MidPoint Deployment: First Steps - Self-Paced Training

Basic Information

Training based on midPoint 4.8
Anyone can gain free access to this self-paced training
Estimated time needed for completion: 16 hours
Place: Evolveum Learning Portal
9 modules and 32 hands-on labs
Certificate of Completion
- If you would like to receive the Certificate of Completion, we recommend signing up to the Learning Portal with your work email
This training is a prerequisite to the Self-Paced MidPoint Deployment: Group Synchronization training by means of which you can extend your knowledge from managing users and their accounts to roles and groups.

Description

Join our course aimed at building an extendable IGA foundation with basic synchronization and provisioning. This training will teach you how to carry out go-live regardless of data quality from HR, automate the Joiner-Mover-Leaver (JML) processes, manage birthright permissions, and use the latest features, such as simulations and smart correlation. The course participants will gain a solid understanding of midPoint’s basics and use it to integrate the first source and target systems safely in iterations with Evolveum’s “First Steps methodology”.

Target Audience

This training is useful for newcomers to identity management and governance, newcomers to midPoint, IT administrators, system engineers, identity architects, and deployment partners at all seniority levels.

Trainer

This training is hosted by our Expert Identity Engineer, Ivan Noris.

Prerequisites

No previous knowledge of midPoint is required.

Previous experience with concepts of user provisioning and identity management & governance is welcome.

Skills Gained

Upon completion of this course, you should be able to:

Create your first resources to connect to your source and target systems
Import accounts from a source system
Correlate existing accounts in a target system with midPoint
Import usernames from a target system to midPoint
Turn on provisioning to a target system in midPoint
Automate the synchronization between a source system and a target system via midPoint
Utilize simulations in the above steps to preview what is going to happen to avoid unintended data modification or deletion

Course Content

This course progresses through 9 modules and 32 hands-on labs:

1. Planning Your Deployment Project
In this module, we will introduce an environment in which we are about to deploy midPoint. We will define the main goals of this deployment and introduce the First Steps Methodology.

LAB 1-1: Inspect Your Environment

2. Connecting a Source System
In this module, we will introduce basic midPoint concepts related to provisioning, such as target systems, resources, and connectors, as well as create a new HR resource using the midPoint Resource Wizard.

LAB 2-1: Create an HR Resource

LAB 2-2: Configure an HR Resource

3. Importing Source Data
In this module, we will introduce midPoint simulations and use them to preview the import of data from an HR resource. Then we will import the data from the HR resource to midPoint to create users.

LAB 3-1: Single Source System Entry Import Simulation

LAB 3-2: Source System Data Import

4. Connecting a Target System
In this module, we will connect to the Active Directory using a predefined resource template. We will review the configuration that focuses on correlation and synchronization.

LAB 4-1: Creating an Active Directory Resource From a Template

LAB 4-2: Reviewing Active Directory Resource Synchronization Configuration

5. Target System Integration
In this module, we will simulate the integration of the Active Directory with midPoint. Accounts will be correlated to their midPoint owners. We will review orphaned accounts and decide their fate.

LAB 5-1: Simulated Correlation with the Active Directory

LAB 5-2: Marking Accounts

LAB 5-3: Ignoring Orphaned Accounts

LAB 5-4: Real Correlation with the Active Directory

6. Importing Usernames from a Target System
In this module, we will import usernames from the Active Directory to midPoint users. We will also clean up orphaned accounts in the Active Directory and resolve uncorrelated accounts from the previous modules.

LAB 6-1: Preparing Configuration For Username Import

LAB 6-2: Username Import Simulation

LAB 6-3: Username Import From the Active Directory

LAB 6-4: Deleting Orphaned Active Directory Accounts

LAB 6-5: Finalizing Correlation

7. Enabling Provisioning to a Target System
In this module, we will prepare the Active Directory resource for provisioning. We will make sure not to cause any unexpected changes in the Active Directory by using simulations.

