1.3 What’s New
in Identity Manager 3?
Identity Manager 3 has the following new features:
1.3.1 Designer for Identity Manager
Identity Manager 3 includes an extremely flexible and powerful
modeling tool, Designer 1.1. Designer is a standalone client application
that enables you to design, deploy, and document Identity Manager-based
solutions in a highly productive environment.
Using Designer, you can do the following:
- Design solutions locally, test them,
then deploy solutions to the network.
- Import existing solutions from the network into
Designer and work on them.
- Interact with your deployed solution to update any
setting and view the state of any driver or system.
Designer has most of the configuration capabilities that are
available in Novell iManager, plus new capabilities and advantages
for designers. Some of the tasks you can perform in Designer include:
- Use powerful modeling to create the
big picture of Identity management for your enterprise, with all
Identity Manager components, end-systems and applications, and other
visual elements. Divide the big picture into smaller connected pictures
by organizing the systems into groups. Pan, scan, and zoom. Model
application subsystems, eDir-to-eDir, and multiple drivers connecting
to one system, in a way never possible before.
- Work in different modes as either a high-level architect
or a low-level developer, and easily transition from one to the
other.
- Visually see and manipulate how data flows across
the entire enterprise.
- With the push of a button, document your solution
with detailed tables, charts, and graphics of all of your systems.
You can document policies, schema, Identity Manager components,
custom content, and project information, including a table of contents,
appendix, and page numbering. You can strongly customize both the
content and format of your document.
- Use the built-in policy simulator and Identity Manager
engine to test your policies off-line.
- Easily create, copy, move, and share projects that
span an entire enterprise. Because projects are local and filed
based, you can easily back up and version your entire solution.
- Use instant project-wide search and edit capabilities.
- Work in a highly productive rich-client environment,
with a native look and feel.
- Work well in a disconnected mobile environment for
when you're “on the go.”
- Use strong visual editors, minimal pop-ups, and
well-synchronized views laid out to maximize productivity.
- Use wizards to help you get started and configure
projects.
- Auto-create of objects, auto-value, auto-connection,
auto-layouts.
- Use strong copy/paste within and across
editors, as well as full undo/redo in most editors and views.
- Set many preferences and options that tailor the
UI to how you want to use the product.
- Get help thorough contextual help and a powerful
searchable help system.
- Auto-update installation notifies you of any updates
and easily pulls them in.
Designer also comes with a number of features for developers:
- You can easily add and model something
not in the shipping version. For example, you can add your own applications,
drivers, resources, and icons.
- You can configure Designer to use a different editor.
Configure all file types (for example, .xml and .txt)
to use your editor of choice. Eclipse-based editors work best, but
you can also include various artifacts (for example, word processing
documents and spreadsheets). The native editor is automatically
integrated into Designer if the platform supports it.
- You can develop and debug in Java. If you install
Designer plug-ins into a full Eclipse install, you can do Java development
and debugging, ANT, C#, and UML modeling, all in the same tool
alongside Designer. This has particular value to Identity Manager
driver writers (Java or C) who want the tools all together.
- You can use public APIs. Novell is using fully published
public Eclipse APIs, an underlying project data model that is consistent
with open industry standards in its format, and also using published
Eclipse extension points.
Audiences
Designer was created for the following audiences:
- Enterprise IT developers
- Consultants
- Sales engineers
- Architects or system designers
- System administrators
This tool is aimed at information technology professionals
who:
- Have a strong understanding of directories,
databases, and their information environment
- Act in the role of a designer or architect of identity-based
solutions
You don’t need to be a developer or programmer to
fully make use of every aspect of this tool. We provide many capabilities
for developers to extend this tool to suit their own needs. Wizards
make this tool easy to learn and use in building Identity Management
solutions. Experienced users can bypass the wizards and interact
directly at any level of detail.
You can also use Designer as an effective and valuable tool
to help communicate key Identity Solution concepts and design to
strategic decision-makers in the organization. You can use both
the visual Modeler and documentation that captures and displays
Designer data.
