Identity Panel can connect to various source systems in order to collect identity data, or write it back. The mechanism used is the Panel Provider, or Provider.
Quick links: Panel Provider for MS Sync Connection | Panel Provider for Active Directory | Panel Provider for Workday | Panel Provider for Active Directory Federation Services | Panel Provider for Okta | Other Panel Providers
Providers (amongst other things) are connectors to source systems. They can be configured to regularly scan source systems, making identity and access data available to the whole suite of Identity Panel applications: Identity Panel App itself, and Service Panel App, Access Panel App, HyperSync App, and Test Panel App. Some of these apps also write data to target systems through the same Provider mechanism.
Many Providers are available – some examples follow.
Panel Provider for MS Sync Connection
Panel Provider for MS Sync Connection allows connection to Microsoft Identity Manager (MM) or Azure AD Connect (which are in many ways much the same product).
Most Providers result in a single Silo of identity data, but since MIM in turn typically connects to many other systems (and to a lesser extent Azure AD Connect), having the Panel Provider for MS Sync Connection gives access to a lot of other systems, with one silo person system (and another for the “metaverse” – the metadirectory at the heart of MIM/Azure AD Connect).
Panel Provider for MS Sync Connection differs in other ways from a typical Provider. It scans for data, reading this from the “connector space” (the staging area where MIM keeps a copy of the data of interest in source systems. MIM cannot be written to in the way that Active Directory can be written to (for example). However, MIM can be controlled by Identity Panel – notably you can configure scheduled MIM runs using Identity Panel, which then picks up very detailed information about each run. Azure AD Connect, being a limited version of MIM, is handled in a rather simpler manner.
Panel Provider for Active Directory
Panel Provider for Active Directory allows data to be read from, and written to, Active Directory from the Identity Panel suite of applications, enabling various scenarios, including:
- Identity Panel App can:
- Scan any objects and attributes for visualization within the Time Traveler
- Restore objects or attributes to Active Directory
- Bulk update Active Directory
- Service Panel App can:
- Present Active Directory objects and attributes
- Create new objects, write back modified objects, and delete objects
- Access Panel App can:
- Maintain user and entitlement objects from Active Directory
- Write back modifications (such as group memberships)
- Test Panel can:
- Create test data in Active Directory for each test case or suite
- Modify objects in response to tests
- Roll back test case data and results
- Applies to (for example) organizational units, users, groups
- Microsoft Identity Manager – MIM Service Port
- Allows Microsoft Identity Manager to write to Active Directory through Identity Panel’s MIM Service Port
- Used by cloud hosted Microsoft Identity Manager servers that want to scan, provision, and update Active Directory through secure cloud hosted HTTPS REST endpoint, avoiding the need for a VPN to the target Active Directory
This product is licensed per domain. You need one license for each Active Directory Domain you choose to scan and target. If you are an on-premises customer, you only need one license for all of your Identity Panel instances. If you are a SaaS customer, you only need one license for all of your tenants. This single license per domain across your development, test, and production instances of Identity Panel reduces your license costs.
You do only need a license for Panel Provider for Active Directory if you are scanning and updating Active Directory directly. For example, if MIM is scanning and updating Active Directory, you will see scanned and updated Active Directory information (for example in the in the Time Traveler) via the Panel Provider for MS Sync Connection, which is licensed separately. However, many customers choose to purchase the Panel Provider for Active Directory to allow Service Panel or Access Panel to update the directory directly, to perform bulk updates from Identity Panel, and to restore data from the Time Traveler.
Panel Provider for Workday
The Panel Provider for Workday allows data from Workday to be scanned and updated from the Identity Panel suite of applications, enabling various scenarios, including:
- Identity Panel App can:
- Scan objects and attributes for visualization within the Time Traveler (connectivity is via Workday custom reports)
- Bulk update Workday (via SOAP API)
- Service Panel App can:
- Present WorkDay data through customer forms
- Push data requests back to Workday using the Workday SOAP API
- Test Panel App can:
- Create test cases in Identity Panel simulating changes from a Workday feed, so that outcomes in associated directories (for example) can be verified
- Rollback deletion of test case data and result
This product is licensed per enterprise.
Panel Provider for Active Directory Federation Services
The Panel Provider for Active Directory Federation Services (ADFS) enables the following scenarios:
Collection of claims history
Using the Time Traveler view of claims data, troubleshooters and auditors have complete access to history of use. Before this feature, it would be difficult for companies to account for a given user’s particular claims on any historical day. For troubleshooting, when a user is unable to properly access a ADFS authenticated system, the Time Traveler exposes the claims issued, along with the users group, role, and attribute data, to faciliate a clear diagnosis of the problem.
Collection of configuration history
Changes to configuration history are recorded, and workflows can notify if configurations are changed. This is critical when controlling change to production ADFS systems.
Monitoring of Health and Certificates
Your dashboard can include a module of health probes relevant to keeping ADFS running smoothly: expired certification, disk space, outages, and performance saturation can all be monitored (including email alerts).
Source Control Configuration
The configuration of ADFS is maintained automatically in Identity Panel with this Provider, allowing you audit, follow, and rollback changes.
One license covers two ADFS servers across your on-premise instances or SaaS tenants. Multiples can be purchased to cover the size of your ADFS farm(s).
Panel Provider for Okta
The Panel Provider for Okta allows data from Okta to be scanned and updated from the Identity Panel suite of applications, enabling various scenarios:
- Identity Panel App can:
- Scan any objects and attributes for visualization within the Time Traveler
- Restore objects or attributes to Okta
- Bulk update Okta
- Service Panel App
- Service Panel App can:
- Present OKTA data through customer forms
- Create, modify, and remove objects and attributes within Okta
- Access Panel App can:
- Manage entitlements
- Perform governance within Okta
- Test Panel App can:
- Create test data in Okta so that outcomes can be verfied
- Rollback deletion of test case data and results
This product is licensed per enterprise.
Other Panel Providers
- Azure B2C Graph Connection
- Azure Connection
- Azure Graph Connection
- Delimited File Connection
- Directory Connection
- LDAP Connection
- ServiceNow REST connection
- SQL Connections