The Novell® NsureTM Identity Manager Integration Module for Mainframe comes with two provisioning options: Bidirectional and Fan-Out. With these options, you have the full range of capabilities to satisfy your authentication and data provisioning needs.
|
Feature
|
Bidirectional | Fan-Out |
|---|---|---|
|
Data Publishing from Platform to Identity Manager
|
Yes
|
|
|
Data Subscribing from Identity Manager to Platform
|
Yes
|
Yes
|
|
Provisioning to Hundreds of Platforms with a Single Driver
|
|
Yes
|
|
Bidirectional Password Synchronization
|
Yes
|
Yes
|
|
Administrative Password Resets from Platform
|
Yes
|
|
|
Administrative Password Resets to Platform
|
Yes
|
Yes
|
|
End User Password Replication to and from Platform
|
Yes
|
Yes
|
|
Authentication Redirection
|
|
Yes
|
|
Enforcement of Universal Password Rules on Platform Login
|
|
Yes
|
|
Universal Password Replication Support
|
Yes
|
Yes
|
|
Event Triggered Rexx Scripts for Provisioning
|
|
Yes
|
|
Native TSO Command Execution
|
Yes
|
Yes
|
|
Role-Based Entitlements
|
Yes
|
|
|
Nsure Audit Enabled
|
Yes
|
Yes
|
|
Password Self Service Support
|
Yes
|
Yes
|
|
iManager Plug-In
|
Yes
|
Yes
|
|
Password Failure Email Notification Support
|
Yes
|
|
|
API's to Simplify Programmatic Directory Access
|
|
Yes
|
|
Platform
|
Bidirectional Driver Available | Fan-Out Driver Available |
|---|---|---|
|
CA-ACF2*
|
|
Yes
|
|
CA-Top Secret*
|
|
Yes
|
|
RACF*
|
Yes
|
Yes
|
The Bidirectional driver provides complete integration with Identity Manager for full data and password synchronization. This driver provides data customization with Identity Manager policies, using standard security system commands. Each subscribed eDirectoryTM data change event is converted into a security system command. Security system commands are captured and published to Identity Manager for appropriate eDirectory updates.
The MVS RACF Bidirectional driver has two components: the driver shim and its associated policies, and the RACF Event Subsystem. For more information see the MVS RACF Implementation Guide.
The Fan-Out driver provides for delegated logic and control to your system administrators. You can process any Identity Manager data change event with a script on the platform. The Fan-Out driver provides for fan-out to hundreds of systems from a single driver. Authentication redirection provides login support for Universal Password, accessing a central repository for login and password rules. Full bidirectional password synchronization is also supported.
The Fan-Out driver is the natural upgrade path from Novell Account Management. The same extensible scripts are supported to manage users and groups on target platforms, and the same Authentication Services API is supported. In future releases, the Fan-Out driver will provide tighter integration with Identity Manager, while continuing to provide the flexibility to manage all aspects of the user experience using extensible scripts.
The Fan-Out driver has two components: the core driver and Platform Services. The core driver provides event fan-out to target platforms running Platform Services. A single core driver can support many platforms running Platform Services, regardless of platform operating system.
Documentation for the Fan-Out driver for Mainframe is included in the distribution. For the latest version of the documentation, see the Nsure Identity Manager Driver Documentation Web site.
See releasenotes.txt. For the latest support information, see the Novell Support Web site.
Copyright © 2004 Omnibond Systems, LLC. All Rights Reserved. Licensed to Novell, Inc. Portions Copyright © 2004 Novell, Inc. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. eDirectory and Nsure are trademarks of Novell, Inc. All third-party trademarks are the property of their respective owners. A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.