How Designer Relates to the iManager
Tools
iManager’s primary use is for administration. iManager
continues to be updated with new functionality for managing and
monitoring deployed solutions. iManager’s Web-based environment continues
to have the following advantages:
- Remote access
- Centralized administration
- Support for roles
- Integration with other Web-based tools
iManager and Designer have similarities, but their features
and end-user experience are optimized for their respective target
users and environments. They are compatible. You can export information (for
example, a driver set or a driver) from one application to the other.
Also, several key common User Interface elements have been made
similar so that you can move between the tools effectively.
1.3.2 Entitlements for Workflow-Based Provisioning
and Enhancements to Role-Based Entitlements
Identity Manager allows you to synchronize data between connected
systems. Entitlements allow you to set up criteria for a person
or group that, once met, initiate an event to grant or revoke access to
business resources within the connected system. This gives you one
more level of control and automation for granting and revoking resources.
There are two aspects to making entitlements work: creating
the entitlement and managing the entitlement. You create entitlements
through iManager or through Designer. To create an entitlement through
iManager, select the Option
under the heading
in iManager. For more information, see Creating
and Using Entitlements
in the Novell
Identity Manager 3.0 Administration Guide.
You can also use Designer to create entitlements and deploy
them into existing Identity Manager drivers. Designer allows you
to create entitlements through the Entitlement Wizard, which gives
you a graphical interface through which to create the entitlement,
and steps you through the process. In iManager, you create entitlements
through a simple interface, but you add additional properties through
an XML editor. Because it has a graphical interface, we recommend
using Designer for creating and editing entitlements.
After you create entitlements (or use entitlements that come
preconfigured with certain Identity Manager drivers), you need to
manage them. Entitlements are managed by two packages or agents: iManager
through Role-Based Entitlement Policies or with workflow-based provisioning
through the User Application.
Role-Based Entitlement policies allow you to grant business
resources if the criteria are met. For example, if a user meets
criteria 1, 2, and 3, then a Role-Based Entitlement policy can add
the user to Group H; but if the user meets criteria 4 and 5, he
or she becomes a member of Group I. In order for this entitlement
to work through workflow-based provisioning, approval is first required.
Entitlements created in Designer 1.1 won’t work on
Identity Manager engines earlier than Identity Manager 3.0. In Designer,
you can access the Entitlements Wizard from the Modeler or from
the Outline view.
- In the Outline view, right-click an
Identity Manager driver. Select .
- In the Modeler view, right-click a Driver object
and select .
1.3.3 Novell Identity Manager User Application
and Workflow-Based Provisioning
The Novell Identity Manager User Application is a powerful
Web application with supporting tools for provisioning. Workflow-based
provisioning is the process of managing user access to secure resources
in an organization. Users request resources and one or more individuals
(including delegates or proxies) with approval rights can approve
or deny the request. Users can also view the status of requests.
When used in conjunction with the Provisioning Module for
Identity Manager and Novell Audit, the Identity Manager User Application
provides a complete, end-to-end provisioning solution that’s secure,
scalable, and easy to manage.
The User Application offers the following Web-based end user
functionality:
- White pages
- Organizational charts
- User search (with ability to save custom search
configurations)
- Self-service password management
- Lightweight user administration tools
- Initiation and monitoring of provisioning requests
(if the Provisioning Module is installed)
- Management of personal and/or team tasks
(if the Provisioning Module is installed)
- Delegation and proxy capabilities
- Self-Service User Profile management (users can
edit selected information on their public profiles)
- E-mail notification of provisioning tasks
- More than 85 portlets to create customized intranet
pages for users as part of the Identity portal
- Support for self-provisioning and approval based
provisioning workflows
For the system administrator, the User Application offers
a rich assortment of configuration and administration capabilities,
including:
- iManager plug-ins to allow setup
and management of proxy and delegation rights
- Access to logging tools and customized Crystal Reports
- Wizard-based configuration of workflows (if the
Provisioning Module is installed)
- Workflow management (if the Provisioning Module
is installed), including enabling and disabling of workflows and
suspension of flows in progress
- Eclipse RCP-based Designer for creating custom virtual-directory
object definitions and relationships
Support for workflow-based provisioning is a key feature of
Identity Manager 3 and is a separate purchase. Workflow-based provisioning
is not supported in Identity Manager 2.