The Identity Manager User Application is the business user’s view into the information, resources, and capabilities of Identity Manager. The User Application is a browser-based Web application that gives the user the ability to perform a variety of identity self-service tasks. In addition, when used in conjunction with the Provisioning Module and Novell Audit®, the User Application provides a complete, end-to-end provisioning solution, giving users the ability to initiate and manage provisioning requests and approvals. The Identity Manager User Application is secure, scalable, and easy to manage.
The User Application enables you to address the following business needs:
Providing user self-service, allowing a new user to self-register, and providing access to anonymous or guest users.
The User Application provides a set of portlets for managing identity information for employees. You can use the portlets as-is or customize them to deliver the following identity management services:
Create a directory object or launch a workflow to create objects.
Search identity data for white pages, yellow pages, green pages.
View and modify user profiles and attributes.
For more information, see Section IV, Portlet Reference.
Ensuring that access to corporate resources complies with organizational policies and that provisioning occurs within the context of the corporate security policy.
You can grant users access to identity data within the guidelines of corporate security policies.
For more information, see Section 2.2, Security.
Reducing the administrative burden of entering, updating, and deleting user information across all systems in the enterprise.
You can create customized workflows to provide a Web-based interface for users to manipulate distributed identity data triggering workflows as necessary.
For more information, see Section V, Configuring and Managing Provisioning Workflows.
Managing manual and automated provisioning of identities, services, resources, and assets, and supporting complex workflows.
You can implement manual provisioning by creating workflows that route provisioning requests to one or more authorities. For automated provisioning, you can configure the User Application to start workflows automatically in response to events occurring in the Identity Vault.
For more information, see Section V, Configuring and Managing Provisioning Workflows.
Identity is the foundation of the User Application. The application uses identity as the basis for authorizing users access to systems, applications, and databases. Each user’s unique identifier—and each user’s roles—comes with specific access rights to identity data. For example, users who are identified as managers can access salary information about their direct reports, but not about other employees in their organization.
The tab within the application gives users a convenient way to display and work with identity information. It enables your organization to be more responsive by giving users access to the information they need whenever they need it. For example, users might use the tab to:
Manage their own user accounts directly
Look up other users and groups in the organization on demand
Visualize how those users and groups are related
List applications with which they are associated
The User Application Administrator is responsible for setting up the contents of the tab. What business users can see and do is typically determined by how the application has been configured, by their job requirements and level of authority.
A key feature of the Identity Manager User Application is workflow-based provisioning, which enables you to automate the approval and revocation of user access to your organization’s secure resources. Resources can include digital entities such as user accounts, computers, and databases.
The User Application’s tab gives users a convenient way to make requests for resources. A provisioning request is a user or system action intended to grant or revoke resources. Provisioning requests can be initiated directly by the user (through the tab), or indirectly in response to events occurring in the Identity Vault.
When a provisioning request requires permission from one or more individuals in an organization, the request starts one or more workflows. The workflows coordinate the approvals needed to fulfill the request. Some provisioning requests require approval from a single individual; others require approval from several individuals. In some instances, a request can be fulfilled without any approvals. A successful provisioning request results in a . Provisioned resources are mapped to Identity Manager entitlements.
By default, the tab in the User Application does not display any provisioning requests. To configure a provisioning request a designer familiar with your business needs creates a provisioning request definition, which binds the resource to a workflow. The designer can configure workflows that proceed in a sequential fashion, with each approval step being performed in order, or workflows that proceed in a parallel fashion. A parallel workflow allows more than one user to act on a workflow task concurrently.
Identity Manager provides a set of Eclipse-based tools for designing the data and the flow of control within the workflows. In addition, Identity Manager provides a set of Web-based tools that provide the ability to configure existing provisioning requests, manage workflows that are in process, and define teams and team rights. For more information, see Section 1.4, Design and Configuration Tools
The Provisioning Application Administrator is responsible for managing the workflow-based provisioning features of the User Application. For more information, see Section 1.3, User Application User Types