Managed Integrations
For each Provider Data Integration, Cisco Identity Intelligence needs to collect various data types to surface specific user information or alert on certain checks. We are constantly adding new data types, which can be a burden for Admins to add manually and stay on top of. We developed Managed Integrations to automatically enable data types for your integrations so that you no longer need to continuously check your data integrations to enable newly added data types. This article will explain how managed data types appear when configuring a new integration, how to modifying an existing integration's data types, as well as the differences between having a managed or unmanaged integration, and required vs additional data types.
Creating a new data integration with managed data types
To create a new data integration:
Navigate to the Integrations tab within Identity Intelligence and select the blue + Add Integration button on the right side of the screen
Select the data integration type you would like to configure (Okta, Azure, etc)
Fill in the require fields displayed on the General Settings tab and click the blue Connect button on this page
Note: For most integrations, initial setup steps are required on the data integration side to create keys, secrets, etc needed to fill in the fields of the General Settings page. To learn more about what steps are needed for each specific data integration, refer to the documentation for the desired integration
Once you have clicked Connect, Identity Intelligence will test the connection to the integration to ensure the information provided is correct, and will read the licenses/permissions associated with that data integration to determine what data types are available
The connectivity test can take a few minutes to run. All the information is saved, so you can leave this page and come back later if needed
If the connectivity test is successful: Your integration will be saved with the appropriate managed data types based on the licensing/permissions/etc detected for the integration. On the Integrations page, you will see Connectivity: Successful and Collection Status: Success in the table for the given integration.
If the connectivity test fails: If you did not navigate away from this page during the connectivity test, you will see an error message. Review the data that was entered for each field on the General Settings page to make sure there are no mistakes. If there are no errors, click Keep and Continue to save the integration. On the Integrations page, you will see Connectivity: Disconnected and Collection Status: Disabled in the table for the given integration
Click Edit Settings for the given integration on the Integrations tab
Go to the Advanced Settings tab to review the data types. Here you may see some questions regarding license types, permissions, API permissions, etc that have been filled out according to the integration data received during the connectivity test
Adjusting the answer to any of these questions will change which managed data types are selected for the integration. If any answers are incorrect, fill in the correct answer and confirm the necessary permissions, etc are correctly configured on the data source side as well
Click Save
For how to modify an existing integration, jump to the section below.
Managed vs unmanaged data integrations
By default, all data integrations are managed integrations upon creation. You can determine if a data integration is managed or unmanaged by looking at the Advanced Settings page for that integration.
We highly recommend keeping integrations in managed mode to save time and make sure you aren't missing out on any data!
If your integration is managed, when Identity Intelligence adds a new data type for a specific integration, the data type will automatically be enabled and collected for you (assuming the integration has the necessary license, permissions, etc for this data type ).
If your integration is unmanaged, when Identity Intelligence adds a new data type for a specific integration, the data type will NOT be automatically enabled and collected. You will need to go to the specific Integration, select Edit Settings, go to the Advanced Settings tab for the integration and manually select each new data type to start collecting that data. Since new data types are added continuously, you will need to return to each integration page regularly to review any new data types that have been added and enable them.
To change a data integration to managed or unmanaged, use the toggle found on the Advanced Settings tab of each data integration.
Required data types vs Additional data types
Within each data integration, there can be required data types and additional data types.
Required data types are greyed out and cannot be disabled regardless of if the integration is managed or unmanaged. These are data types that must be enabled for the data integration to be configured and working properly. Identity Intelligence may add or remove new data types to the required data types, if needed.
Additional data types are most often associated with the questions at the top of the Advanced Settings tab because the additional data types will vary depending on a given data source's licenses, permissions, etc. These questions are answered automatically based on the connectivity test results, but the responses can be modified if needed, which will impact which data types are collected automatically and visible on this page.
If the integration is not licensed for or doesn't have the correct permissions for a selected data type, you may see errors on the Integrations page noting that the data collection for that integration was not fully successful. If a data type is incorrectly enabled, Identity Intelligence will fail the data collection for only that disallowed data type, but will still collect for all other allowed data types.
Additional data types will be greyed out and not editable if the integration is managed. If the integration is unmanaged, any additional data types will have a check box next to it, indicating that this data type can be modified.
Though it is possible to deselect additional data types, we highly recommend not removing additional data types to ensure you are collecting as much information as possible for each user and to not impact any checks that may rely on this data.
Modify an existing integration's data types
Existing integrations can be modified via the Advanced Settings in a few ways related to this topic:
Change an integration from managed to unmanaged, or vice versa, by using the toggle on the Advanced Settings tab to change between managed and unmanaged
Add or remove additional data types by changing answer(s) to the questions and/or change integration to unmanaged to select/deselect any non-required data types (Note: Required data types cannot be removed)
Last updated