1.1 About the User Application

The Identity Manager User Application is the business user’s view into the information, resources, and capabilities of Identity Manager. The User Application is a browser-based Web application that gives the user the ability to perform a variety of identity self-service tasks. In addition, when used in conjunction with the Provisioning Module and Novell Audit®, the User Application provides a complete, end-to-end provisioning solution, giving users the ability to initiate and manage provisioning requests and approvals. The Identity Manager User Application is secure, scalable, and easy to manage.

The User Application enables you to address the following business needs:

1.1.1 About Identity Self-Service

Identity is the foundation of the User Application. The application uses identity as the basis for authorizing users access to systems, applications, and databases. Each user’s unique identifier—and each user’s roles—comes with specific access rights to identity data. For example, users who are identified as managers can access salary information about their direct reports, but not about other employees in their organization.

The Identity Self-Service tab within the application gives users a convenient way to display and work with identity information. It enables your organization to be more responsive by giving users access to the information they need whenever they need it. For example, users might use the Identity Self-Service tab to:

  • Manage their own user accounts directly

  • Look up other users and groups in the organization on demand

  • Visualize how those users and groups are related

  • List applications with which they are associated

The User Application Administrator is responsible for setting up the contents of the Identity Self-Service tab. What business users can see and do is typically determined by how the application has been configured, by their job requirements and level of authority.

1.1.2 About Workflow-Based Provisioning

A key feature of the Identity Manager User Application is workflow-based provisioning, which enables you to automate the approval and revocation of user access to your organization’s secure resources. Resources can include digital entities such as user accounts, computers, and databases.

The User Application’s Requests & Approvals tab gives users a convenient way to make requests for resources. A provisioning request is a user or system action intended to grant or revoke resources. Provisioning requests can be initiated directly by the user (through the Requests & Approvals tab), or indirectly in response to events occurring in the Identity Vault.

When a provisioning request requires permission from one or more individuals in an organization, the request starts one or more workflows. The workflows coordinate the approvals needed to fulfill the request. Some provisioning requests require approval from a single individual; others require approval from several individuals. In some instances, a request can be fulfilled without any approvals. A successful provisioning request results in a provisioned resource. Provisioned resources are mapped to Identity Manager entitlements.

By default, the Requests & Approvals tab in the User Application does not display any provisioning requests. To configure a provisioning request a designer familiar with your business needs creates a provisioning request definition, which binds the resource to a workflow. The designer can configure workflows that proceed in a sequential fashion, with each approval step being performed in order, or workflows that proceed in a parallel fashion. A parallel workflow allows more than one user to act on a workflow task concurrently.

Identity Manager provides a set of Eclipse-based tools for designing the data and the flow of control within the workflows. In addition, Identity Manager provides a set of Web-based tools that provide the ability to configure existing provisioning requests, manage workflows that are in process, and define teams and team rights. For more information, see Section 1.4, Design and Configuration Tools

The Provisioning Application Administrator is responsible for managing the workflow-based provisioning features of the User Application. For more information, see Section 1.3, User Application User Types