1.1 An Introduction to Identity Manager

Novell® Identity Manager is an award-winning data-sharing and synchronization solution that revolutionizes how you manage data. This service leverages a central datastore, your Identity Vault, to synchronize, transform, and distribute information across applications, databases, and directories.

When data from one system changes, the Metadirectory engine included in Identity Manager detects and propagates these changes to other connected systems based on the business rules you define. This solution enables you to enforce authoritative data sources for any particular piece of data (for example, an HR application owns a user's ID, while a messaging system might own a user's e-mail account information).

Identity Manager lets a connected system (such as SAP*, PeopleSoft*, Lotus Notes*, Microsoft* Exchange, Active Directory*, and others) do the following:

Identity Manager does this by providing a bidirectional framework that allows administrators to specify which data flows from the Identity Vault to the application and from the application to the Identity Vault. The framework uses XML to provide data and event translation capabilities that convert Identity Vault data and events into the specified application-specific format. It also converts application-specific formats into a format that can be understood by the Identity Vault. All interactions with the application take place using the application’s native API.

Identity Manager lets you select only the attributes and classes that correspond to relevant connected system-specific records and fields. For example, a directory datastore can choose to share User-type objects with a Human Resources datastore, but not share network resource objects such as Servers, Printers, and Volumes. The Human Resources datastore can in turn share users’ given names, surnames, initials, telephone numbers, and work locations with a but not share the users’ family information and employment history.

If the Identity Vault doesn’t have classes or attributes for data you want to share with other applications, you can extend the eDirectory schema to include them. In this case, your Identity Vault becomes a repository of information that it does not need, but which other applications can use. The application-specific datastore maintains the repository for the information that is required only by the application.

Identity Manager accomplishes the following tasks:

With Identity Manager, your business can simplify HR processes, reduce data management costs, build customer relationships through highly customized service, and remove interoperability barriers that inhibit success. Below are several example activities that Identity Manager enables:

Table 1-1 What Identity Manager Can Do For You


Identity Manager Solution

Manage User Accounts

With a single operation:

Identity Manager almost immediately grants or removes access for an employee to resources.

Identity Manager provides automated employee provisioning capability, to give a new employee access to network, e-mail, applications, resources, and so forth.

Identity Manager can also restrict or disable access upon termination or leave.

Track and Integrate Asset Inventory

Identity Manager can add profiles for all asset inventory items (computers, monitors, phones, library resources, chairs, desks, etc.) to the Identity Vault and integrate them with user profiles such as individuals, departments, or organizations.

Automate White/Yellow Page Directories

Identity Manager can create unified directories with varying levels of information for internal and external use. External directories might contain only e-mail addresses; internal directories might include location, phone, fax, cell, home address, etc.

Enhance User Profiles

Identity Manager augments user profiles by adding or synchronizing information such as e-mail address, phone number, home address, preferences, reporting relationships, hardware assets, phone, keys, inventory, and more.

Unify Communications Access

Identity Manager simplifies network, phone, pagers, Web, or wireless access for individual users or groups by synchronizing directories for each to a common management interface.

Strengthen Partner Relationships

Identity Manager strengthens partnerships by creating profiles (employee, customer, etc.) in partner systems outside the firewall to enable partners to provide immediate service as needed.

Improve the Supply Chain

Identity Manager improves customer services by recognizing and consolidating instances of multiple accounts per customer.

Build Customer Loyalty

Identity Manager offers new services in response to recognizing customer needs as a result of viewing data in one place that was previously isolated in separate applications or areas.

Customize Service

Identity Manager provides users (employees, customers, partners, etc.) with profiles complete with synchronized information, including relationships, status, and service records.

These profiles can be used to provide varying levels of access to services and information, and offer real-time, customized services based on a customer's standing.