2.6 Features That Require Identity Manager 3. x Engines

The following features in Designer 2.1 won’t work on Identity Manager engines that were installed earlier than Identity Manager 3.0:

2.6.1 Driver Set and Driver Log Events

Driver Set Log Events

To identify non-functional properties for a driver set:

  1. Right-click a driver set in the Modeler.

  2. Select Properties.

  3. Select Driver Set Log Level > Log Specific Events.

    The option to log specific events
  4. Click the Expand icon.

    The Expand icon
  5. Select options.

    Items that have the earlier-version icon The Version icon won’t work on Identity Manager engines earlier than 3.0.

Driver Log Events

To identify non-functional properties for a driver:

  1. Right-click a driver in the Modeler.

  2. Select Properties.

  3. Select Driver Log Level > Log Specific Events.

    The option to log specific events

    If this option is dimmed, the driver is using properties from the driver set.

  4. Click the Expand icon.

    The Expand icon
  5. Select options.

    Items that have the earlier-version icon The Version icon won’t work on Identity Manager engines earlier than 3.0.

2.6.2 Policy Script

The following changes were made in the Policy Script for Identity Manager 3.

  • Added do-implement-entitlement. Updated do-for-each to include implied do-implement-entitlement.

  • Updated token-entitlement, token-added-entitlement, and token-removed-entitlement to return entitlement-impl in a node-set context and to change behavior relative to granted vs. revoked entitlements.

  • Updated if-entitlement to change behavior relative to granted vs. revoked entitlements.

  • Changed all usages of “nodeset” to “node-set” to make terminology consistent.

  • Updated comment to add support for multiple comments and comment names.

2.6.3 Support for Entitlements

Entitlements created in Designer 1.1 won’t work on Identity Manager engines earlier than Identity Manager 3.0.

The following table compares entitlements in Identity Manager 2 with entitlements in Identity Manager 3.0.

Table 2-1 Comparison: Entitlements in Identity Manager 2 and Identity Manager 3

Identity Manager 2

Identity Manager 3

Entitlement definitions existed only as XML in the driver manifest on a DirXML® Driver object.

Entitlement definitions are stored as a DirXML Entitlement object contained by a DirXML Driver object.

Entitlements are implemented by using driver policies.

Entitlements are implemented by using driver policies.

Role-based entitlements can use dynamic membership (default) or static include/exclude (additional).

Role-based entitlements can use dynamic membership (default) or static include/exclude (additional).

No workflow entitlements

Provides workflow entitlements.

Entitlements are granted and revoked through the addition of an aux class’s attribute to an object.

Entitlements are granted and revoked through the addition of an aux class’s attribute to an object.

No status tracking.

Status tracking through the Identity Manager engine into one of the aux class’s attributes.

Only one Entitlement Service Driver can run in a driver set.

Only one Entitlement Service Driver can run in a driver set.

A driver set can be associated with only one server.

A driver set can be associated with multiple servers.

You can access the Entitlements Wizard from the Modeler or from the Outline view.

From the Modeler:

  1. Right-click a driver.

  2. Select Entitlements > Add Entitlements.

From the Outline View:

  1. Right-click a driver.

  2. Select Add Entitlements.

2.6.4 Support for Workflow-Based Provisioning

Workflow-based provisioning is the process of managing user access to secure resources in an organization. Users request resources, and one or more individuals (including delegates or proxies) with approval rights can approve or deny the request. Users can view the status of requests.

Support for workflow-based provisioning is a key feature of Identity Manager 3. It is not supported in Identity Manager 2.