File Access Manager Configuration

1. Import the init-fam.xml file into IdentityIQ, using the iiq console or the gear menu > Global Settings > Import From File page.

2. Click the gear menu > Global Settings > File Access Manager Configuration.

Connection Information for File Access Manager

File Access Manager Hostname

The host name of the File Access Manager server. This is the host where the File Access Manager website is installed.

If you are using an HTTP or HTTPS proxy for IdentityIQ's communications, and you want to make an exception for connecting to File Access Manager, you can configure your File Access Manager connection to bypass the proxy connection by adding this key to the FAMConfiguration object:

<entry key="ignoreProxyProperties" value="true" />

Basic / OAuth

Choose your method of authenticating with the File Access Manager website. Basic uses a username and password. OAuth uses a client ID and client secret.

Basic authentication can be used for identities that are configured in the File Access Manager Administrative Client as having the API User privilege.

OAuth credentials can be retrieved from the File Manager website, through the Settings > General > API Authorization menu.

Username

For Basic authentication, enter the username for an identity that has the API User privilege in File Access Manager.

Password

For Basic authentication, enter the password for an identity that has the API User privilege in File Access Manager.

Client ID

For OAuth authentication, enter the OAuth client ID for File Access Manager

Client Secret

For OAuth authentication, enter the OAuth client secret for File Access Manager

Correlation Information for File Access Manager

SCIM Correlation Rule

If the correlation logic in your configured applications does not meet your needs for correlating File Access Manager groups and accounts to IdentityIQ groups, you can use a custom rule to manage correlation. The rule must have a rule type of Correlation in order to appear in this drop-down.

SCIM Correlation Applications

Select the application(s) to use for correlating File Access Manager objects to IdentityIQ identities. Selecting an application here means that the correlation logic defined for the application will determine how File Access Manager objects are correlated to identities.

Use Test Connection to verify that the connection information is accurate and functional.

Once the File Access Manager integration is configured, a Data Governance menu is available in IdentityIQ. The Data Governance menu provides direct access to features in the File Access Manager website.

The Data Governance menu is available only to users who have the IdentityIQ FAM Administrator capability, or any capability that includes the ViewFAMNavigationMenu SPright.

For more information about Data Governance in File Access Manager, refer to the IdentityIQ File Access Manager documentation.

Once the File Access Manager integration is configured, widgets that show data about Sensitive Data Exposure and Sensitive Resources Missing Owners are available on the IdentityIQ home page.

The widgets display read-only information about sensitive data that is monitored in File Access Manager. Each widget shows counts for resources, and an overall compliance score. The compliance score is color-coded to indicate risk, 0-5 is considered high risk, 5.1-7.5 medium risk, and 7.6-10 low risk.

The widgets do not provide direct access to the File Access Manager website; in other words, users cannot click the widgets for more detailed information, or to access the File Access Manager website.

These widgets are available to users who have the IdentityIQ FAM Administrator capability, or any capability that includes the ViewFAMAdminWidgets SPright.

Users can click Edit on the home page to add, remove, or move these widgets.

For more information about Sensitive Data Exposure and Data Ownership in File Access Manager, refer to the File Access Manager documentation.