Just to chime in from technical SME PoV....
I agree with Stephen's assessment - ISV is not replacing our on-prem solution ISVG (aka knows as ISIM/IM and IGI) but can do "lightweight" provisioning.
There are some feature to do lifecycle management and governance - but compared to ISVG these functionality will require a lot of manual work if you go beyond simple request based provisioning.
Also be aware - although adapters are supported on ISV - there a subtle things that the brokerage that does not support that is supported for ISVG only - it is my hope that we get those restriction removed over time.
When you setting up a provisioning gateway you will have to provide/install the adapter infrastructure your self - that means installing adapters (DAML - that is AD/Win Local/MS SQL/Notes adapters) or SDI with the Dispatcher. That is not part of the gateway which is a small container based install.
IMHO what you always need to assess is the overall TCO of your solution - there are several elements - license costs, infrastructure cost/maintenance, governance(the solution you deploy) cost/maintenance - I normally recommend to automate as much as it make sense as this should drive down you overall TCO - but this is not an easy thing....
HTH
------------------------------
Franz Wolfhagen
WW IAM Solution Engineer - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------
Original Message:
Sent: Thu March 21, 2024 04:14 AM
From: Stephen Swann
Subject: Is ISVG a Required Component in ISV env When Using ISV to Manage ISVG/ISVG-IM Adapters?
Jacky,
You are correct in assuming that ISVG/ISVG-IM is NOT a required component in an ISV environment for provisioning. The docker components you listed are basically micro-elements of the ISVG toolset which act as the bridge for provisioning requests.
ISV (SaaS), in conjunction with those docker elements, is more than capable of performing the provisioning, de-provisioning, suspension, restoration, and password management using the adapters listed - or even custom adapters.
ISV (SaaS) is lightweight compared to ISVG/ISVG-IM when it comes to things like provisioning policies & enforcement. The assignment of entitlements based on roles is certainly a feature that is provided by ISV (SaaS) and there will also be the option of defining Dynamic Roles shortly - this feature is in Beta Mode just now.
For non-event driven life-cycle operations, you can easily define those rules outside of the ISV (SaaS) platform and merely use the APIs to poke ISV (SaaS) into action. We certainly do that a lot for a range of use cases. In effect, it's not much different from defining an Advanced Rule in ISVG or a Lifecycle Rule in ISVG-IM.
Hope that helps - happy to provide more detail if required.
------------------------------
Stephen Swann
Managing Director
Madigan Solutions
Belfast
www.madigansolutions.com
Original Message:
Sent: Thu March 14, 2024 10:24 PM
From: Jacky Wang
Subject: Is ISVG a Required Component in ISV env When Using ISV to Manage ISVG/ISVG-IM Adapters?
Hello,
The ISVGA adapters are 'labelled' for ISVG and ISVG-IM as per link.
While ISV's on-prem application integration doc link mentions its "Verify Bridge+Verify Identity Brokerage+Identity Brokerage DB (Postgres)" can play the linking role, which sounds like the ISVG/IM(known ISIM/IGI) does.
So does it mean ISVG/ISVG-IM is not a required component in ISV env and all ISVG adapters are actually available(licensed)to ISV?
And how far/much in managing role can the ISV with broker/bridge agent play comparing to the traditional ISIM/IGI(ISVG)?
My target on-prem application endpoints to connect and manage in ISV env would be the simple LDAP/AD, SAP NW box, AS400 server for deprovisioning(suspension/restoration/deletion) LCR operation as well as password sync.
Thank you!
------------------------------
Jacky Wang
------------------------------