We are trying to establish some security standards with respect to the
Identity Manager User Application deployed in our current environment -

1. Achieve complete SOAP security for all communications between
*ServiceNow* & *Identity Manager User Application *(Here, SOAP services
will be both outbound & inbound).

Now, as per the documentations on User Application (-refer page 47-48 of
agpro.pdf-),__Mutual_Authentication_ is not supported out of the
box.Just wanted to make sure if that absolutely means that the user
application is not capable to exchanging SSL certificates during any of
the outbound / inbound webservice calls. Is Basic Authentication the
only way to have a secured transmission of sensitive data between the
two applications ?

Alternatively, how do I achieve SSL security between ServiceNow & User
Application with respect to SOAP web services.

2. Achieve 2 Factor authentication for all IDM users when trying to
login through the User Application portal.

Again, as per the documentation, this can only be achieved in
conjunction with the NetIQ Access Manager using SAML 2.0. Just wanted to
make sure that if this is with the help of security standard SAML 2.0,
can the IDM not support a SAML assertion from any other Third party

Please correct me if any of the above is incorrect.


joydeepdasgupta's Profile: https://forums.netiq.com/member.php?userid=10159
View this thread: https://forums.netiq.com/showthread.php?t=56057