Novell® Identity Manager is an award-winning data-sharing and synchronization solution that revolutionizes how you manage data. This service leverages a central datastore, your Identity Vault, to synchronize, transform, and distribute information across applications, databases, and directories.
When data from one system changes, the Metadirectory engine included in Identity Manager detects and propagates these changes to other connected systems based on the business rules you define. This solution enables you to enforce authoritative data sources for any particular piece of data (for example, an HR application owns a user's ID, while a messaging system might own a user's e-mail account information).
Identity Manager lets a connected system (such as SAP*, PeopleSoft*, Lotus Notes*, Microsoft* Exchange, Active Directory*, and others) do the following:
Share data with the Identity Vault.
Synchronize and transform shared data with the Identity Vault when it is modified in connected systems.
Synchronize and transform shared data with connected systems when the data is modified in the Identity Vault.
Identity Manager does this by providing a bidirectional framework that allows administrators to specify which data flows from the Identity Vault to the application and from the application to the Identity Vault. The framework uses XML to provide data and event translation capabilities that convert Identity Vault data and events into the specified application-specific format. It also converts application-specific formats into a format that can be understood by the Identity Vault. All interactions with the application take place using the application’s native API.
Identity Manager lets you select only the attributes and classes that correspond to relevant connected system-specific records and fields. For example, a directory datastore can choose to share User-type objects with a Human Resources datastore, but not share network resource objects such as Servers, Printers, and Volumes. The Human Resources datastore can in turn share users’ given names, surnames, initials, telephone numbers, and work locations with a but not share the users’ family information and employment history.
If the Identity Vault doesn’t have classes or attributes for data you want to share with other applications, you can extend the eDirectory schema to include them. In this case, your Identity Vault becomes a repository of information that it does not need, but which other applications can use. The application-specific datastore maintains the repository for the information that is required only by the application.
Identity Manager accomplishes the following tasks:
Uses events to capture changes in the Identity Vault.
Centralizes or distributes data management by acting as a hub to pull all data together.
Exposes directory data in XML format, allowing it to be used and shared by XML applications or applications integrated through Identity Manager.
Controls the flow of data using specific filters that govern data elements defined in the system.
Enforces authoritative data sources by using permissions and filters.
Applies rules to datastore data that is in an XML format. These rules govern the interpretation and transformation of the data as changes flow through Identity Manager.
Transforms the data from XML into virtually any data format. This provides Identity Manager the ability to share data with any application.
Carefully maintains associations between Identity Vault objects and objects within all other integrated systems, in order to ensure that data changes are appropriately reflected across all connected systems.
With Identity Manager, your business can simplify HR processes, reduce data management costs, build customer relationships through highly customized service, and remove interoperability barriers that inhibit success. Below are several example activities that Identity Manager enables:
Table 1-1 What Identity Manager Can Do For You