1.1 How Identity Manager Works

Novell® Identity Manager is a collection of products that provide the following capabilities:

Identity Manager provides these capabilities through a number of components, as shown in the following figure.

Figure 1-1 Identity Manager Functionality

For more information on how Identity Manager components work together, see the Identity Manager 3.6 Overview manual.

1.1.1 Data Synchronization

Simply put, data synchronization is the ability to move data that has been changed in one location to a different location. Data synchronization can include password synchronization, but it is not limited to that because Identity Manager can synchronize any data that is stored in a connected system that has access to the Identity Vault.

Data synchronization, including password synchronization, is provided by the five base components of the Identity Manager solution: the Identity Vault, Metadirectory engine, drivers, Remote Loader, and connected applications. For more information about data synchronization, see Data Synchronization in the Identity Manager 3.6 Overview.

1.1.2 Workflow

Through the User Application, Identity Manager provides the means to perform such functions as workflow approval, role assignments, attestation, and identity self-service. The User Application is a browser-based Web application that allows you to initiate provisioning and role assignment requests, as well as manage the approval process for these requests.

Workflow approval allows users to request access to networking resources, which can include an approval process involving one or more managers. For more information about the User Application, see Workflow in the Identity Manager 3.6 Overview.

1.1.3 Role Assignments

Role assignments allow users to receive access to network resources that have been assigned to them. You can receive access to role assignments either at an individual level or at a group membership level.

The Roles Module Administrator can create new roles; modify existing roles; remove roles; modify relationships between roles; grant or revoke role assignments for users; and create, modify, and remove Separation of Duties constraints. For more information about Roles based provisioning, see the Identity Manager Roles Based Provisioning Module 3.7 documentation.

1.1.4 Attestation

Attestation allows your organization to assure that user access to resources does not break any corporate or government regulations. Using this process, individual users can validate their own profile information, and roles managers can validate role assignments and Separation of Duties violations.

For more information about attestation, see “Section 20.0, Making Attestation Requests” in the Identity Manager Roles Based Provisioning Module 3.7 User Application User Guide.

1.1.5 Self-Service

The self-service capabilities of Identity Manager allow users to edit their own profiles, search a directory, change their passwords (including password hints and challenge responses), review password status, and, if authorized, create accounts for new users or groups. If you are an administrator, you can also view reports on the applications that are associated with a user.

For more information about Identity Manager’s self-service capabilities, see the Identity Manager Roles Based Provisioning Module 3.7 User Application User Guide.

1.1.6 Auditing and Reporting

Identity Manager uses a platform agent to capture events from the Identity Vault and tracks those events through either the Novell Audit or the Novell Sentinel™ system. Novell Audit is a centralized, cross-platform auditing service that collects event data from applications across multiple platforms and writes the data to a data store. Novell Sentinel is a security information and event management (SIEM) solution that automates the collection, analysis, and reporting of system network, application, and security logs.

For a more complete introduction to Novell Audit, see the Novell Audit site. For a more complete introduction to Novell Sentinel, see the Novell Sentinel site.