Onboarding resources to an identity management system
First Claim
Patent Images
1. A method of onboarding in an identity management system, comprising:
- discovering native object fields for identity management, wherein the fields are in an object schema of a resource to be onboarded into the identity management system;
marking fields in the object schema of the resource with semantic markers corresponding with fields of provisioning objects in the identity management system, wherein the semantic markers are organized in an ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers;
mapping the fields in the object schema of the resource to one or more provisioning objects of an identity management system profile including,directly matching the fields of the object schema having the same markers as the fields of the provisioning objects for a selected specificity level of the plurality of specificity levels in the ontology to create matched fields and unmatched fields;
increasing the specificity level of the selected specificity level to an increased specificity level; and
directly matching the unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and
enabling deployment from a generated deployment mapping from mapping the fields to add the resource to the identity management system.
2 Assignments
0 Petitions
Accused Products
Abstract
A process of onboarding a resource into an identity management system is disclosed. The identity management system is configured to connect users with resources and manage user identities and security entitlements of the connected resources. The process of onboarding a resource includes marking or tagging resource fields with semantic markers.
-
Citations
20 Claims
-
1. A method of onboarding in an identity management system, comprising:
-
discovering native object fields for identity management, wherein the fields are in an object schema of a resource to be onboarded into the identity management system; marking fields in the object schema of the resource with semantic markers corresponding with fields of provisioning objects in the identity management system, wherein the semantic markers are organized in an ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers; mapping the fields in the object schema of the resource to one or more provisioning objects of an identity management system profile including, directly matching the fields of the object schema having the same markers as the fields of the provisioning objects for a selected specificity level of the plurality of specificity levels in the ontology to create matched fields and unmatched fields; increasing the specificity level of the selected specificity level to an increased specificity level; and directly matching the unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and enabling deployment from a generated deployment mapping from mapping the fields to add the resource to the identity management system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 19)
-
-
11. A non-transitory computer-readable storage medium tangibly storing computer-executable instructions for controlling a computing device in an identity management system, the computer-executable instructions comprising:
-
instructions for discovering object fields for identity management, wherein the fields are in an object schema of a resource to be onboarded into the identity management system and converting the object schema to a resource specific ontology; instructions for selecting fields and tagging value significance with semantic markers corresponding with fields of provisioning objects in the identity management system, wherein the semantic markers are organized in a provisioning ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers; instructions for generating a connector map and a deployment map between the fields and the provisioning objects based on the value significance, including, instruction for directly matching the fields having the same markers as the fields of the provisioning objects for a selected specificity level of the plurality of specificity levels in the provisioning ontology; and instructions for increasing the specificity level of the selected specificity level to an increased specificity level; instructions directly matching unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and instructions for enabling deployment from a generated deployment mapping from mapping the fields to add the resource to the identity management system. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An identity management system configured to onboard a resource in an enterprise computing system, comprising:
-
a computer system having a processor and a memory wherein the computer system is configured to couple a user to a selected resource of the enterprise and to onboard resources; wherein the resource includes resource fields in a resource schema for identity management; wherein the memory includes a catalogue having semantic markers organized in an ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers; wherein the resource fields are marked with semantic markers of conveyed values; wherein the resource fields having the same markers as the fields of provisioning objects are directly matched together for a given specificity level of the plurality of specificity levels in the ontology; increasing the specificity level of the selected specificity level to an increased specificity level; directly matching unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and wherein deployment is enabled from a generated deployment mapping from the matching to add the resource to the identity management system. - View Dependent Claims (17, 18, 20)
-
Specification