Supported Features

The ACF2 source supports the following features:

• User aggregation, including connections to ACF2 groups (based on UIDs)

• Group aggregation based on:

  • UIDs in ACF2 rules

  • ACF2 Roles X-ROL

  • ACF2 Sources X-SGP (for DB2 users)

• Create and update ACF2 Users

• Enable and disable ACF2 users

• Connect or disconnect an ACF2 user to a group (based on UID, Role, or Source)

• Change ACF2 users' passwords and passphrases

• Aggregation and provisioning of ACF2 user-defined fields

• TLS support and Mutual TLS

  For more information on implementing TLS 1.2, refer to TLS Communication.

• Client authentication

  The ACF2 source supports client authentication, which validates every incoming request from the provisioning engine before executing the request. The source requires the client to send the credentials of a registered user with every request for proper authentication.

  For more information, refer to Security Configurations for Mainframe Integration Components.

• Customizable account aggregation managed by the ACF2 application.

  For more information, refer to Support for Account Aggregation Filter.

• Support for the prefix value to be passed in the plan. For more information, refer to Support for Prefix Value.

• Support for the following ACF2 features:

  • Access requests and remediation of X-ROL and X-SGP Entities for ACF2

  • Entitlement aggregation includes roles (X-ROL) by default

  • Aggregation of sources (X-SGP)

    • Request a new role for an account while removing an existing source from an account

    • Request a new source for an account while removing an existing source from an account (if configured)