1.1 An Introduction to Identity Manager
Novell® Identity Manager 3 is an award-winning data-sharing
and synchronization solution that revolutionizes how you manage
data. This service leverages a central datastore, your Identity
Vault, to synchronize, transform, and distribute information across
applications, databases, and directories.
When data from one system changes, the Metadirectory engine
included in Identity Manager detects and propagates these changes
to other connected systems based on the business rules you define. This
solution enables you to enforce authoritative data sources for any
particular piece of data (for example, an HR application owns a
user's ID, while a messaging system might own a user's e-mail account
information).
Identity Manager lets a connected system (such as SAP*,
PeopleSoft*, Lotus Notes*, Microsoft* Exchange,
Active Directory*, and others) do the following:
- Share data with the Identity Vault.
- Synchronize and transform shared data with the Identity
Vault when it is modified in connected systems.
- Synchronize and transform shared data with connected
systems when the data is modified in the Identity Vault.
Identity Manager does this by providing a bidirectional framework
that allows administrators to specify which data flows from the
Identity Vault to the application and from the application to the Identity
Vault. The framework uses XML to provide data and event translation
capabilities that convert Identity Vault data and events into the
specified application-specific format. It also converts application-specific
formats into a format that can be understood by the Identity Vault.
All interactions with the application take place using the application’s
native API.
Identity Manager lets you select only the attributes and classes
that correspond to relevant connected system-specific records and
fields. For example, a directory datastore can choose to share User-type objects
with a Human Resources datastore, but not share network resource
objects such as Servers, Printers, and Volumes. The Human Resources
datastore can in turn share users’ given names, surnames,
initials, telephone numbers, and work locations with a but not share
the users’ family information and employment history.
If the Identity Vault doesn’t have classes or attributes
for data you want to share with other applications, you can extend
the eDirectory schema to include them. In this case, your Identity
Vault becomes a repository of information that it does not need,
but which other applications can use. The application-specific datastore
maintains the repository for the information that is required only
by the application.
Identity Manager accomplishes the following tasks:
- Uses events to capture changes in
the Identity Vault.
- Centralizes or distributes data management by acting
as a hub to pull all data together.
- Exposes directory data in XML format, allowing it
to be used and shared by XML applications or applications integrated
through Identity Manager.
- Controls the flow of data using specific filters
that govern data elements defined in the system.
- Enforces authoritative data sources by using permissions
and filters.
- Applies rules to datastore data that is in an XML
format. These rules govern the interpretation and transformation
of the data as changes flow through Identity Manager.
- Transforms the data from XML into virtually any
data format. This provides Identity Manager the ability to share
data with any application.
- Carefully maintains associations between Identity
Vault objects and objects within all other integrated systems, in
order to ensure that data changes are appropriately reflected across
all connected systems.
With Identity Manager, your business can simplify HR processes,
reduce data management costs, build customer relationships through
highly customized service, and remove interoperability barriers
that inhibit success. Below are several example activities that
Identity Manager enables:
Table 1-1 What Identity Manager Can Do For You
Manage User Accounts |
With a single operation:
Identity Manager almost immediately grants or removes access
for an employee to resources.
Identity Manager provides automated employee provisioning capability,
to give a new employee access to network, e-mail, applications,
resources, and so forth.
Identity Manager can also restrict or disable access upon termination
or leave. |
Track and Integrate Asset Inventory |
Identity Manager can add profiles for
all asset inventory items (computers, monitors, phones, library
resources, chairs, desks, etc.) to the Identity Vault and integrate
them with user profiles such as individuals, departments, or organizations. |
Automate White/Yellow Page Directories |
Identity Manager can create unified directories
with varying levels of information for internal and external use.
External directories might contain only e-mail addresses; internal directories
might include location, phone, fax, cell, home address, etc. |
Enhance User Profiles |
Identity Manager augments user profiles
by adding or synchronizing information such as e-mail address, phone number,
home address, preferences, reporting relationships, hardware assets,
phone, keys, inventory, and more. |
Unify Communications Access |
Identity Manager simplifies network,
phone, pagers, Web, or wireless access for individual users or groups
by synchronizing directories for each to a common management interface. |
Strengthen Partner Relationships |
Identity Manager strengthens partnerships
by creating profiles (employee, customer, etc.) in partner systems
outside the firewall to enable partners to provide immediate service
as needed. |
Improve the Supply Chain |
Identity Manager improves customer services
by recognizing and consolidating instances of multiple accounts
per customer. |
Build Customer Loyalty |
Identity Manager offers new services
in response to recognizing customer needs as a result of viewing
data in one place that was previously isolated in separate applications
or areas. |
Customize Service |
Identity Manager provides users (employees,
customers, partners, etc.) with profiles complete with synchronized information,
including relationships, status, and service records.
These profiles can be used to provide varying levels of access to
services and information, and offer real-time, customized services
based on a customer's standing. |