Blog Entry

(View Disclaimer)

This Session Spotlight comes from Mark Forsey, an ATT Instructor who has been teaching Identity Manager since the DirXML days and will be teaching this session.

The objective of this session is to address the questions you have surrounding Entitlements in Identity Manager, which may include:

• Why are Entitlements used in IDM?
• How do I go about implementing Entitlements?
• What is the difference between the three Entitlement agents?
• How can I use the Entitlement Service Driver to not only grant Entitlements, but to also clean up data within my Identity Vault?
• How can I add drivers to the Resource Model within the Role Based Provisioning Model? Why do some drivers appear while others don’t?

These are some of the questions we will be discussing in the ATT Live session ‘Identity Manager: Entitlements from Creation to Implementation’.

And just to give you a taste of what the session will include, we’ll be discussing the following as part of the answer to the question of how you go about implementing Entitlements.

4 Step Entitlement Design Process

You need to know precisely what you want to accomplish with Identity Manager, then you can correctly design granting and revoking capabilities for any connected system resources. The following four-step procedure can help you plan to create and use entitlements:

1. Define the business process to be met via an entitlement. Know what you want to accomplish in your business situation. You can design and implement almost anything through Identity Manager, but you need to know what you want to do before implementing something that isn't defined. Start by making a numbered list of what you want to do.
2. Use a pre-configured entitlement or create a custom entitlement. Define an entitlement that represents one point from your numbered list. You can create valueless and valued entitlements. Valued entitlements can get their values from an external query, they can be administrator defined, or they can be free form.
3. Add policies to the Identity Manager Driver to implement the designed entitlement. To create a policy for an Identity Manager driver, you need to be conversant in XSLT or DirXML script, in the way the connected system handles and receives information, and with the way eDirectory stores information. (Unless you are a good DirXML programmer, this is a job for consultants.)
4. Set up an agent to grant and/or revoke your entitlement. The 3 ways of granting entitlements are Role Based Entitlements (policy), Workflow, and the Roles Subsystem of the Roles Based Provisioning Module.

These are the steps to successfully implement entitlements. If you create your own entitlements, you MUST add policy in the driver for them to work. No policy means no entitlement--they work together.

Why You'll Want To Be In This Session

This session will set you perfectly straight without confusion on how to effectively use Entitlements in your Identity Manager infrastructure.

This session consists of both lecture and a hands-on portion. In the hands-on portion you will create an Entitlement including defining the policies required to carry out the requirements of the Entitlement. You then use the Entitlement with the 3 agents (Entitlements Service Driver, User Application Provisioning Workflow, and RBPM Resource Model) available to you in Identity Manager and the Roles Based Provisioning Module to understand how they are applied.

I hope to see you at this year’s ATT Live and look forward to helping you work through all your questions regarding Identity Manager Entitlement creation and implementation!

Register today or find out more about ATT Live 2012, including a look at our proposed course catalog at: www.novell.com/attlive!

ATT Live 2012
May 15-18, 2012
Henderson (Las Vegas), NV
4 days of instructor-led, hands-on advanced technical training for only $1,400 if you register before March 31!

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.