What is Identity Governance and Administration and how does it work with Tanzu Platform cloud services
Identity Governance and Administration (IGA) is a service that allows your enterprise to obtain data for audit trail and certification, and helps Organization Owner users to manage self-service access requests, approvals, violations, and API tokens in real time.
The IGA service comes with two sets of features: basic and advanced. It is only available to Organizations with federated domains.
- To start using the basic IGA features, an Organization Owner must activate the IGA service by clicking the Get Started link on the Identity & Access Management > Governance page.
- To start using the advanced IGA features, see How do I activate advanced Identity Governance and Administration in my Organization.
Using the IGA service in an Organization, lets Tanzu Platform cloud services users do the following:
| As an | with basic IGA | with advanced IGA |
|---|---|---|
| Organization Owner user | - Access the IGA dashboard from the Identity & Access Management > Governance page in the Tanzu Platform cloud services console. |
- Activate or deactivate your Organization Members ability to submit self-service requests for additional roles. - Govern access to services in your Organization by managing incoming Organization and service role requests. - Monitor violations and immediately respond to threats.
|- Onboard a service in any governance activated Organization linked to your corporate identity provider.
| |Organization Member|- If activated in the Organization, submit self-service access requests for additional Organization and service roles. See Request Roles in Governance Enabled Organizations.
|- Onboard yourself in any governance activated Organization linked to your corporate identity provider. See How do I onboard as a user with a federated account.
|
- How do I activate advanced Identity Governance and Administration in my Organization
If your domain is federated, additional Advanced Identity Governance and Administration (IGA) features can be activated for all Organizations in the federated domain. - How do I manage self-service requests for additional roles
As an Organization Owner user of an Identity Governance and Administration (IGA) activated Organization, you manage Organization and service roles requests through the Governance > Requests page in Tanzu Platform cloud services console. - How do I monitor violations of policies in my Organization
As an Organization Owner user in an Identity Governance and Administration (IGA) activated Organization, you monitor access violations for user logins and logins with OAuth apps and API tokens in your Organization. You define and modify the policies for triggering violations. - How do I take action against violations of policies in my Organization
As an Organization Owner user in an Identity Governance and Administration (IGA) activated Organization that monitors violations, you can take action against the violations discovered in your Organization. You access the full list of violations by navigating to Identity and Access Management > Governance > Violations. - How do I manage API tokens in my Organization
As an Organization Owner user in an Identity Governance and Administration (IGA) activated Organization, you monitor the API tokens created in your Organization and set constraints for idle and maximum Time to live (TTL) for all newly created tokens. - How do I assign default roles in my Organization
As an Organization Owner user in an Identity and Access Governance (IGA) activated Organization, you can assign default Organization and service roles to users in your Organization by setting up a policy.
Parent topic:Identity & Access Management
