Novell Doc: Identity Manager 3.5.1 Installation Guide - An Introduction to Identity Manager

1.1 An Introduction to Identity Manager

Novell® Identity Manager is an award-winning data-sharing and synchronization solution that revolutionizes how you manage data. This service leverages a central data store—your Identity Vault—to synchronize, transform, and distribute information across applications, databases, and directories.

But Identity Manager is much more than that. Some of the features of Identity Manager include:

Password synchronization
Password self-service
Logging and auditing services
User management through the User Application
Workflow provisioning
E-mail notification
Designing drivers and policies through the Designer utility

To see what’s new about these components in this version of Identity Manager, see Section 1.3, What’s New in Identity Manager 3.5.1?. For a better view of the different components and services that make up Identity Manager, see Section 1.4, Identity Manager Installation Programs and Services.

Identity Manager lets a connected system (such as SAP*, PeopleSoft*, Lotus^* Notes*, Microsoft* Exchange, Active Directory*, and others) do the following:

Share data with the Identity Vault.
Synchronize and transform shared data with the Identity Vault when it is modified in connected systems.
Synchronize and transform shared data with connected systems when the data is modified in the Identity Vault.

Identity Manager does this by providing a bidirectional framework that allows administrators to specify the data that flows from the Identity Vault to the application and from the application to the Identity Vault. The framework uses XML to provide data and event translation capabilities that convert Identity Vault data and events into the specified application-specific format. It also converts application-specific formats into a format that can be understood by the Identity Vault. All interactions with the application take place using the application’s native API.

Identity Manager lets you select only the attributes and classes that correspond to relevant connected system-specific records and fields. For example, a directory data store can choose to share User objects with a Human Resources data store, but not share network resource objects such as servers, printers, and volumes. The Human Resources datastore can in turn share users’ given names, surnames, initials, telephone numbers, and work locations with other personnel without sharing the users’ more personal information (such as family information and employment history).

If the Identity Vault doesn’t have classes or attributes for data you want to share with other applications, you can extend the eDirectory™ schema to include them. In this case, your Identity Vault becomes a repository of information that it does not need, but which other applications can use. The application-specific data store maintains the repository for the information that is required only by the application.

Identity Manager accomplishes the following tasks:

Uses events to capture changes in the Identity Vault.
Centralizes or distributes data management by acting as a hub to pull all data together.
Exposes directory data in XML format, allowing it to be used and shared by XML applications or applications integrated through Identity Manager.
Carefully maintains associations between Identity Vault objects and objects within all other integrated systems, in order to ensure that data changes are appropriately reflected across all connected systems.

Policies are the key to synchronizing data. A policy:

Controls the flow of data using specific filters that govern data elements defined in the system.
Enforces authoritative data sources by using permissions and filters.
Applies rules to data store data that is in an XML format. These rules govern the interpretation and transformation of the data as changes flow through Identity Manager.
Transforms the data from XML into virtually any data format. This allows Identity Manager to share data with any application.

With Identity Manager, your business can simplify HR processes, reduce data management costs, build customer relationships through highly customized service, and remove interoperability barriers that inhibit success. Below are several example activities that Identity Manager enables:

Table 1-1 What Identity Manager Can Do For You

Activity	Identity Manager Solution
Manage User Accounts	With a single operation: Identity Manager immediately grants or removes access to resources for an employee. Identity Manager provides automated employee provisioning capability, to give a new employee access to network, e-mail, applications, resources, and so forth. Through workflow provisioning, this process can be set up to initiate an approval process. Identity Manager can also restrict or disable access upon termination or leave.
Track and Integrate Asset Inventory	Identity Manager can add profiles for all asset inventory items (computers, monitors, phones, library resources, chairs, desks, etc.) to the Identity Vault and integrate them with user profiles such as individuals, departments, or organizations.
Automate White/Yellow Page Directories	Identity Manager can create unified directories with varying levels of information for internal and external use. External directories might contain only e-mail addresses; internal directories might include location, phone, fax, cell, home address, etc.
Enhance User Profiles	Identity Manager augments user profiles by adding or synchronizing information such as e-mail address, phone number, home address, preferences, reporting relationships, hardware assets, phone, keys, inventory, and more.
Unify Communications Access	Identity Manager simplifies network, phone, pagers, Web, or wireless access for individual users or groups by synchronizing directories for each to a common management interface.
Strengthen Partner Relationships	Identity Manager strengthens partnerships by creating profiles (employee, customer, etc.) in partner systems outside the firewall to enable partners to provide immediate service as needed.
Improve the Supply Chain	Identity Manager improves customer services by recognizing and consolidating instances of multiple accounts per customer.
Build Customer Loyalty	Identity Manager offers new services in recognizing customer needs to view data in one place instead of having it isolated in separate applications or areas.
Customize Service	Identity Manager provides users (employees, customers, partners, etc.) with profiles complete with synchronized information, including relationships, status, and service records. These profiles can be used to provide varying levels of access to services and information, and offer real-time, customized services based on a customer's standing.
Password Management	Through the User Application, administrators can set up challenge/response questions, as well as allow users to set their own passwords. The Client Login Extension for Novell Identity Manager 3.5.1 facilitates password self-service by adding a link to the Novell and Microsoft GINA login clients. The clients allow access to the Identity Manager User Application Password Self-Service feature. If the Identity Manager driver supports password synchronization, passwords can be synchronized across connected systems.