LAB 7-1: Reviewing the Active Directory Resource Provisioning Configuration

LAB 7-2: Active Directory Provisioning Simulation

LAB 7-3: Active Directory Provisioning

8. Automating Integration
In this module, we will turn on the automatic provisioning of changes from HR to the Active Directory. This also includes generating midPoint usernames.

LAB 8-1: Generating Usernames in midPoint

LAB 8-2: Automating Active Directory Account Creation For All Users

LAB 8-3: Automating Active Directory Group Membership For All Users

LAB 8-4: Enforcing AD Account Data

LAB 8-5: Handling HR Data Updates

LAB 8-6: Handling Long-term Leave

LAB 8-7: Handling Leavers

LAB 8-8: Adding a New Outbound Mapping

LAB 8-9: Adding New Attribute Provisioning From HR to the AD

LAB 8-10: Exchanging an Inbound Mapping

9. Overriding Incorrect Data
In this module, we will demonstrate a situation with incorrect data coming from a dominant source of data and how to override it using midPoint.

LAB 9-1: Overriding a Malicious User Status

LAB 9-2: Overriding Incorrect HR Data

LAB 9-3: Overriding a Username

Self-Paced First Steps Training Course

Anyone can gain access to this self-paced course free of charge. We recommend to use your work email to sign up at the Learning Portal if you would like to receive the Certificate of Completion.
Before signing up for the training course, we recommend reading our Terms and Conditions.
Follow the instructions to access the Learning Portal and start the course.

How to become a subscriber?

Evolveum’s active subscribers can gain access to other self-paced training courses free of charge. For information about becoming a subscriber, please visit https://evolveum.com/services/subscribing-to-support/ or contact sales@evolveum.com.

Name	Provider	Purpose	Expiry	More information
PHPSESSID	Evolveum s.r.o.	Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.	When you close your browser
moove_gdpr_popup	Evolveum s.r.o.	When this Cookie is enabled, these Cookies are used to save your Cookie Setting Preferences. You can enable or disable your Cookie Settings on our website at anytime via Cookie Settings.	1 year	Read more
wordpress_test_cookie	Evolveum s.r.o.	Tests that the browser accepts cookies.	Session	Read more
wp-settings-[user_id]	Evolveum s.r.o.	Used to preserve user’s wp-admin settings	1 year	Read more
wordpress_[hash]	Evolveum s.r.o.	On login, WordPress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the Administration Screen area, /wp-admin/	Session	Read more
wordpress_logged_in_[hash]	Evolveum s.r.o.	Remember User session	Session	Read more
wordpress_sec_[hash]	Evolveum s.r.o.	This cookie is used to store your authentication details. Its use is limited to the admin console area, /wp-admin/	Session	Read more
wp-postpass_[hash]	Evolveum s.r.o.	This cookie is used to grant access to password protected areas of the site.	10 days
wp-settings-time-[user_id]	Evolveum s.r.o.	The number on the end is your individual user ID from the user’s database table. This is used to customize your view of admin interface, and possibly also the main site interface.	1 year	Read more

Name	Provider	Purpose	Expiry	More information
woocommerce_cart_hash	Evolveum s.r.o.	Helps WooCommerce determine when cart contents/data changes.	When you close your browser	Read more
woocommerce_items_in_cart	Evolveum s.r.o.	Helps WooCommerce determine when cart contents/data changes.	When you close your browser	Read more
wp_woocommerce_session_[hash]	Evolveum s.r.o.	Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.	2 days	Read more
tk_ai	Evolveum s.r.o.	Stores a randomly-generated anonymous ID. This is only used within the dashboard (/wp-admin) area and is used for usage tracking, if enabled.	Session	Read more
comment_author_{HASH} comment_author_email_{HASH} comment_author_url_{HASH}	Evolveum s.r.o.	When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won’t need to re-type all their information again when they want to leave another comment.	These are set to expire a little under one year from the time they’re set.	Read more