members to that role
• Click Submit to add a role
 Access Control
• Select a role and Click Access right to give access right to the role
• Select a Module for the role and select the permission required for the role.
Add Group
• Create a group and add owner and members to that group
• Click Submit to add a group
Add Approver
• Add Group to an approver and configure approval and SLA settings.
• Click Submit to add an approver
Add Approver Detail
• Select approver variant and then add approver type and value to variant
• Click Add and Save to add approver detail
Workflow
• Add Workflow with ASA as a first-level approver, Manager, IT Security and System
Owner as the final approver to complete the process.
• Configure approval frequency interval and SLA Settings and click Submit to add a
workflow.
Access Certification Report
• Access Certification Report shall be exported as PDF,Excel and Csv format.
REPORTS

• IAMS provides various types of reports pertaining to the several activities performed by
the users in TMA to meet compliance and audit requirements for AD,O365 and UCF Flat
file.

• For example
• Active Directory-All Users
• Active Directory-User Groups
• Office365-Consolidated Report for AD & Office365
• Office365-Group Users
• Universal Connector Framework-All Entitlements
AD ALL USERS REPORT
• All ReportsActive DirectoryAll Users
• Click Export button to export the report
O365-Consolidated report for AD & O365
• All ReportsO365Consolidated Report for AD & Office 365
• Click Export button to export the report
UCF-USER ENTITLEMENTS WITH ALL LEVEL
• All ReportsUniversal Connector FrameworkUser Entitlements with All level
• Click Export button to export the report
AUDIENCE

• End Users
ACCESS REVIEW
• Access Review is the process to review a user’s account/access across the TMA
applications.
• As per the schedule of access certification job execution, reviewers will get the review
task to review the user's account/access
Access review process

Manager, then IT
Active Campaign ASA will receive a task Reviewer Security receive task for System Owner will
triggers as per the to review user's approve/reject next level approval to receive task to
configured schedule account/access account/access approve/reject the complete
access
Access review – ASA review
• All Services Self Service  My Task
• Select the task and click the Pending button
Access review
• By default, all account/access will be in approved state.
• Click “Attestation View” to select the desired view to present the data.
• Green colour thumb icon can be toggled for disapproval of any account/access
• Click Save and Submit button to submit first level of the review.
Access Review workflow
• After the completion of the review process from the ASA approver, the task will get
routed to the Manager, IT Security and then finally System Owner for completion.
• After the completion of the task, adminstrators can generate the report of the
access review.
My Profile
• User can view all entitlements with permission on the My Profile screen
Thank You!