Product walkthrough
To visualize the benefits of Omada Identity, Omada provides a demo of the solution. This document describes the content of the demo environment and how to prepare the environment for going through the demo script. This document provides a script to follow when executing the various scenarios available in Omada Identity.
This section always depicts the latest version of Omada, regardless of the version you select in the top right corner of the documentation portal. Refer to the version badges above for guidance.
Intended Audience
The audience for this document is sales, pre-sales, consulting resources and super users who want to familiarize themselves with the standard functionality provided by Omada Identity out-of-the-box.
Reference Architecture
This demo introduces the reference architecture in the integrated Omada Identity. The overall concept is that Omada Data Warehouse serves as an actual state repository, while Enterprise Server serves as master data and desired state repository with management and compliance workflows accessed through the Omada Identity Portal.
The illustration above describes the system setup:
- Data from HR, AD, and other systems is loaded into the Data Warehouse.
- Data is imported to the Enterprise Server from the Data Warehouse.
- Contractors originate from Enterprise Server and are imported into Data Warehouse from Enterprise Server. Application assignments are imported from Enterprise Server.
- The Role and Policy Engine calculates CRAs (Calculated Resource Assignments) for identities and determines the compliance status for each assignment.
- For systems marked to be managed by Omada Provisioning Service, the Omada Role and Policy Engine creates provisioning tasks to provision the desired state.
- The Survey feature sends approval data to Omada Data Warehouse Master database.
- Continuous reconciliation into the Data Warehouse is done on a scheduled basis and can also be triggered manually.
Provisioning has been configured using the Omada Provisioning Service. The GWG Legacy system is configured for manual provisioning.
Systems
The demo environment contains these physical systems:
| System | Description |
|---|---|
| Active Directory | Active Directory. Provisioning is handled via FIM Sync. |
| Global Directory (LDAP) | ADLDS instance |
| Global Banking Group HR System | Provides identities and organizational structure. Contractors are not present in the HR system. |
| Global Warehouse Group HR system | Provides identities and organizational structure. Contractors are not present in the HR system. |
| GWG Legacy | System that uses manual provisioning. Used in the Account ownership scenario. |
| Omada Identity | The Omada solution itself is defined as a system. |
Applications (logical systems)
Global Banking Group
| System | Description | Physical System |
|---|---|---|
| Finance System | Onboarded. Used for prioritization policies. | AD |
| Document Management | Onboarded. Used for the SoD scenario and delegate access. | AD |
| Trading System | Onboarded. Used for SoD scenario. | AD |
| Knowledge Sharing | Onboarded. Used for Conditional Inheritance scenario. | AD |
| Know Your Customer | Used for the Application onboarding scenario. | AD |
Global Warehouse Group
| System | Description | Physical System |
|---|---|---|
| GWG Purchasing | Onboarded. | AD |
| Point of Sales | Onboarded. | AD |
| Time Management | Onboarded. | AD |
Additional systems
The below systems are also onboarded to demonstrate some of the connectivity options.
| System | Description |
|---|---|
| Microsoft Azure Active Directory | Users, Groups, Memberships, Roles, Assignments |
| Amazon Web Services | Users, Groups, Policies, Memberships, Assignments |
| Microsoft Exchange Hybrid | Mailboxes |
| Microsoft Exchange Online | Mailboxes |
| mijnCaress | Users |
| Entrust | Users |
| Google Workspace (G Suite) | Users, Groups, Memberships |
| CyberArk | Users, Groups, Safes, Permissions, Privileged Data, Memberships |
| Salesforce | Users, Permission Sets, Assignments |
| SAP Access Data | Users, Roles, Role Assignments |
| SAP GRC | Users, Roles, Role Assignments |
| SAP HCM | Identities, Contexts |
| SAP SuccessFactors | Identities, Contexts |
| ServiceNow | Users, Groups, Roles, Memberships, Assignments |
| Okta | Users, Groups, Apps, Memberships, Assignments |
| Slack | Users, Groups, Memberships |
| HCM | .csv file with identity objects |
The login details for the systems have been removed from the demo image.
Actors
Each actor has an icon on the desktop to log in to the Omada Identity Portal.
Global Banking Group
The table below details the actors and their roles in the demo.
| Actor | Role | Description |
|---|---|---|
| Emma Taylor (EMMTAY) | Requester | End user in the system. Loan Clerk in Invest Chicago. Used for Request access, Delegate access, SoD, and Manual provisioning scenarios. |
| Alan Parker (ALAPAR) | Requester | End user in the system. Business Loan Officer in Business Chicago. Can be used for Request access, Delegate access, SoD, and Manual provisioning scenarios. |
| Robert Wolf (ROBWOL) | Manager | Manager of the Org. unit Invest Chicago. Manager of Emma Taylor. User for approvals of requests and evaluation of SoD violations. Also used for the joiner and scenarios |
| George Adams (GEOADA) | Manager | Manager of the Org. unit Internal Accounts Chicago. Used for the mover and leaver scenario. |
| Jason King (JASKIN) | System Owner (Business) | System owner (Business) of the LDAP and Legacy systems. Used in the compliance, and manual provisioning scenarios. Also used for resource owner approval in the relevant systems. |
| Hanna Ulrich (HANULR) | System Owner (IT) and IT Administrator | System owner Active Directory, LDAP and Exchange. |
| William Denver (WILDEN) | Application Owner | Application owner of Anti-Fraud and Know You Customer. Used for Resource Owner approval and application onboarding. |
| Trevor McDonald (TREMCD) | Application Owner | Application owner of Document Management. Used for Resource Owner Access Review. |
| Nancy Francis (NANFRA) | Application Owner | Application owner of Trading System. Used for System Owner approval. |
| Beverley Rich (BEVRIC) | Application Owner | Application owner of Finance System. Used for Application Onboarding. |
| Judy Miller (JUDMIL) | Auditor | Has auditor access, including ODW Reports. JUDMIL is the security officer that reviews SoD violation evaluations. |
| Adam Brown (ADABRO) | Service Desk Agent | Service Desk Agent for the org. Units Box Rental, Business, Internal Accounts, Needy Customers, Parking, Private Banking, Private Department, Without Financial Advisor, Finance, Fortune, Invest, Pension, Private Banking – all located in Chicago. |
| Alex Picket (ALEPIC) | Manager | Manager of several Org. units Manager of Robert Wolf. |
| Robert Scott (ROBSCO) | Manager |
None of the actors have data or system administrator rights in the system. To log in as the system administrator, simply open a new session of Microsoft Edge from the Windows start menu.
Tools
The tools section of the desktop contains system and services that connect to Omada Identity. The Tools section contain these shortcuts:
- HR System - HR system. Used to onboard, transfer and offboard employees.
- Role Analytics tool - used in the Role Mining scenario.
Desktop experience
The software Fences is used to organize the desktop including shortcuts for the demo actors.
