Was recently asked if we had support for configuration changes in Getlab. I am not aware of a way to have configuration changes in Identity Governance to get checked in. Has anyone had this request or set this up before?
Cybersecurity
DevOps Cloud
IT Operations Cloud
Was recently asked if we had support for configuration changes in Getlab. I am not aware of a way to have configuration changes in Identity Governance to get checked in. Has anyone had this request or set this up before?
Following SDLC and using a devops approach is a common desire in larger IG deployments.
1. Multiple environments! Make sure configuration development and testing happens in a place that isn't production. Once you validate its working, then promote that config to prod.
2. Exports are almost entirely json. From the interface you can export just about everything you can configure. I believe its all JSON format, which means you can add it to a git repo. Its up to you to choose your git workflow. I think at a minimum you'd want to ensure you have tagged or labeled commits so you can revert easily if you need to.
3. You can also import those exports into another environment. This has some repercussions. Many items reference either users or permissions or IG groups. When importing you will need to ensure those mappings are re-mapped. You may be able to do this in the json export file itself if you are savvy. Also, several object types rely on other object types. For instance, an application config is required for a review definition that relies on it. IG Groups are required before you reference them in a policy, etc. I'd suggest starting with schema and collectors, then going from there. The order matters in how you deploy.
4. Warning that exports from one version are not guaranteed to work in other later versions. You may find that you need to massage the data for certain object types.
5. You may want to leverage the API to export/import if you are working with a massive amount of config, but that is not supported, and there is an inherent risk with something changing in the future you rely on. So a word of caution there. Automation can work wonders but you are taking on some responsibility there.
--Jim