1.0 Overview

The Novell Identity Manager user application is a powerful Web application designed to provide a rich, intuitive, highly configurable, highly administrable user experience atop a sophisticated identity-services framework. When used in conjunction with the Provisioning Module for Identity Manager and Novell Audit, the Identity Manager user application provides a complete, end-to-end provisioning solution that’s secure, scalable, and easy to manage.

The user application offers the following Web-based end user features:

For the system administrator, the user application offers a rich assortment of configuration and administration capabilities, including:

A more complete listing of features and capabilities is shown in the table below.

Feature

Description

Standards-based, browser-agnostic, extensible Web-UI user environment

Administrator can change page layouts, default (home) page, add new pages, and modify overall appearance (themes).

The user application is extensible through the addition of JSR-168 compliant portlets.

Provisioning workflows (with Provisioning Module installed)

The administrator can create tailored workflows for processing provisioning requests.

Those workflows can in turn be initiated by end-users who have the appropriate rights.

Event-driven workflows (with Provisioning Module installed)

In addition to user-initiated workflows, the administrator can configure workflows in such a way that they are fired automatically when specified events occur in the identity vault.

Enhanced White Pages

Display user information alphabetically, geographically, by skill set, and so forth.

Organization Chart

The user application includes an advanced organizational charting portlet that leverages AJAX to give a richly interactive experience.

User Search

The user can perform searches on identities and save custom search definitions for later reuse.

Password Self-Service

The user application allows end users to access password management functions, eliminating Help Desk calls.

Lightweight User Administration

The user application allows end-users who are non-IT-administrators to perform a limited set of identity management chores.

Eclipse-based Designer

System administrators, developers, consultants, and other IT specialists can perform a variety of configuration and other tasks quickly and easily with the Designer application. For example, the Designer allows one to work offline with entity definitions and relationships, driver policies and filters, and a variety of driver and driver-set configuration tasks. Changes can be saved in a project and/or uploaded to the identity vault.

Proxy Roles (with Provisioning Module installed)

The user application user interface allows appropriately qualified individuals to define proxy roles for specific users. (A proxy can perform tasks on behalf of another user, with all the rights of the other user.)

Delegation of Tasks (with Provisioning Module installed)

The user interface allows managers (and users with appropriate rights) to set up automatic delegation of tasks to peers based on a given user’s unavailability. The delegation is fine-grained in that specific types of tasks can be delegated to different individuals.

Directory abstraction layer

The runtime framework isolates Web application logic from the low-level mechanics of identity vault access and workflow, for a secure, robust directory abstraction architecture. Isolation is achieved via a mediation layer known as the directory abstraction layer (or just abstraction layer).

Access control on all user-facing data

The abstraction layer (which leverages eDirectory’s sophisticated Effective Rights model) automatically limits the visibility of identity data and workflows, as well as the user’s right to modify data, in a way that’s transparent to the user and transparent even to the portlets themselves.

End-user Identity Data Verification

The user application provides a means for users to view and validate/update their own identity information, as it is represented within the identity vault.

Flexible logging

Easily log a wide variety of events to a server log (via log4j) or to Novell Audit, or both.

Novell Audit Reports

The product includes pre-templated Crystal Reports that reflect common reporting tasks relating to provisioning.

High availability

The user application and approval flow elements of the product can be clustered for scalability.

IMPORTANT:In this version of the Provisioning Module, automatic fail-over of in-process workflow instances is not supported. An in-process flow that has been interrupted can, however, be continued to completion on remaining server nodes with a manual intervention step.

E-mail template management UI

Associate and customize e-mail templates for workflows, using iManager.

Accessory portlets

A variety of ready-to-use portlets come with the user application, including portlets for GroupWise, Exchange, Lotus Notes, Web-mail, Network File, NetStorage, HTML, Shortcut, RSS, and Message portlets.

These features are in addition to the standard functionalities offered by Identity Manager. See the Identity Manager Administrator’s Guide for more information on the product’s standard feature set.